Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
98ST13Qdiy.exe

Overview

General Information

Sample name:98ST13Qdiy.exe
renamed because original name is a hash value
Original sample name:cd727c8fc0303b9a77641cc43061fa6ae9de3a0af40fd525c4a745c1dcdd5965.exe
Analysis ID:1436725
MD5:12450f3dba7ad4bb8f8fa4988011b913
SHA1:b58b07405615dd7c0e1cd159409bab656e507c10
SHA256:cd727c8fc0303b9a77641cc43061fa6ae9de3a0af40fd525c4a745c1dcdd5965
Tags:exeLockbit
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • 98ST13Qdiy.exe (PID: 6824 cmdline: "C:\Users\user\Desktop\98ST13Qdiy.exe" MD5: 12450F3DBA7AD4BB8F8FA4988011B913)
    • splwow64.exe (PID: 7120 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • ECC3.tmp (PID: 2008 cmdline: "C:\ProgramData\ECC3.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 5552 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ONENOTE.EXE (PID: 2212 cmdline: /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{11654E24-2203-4A9E-B419-2712D31E0D54}.xps" 133594708232220000 MD5: 0061760D72416BCF5F2D9FA6564F0BEA)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
98ST13Qdiy.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    98ST13Qdiy.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1876829701.0000000000A24000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
        • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
        • 0xd4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
        00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
          • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
          • 0xd4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
          Click to see the 8 entries
          SourceRuleDescriptionAuthorStrings
          0.0.98ST13Qdiy.exe.730000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            0.0.98ST13Qdiy.exe.730000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.98ST13Qdiy.exe.730000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              0.2.98ST13Qdiy.exe.730000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
              • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
              • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
              No Sigma rule has matched
              No Snort rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: 98ST13Qdiy.exeAvira: detected
              Source: http://lockbitapt.uzAvira URL Cloud: Label: malware
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionAvira URL Cloud: Label: malware
              Source: C:\ProgramData\ECC3.tmpAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionVirustotal: Detection: 10%Perma Link
              Source: http://lockbitapt.uzVirustotal: Detection: 10%Perma Link
              Source: C:\ProgramData\ECC3.tmpReversingLabs: Detection: 83%
              Source: C:\ProgramData\ECC3.tmpVirustotal: Detection: 83%Perma Link
              Source: 98ST13Qdiy.exeVirustotal: Detection: 83%Perma Link
              Source: 98ST13Qdiy.exeReversingLabs: Detection: 86%
              Source: 98ST13Qdiy.exeJoe Sandbox ML: detected
              Source: 98ST13Qdiy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Videos\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Searches\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Saved Games\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Recent\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\Saved Pictures\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\Camera Roll\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\OneDrive\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Music\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Links\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Favorites\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Favorites\Links\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Downloads\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\WKXEWIOTXI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\NIKHQAIQAU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\KATAXZVCPS\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\JSDNGYCOWY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\IPKGELNTQY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\HTAGVDFUIE\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\GAOBCVIQIJ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\AIXACVYBSB\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\ZBEDCJPBEY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\WKXEWIOTXI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\KZWFNRXYKI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\KATAXZVCPS\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\IPKGELNTQY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\HTAGVDFUIE\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\GAOBCVIQIJ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\DTBZGIOOSO\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Contacts\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\3D Objects\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\.ms-ad\wQbYPVKs0.README.txtJump to behavior
              Source: 98ST13Qdiy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073A064 FindFirstFileExW,FindClose,0_2_0073A064
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00735C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00735C34
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073748C FindFirstFileExW,FindNextFileW,0_2_0073748C
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00737560 FindFirstFileExW,FindClose,0_2_00737560
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_0073F264
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_0073763C
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_0040227C FindFirstFileExW,5_2_0040227C
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,5_2_0040152C
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073A440 GetLogicalDriveStringsW,0_2_0073A440

              Networking

              barindex
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionlE
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.oniono
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion1
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl&
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionx
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong`
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion?
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic,
              Source: 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionlE
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.oniono
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion1
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl&
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionx
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong`
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion?
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic,
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionlE
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.oniono
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion1
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl&
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionx
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion]
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong`
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion?
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic,
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, SPLB036.tmp.0.drString found in binary or memory: http://lockbitapt.uz
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.oniono
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion?
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionlE
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionx
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion1
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionl&
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupp.uz
              Source: SPLB036.tmp.0.drString found in binary or memory: http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: http://weather.service.msn.com/data.aspx
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://analysis.windows.net/powerbi/api
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.aadrm.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.aadrm.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.store.office.com/app/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.cortana.ai
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.diagnostics.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.diagnosticssdf.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.microsoftstream.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.microsoftstream.com/api/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.office.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.onedrive.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://api.scheduler.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://apis.live.net/v5.0/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://arc.msn.com/v4/api/selection
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://augloop.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://augloop.office.com/v2
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://autodiscover-s.outlook.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cdn.entity.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://config.edge.skype.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cortana.ai
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cortana.ai/api
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://cr.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://d.docs.live.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dataservice.o365filtering.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dataservice.o365filtering.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dev.cortana.ai
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://devnull.onenote.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://directory.services.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ecs.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ecs.office.com/config/v2/Office
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://edge.skype.com/registrar/prod
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://edge.skype.com/rps
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://entitlement.diagnostics.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://globaldisco.crm.dynamics.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://graph.ppe.windows.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://graph.ppe.windows.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://graph.windows.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://graph.windows.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ic3.teams.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://incidents.diagnostics.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://inclient.store.office.com/gyro/client
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://invites.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://lifecycle.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.microsoftonline.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.microsoftonline.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.windows.local
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://make.powerautomate.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://management.azure.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://management.azure.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.action.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.engagement.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.lifecycle.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://messaging.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://my.microsoftpersonalcontent.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ncus.contentsync.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ncus.pagecontentsync.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officeapps.live.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officeci.azurewebsites.net/api/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officepyservice.office.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officepyservice.office.net/service.functionality
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://onedrive.live.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://onedrive.live.com/embed?
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://otelrules.azureedge.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://otelrules.svc.static.microsoft
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office365.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office365.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://outlook.office365.com/connectors
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pages.store.office.com/review/query
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://powerlift.acompli.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://pushchannel.1drv.ms
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://res.cdn.office.net
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.39
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://res.cdn.office.net/polymer/models
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://settings.outlook.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://shell.suite.office.com:1443
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://skyapi.live.net/Activity/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://staging.cortana.ai
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://store.office.cn/addinstemplate
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://store.office.de/addinstemplate
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://substrate.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://tasks.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://templatesmetadata.office.net/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://web.microsoftstream.com/video/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://webshell.suite.office.com
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://wus2.contentsync.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://wus2.pagecontentsync.
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://www.odwebp.svc.ms
              Source: 4016EC53-5F69-4CF7-8604-A2019113C58F.8.drString found in binary or memory: https://www.yammer.com

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Source: C:\wQbYPVKs0.README.txtDropped file: ########################################################################################Your files are safe! Only modified. (RSA+AES)ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWAREWILL PERMANENTLY CORRUPT IT.DO NOT MODIFY ENCRYPTED FILES.DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able tosolve your problem.We gathered highly confidential/personal data. These data are currently stored ona private server. This server will be immediately destroyed after your payment.If you decide to not pay, we will release your data to public or re-seller.So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or preventyour business from running.You will can send us 2-3 non-important files and we will decrypt it for freeto prove we are able to give your files back. ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:###########################################################################################K2Wh8uHIdLr1Av4QcDfamBiCngE9sq70typSNVXb5jMeFTJYxwROzlZ6Gko3PUWcTpdbU9MF64AO1hDNlZNk9pwmvC7E6TwQ###########################################################################################CONTACT US BY MAIL: pbdgja7el1@tutanota.comCONTACT US BY MAIL 2: Er60t1@proton.meIF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.Jump to dropped file
              Source: Yara matchFile source: 98ST13Qdiy.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1876829701.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1875675549.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1875303206.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 98ST13Qdiy.exe PID: 6824, type: MEMORYSTR
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypteds
              Source: 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypteds
              Source: 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypteds
              Source: SPLB036.tmp.0.drString found in binary or memory : Your data are stolen and encryptedFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile moved: C:\Users\user\Desktop\AIXACVYBSB\XZXHAVGRAG.pdfJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile moved: C:\Users\user\Desktop\AIXACVYBSB\AIXACVYBSB.docxJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile moved: C:\Users\user\Desktop\DVWHKMNFNN.xlsxJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile moved: C:\Users\user\Desktop\VLZDGUKUTZ.pngJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile moved: C:\Users\user\Desktop\DTBZGIOOSO\WUTJSCBCFX.mp3Jump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Videos\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Searches\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Documents\JSDNGYCOWY\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Documents\IPKGELNTQY\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Documents\HTAGVDFUIE\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Documents\GAOBCVIQIJ\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile dropped: C:\Users\user\Documents\DTBZGIOOSO\wQbYPVKs0.README.txt -> decrypt it for freeto prove we are able to give your files back. attention !!! this is your personal id wich you have to send in first letter:###########################################################################################k2wh8uhidlr1av4qcdfambicnge9sq70typsnvxb5jmeftjyxwrozlz6gko3puwctpdbu9mf64ao1hdnlznk9pwmvc7e6twq###########################################################################################contact us by mail: pbdgja7el1@tutanota.comcontact us by mail 2: er60t1@proton.meif you don't contact us within 72 hours, price will be higher.Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\98ST13Qdiy.exe entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99709779456Jump to dropped file
              Source: C:\ProgramData\ECC3.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99709779456Jump to dropped file

              System Summary

              barindex
              Source: 98ST13Qdiy.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.0.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.2.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00739850 NtClose,0_2_00739850
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00740410 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00740410
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073E144 CreateThread,NtClose,0_2_0073E144
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073B5D0 NtQueryInformationToken,0_2_0073B5D0
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073DDD4 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_0073DDD4
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00736654 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_00736654
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00737E28 NtQuerySystemInformation,Sleep,0_2_00737E28
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073B690 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_0073B690
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00738F38 RtlAdjustPrivilege,NtSetInformationThread,0_2_00738F38
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073DBBC NtTerminateProcess,0_2_0073DBBC
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007397A8 NtQuerySystemInformation,0_2_007397A8
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073B390 NtSetInformationThread,NtClose,0_2_0073B390
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00746F90 KiUserCallbackDispatcher,CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,CreateThread,0_2_00746F90
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00737E73 NtQuerySystemInformation,Sleep,0_2_00737E73
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00737E5A NtQuerySystemInformation,Sleep,0_2_00737E5A
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00738F36 RtlAdjustPrivilege,NtSetInformationThread,0_2_00738F36
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007397FA NtQuerySystemInformation,0_2_007397FA
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007397E1 NtQuerySystemInformation,0_2_007397E1
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_00402760 CreateFileW,ReadFile,NtClose,5_2_00402760
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,5_2_0040286C
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,5_2_00402F18
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_00401DC2 NtProtectVirtualMemory,5_2_00401DC2
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_00401D94 NtSetInformationThread,5_2_00401D94
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,5_2_004016B4
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073A65C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_0073A65C
              Source: C:\Windows\splwow64.exeFile created: C:\Windows\system32\spool\PRINTERS\00002.SPLJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007320BC0_2_007320BC
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007380880_2_00738088
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00734D130_2_00734D13
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00734D180_2_00734D18
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007352280_2_00735228
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\ECC3.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess token adjusted: SecurityJump to behavior
              Source: 98ST13Qdiy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 98ST13Qdiy.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.0.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.2.98ST13Qdiy.exe.730000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: ECC3.tmp.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.rans.evad.winEXE@9/822@0/0
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\wQbYPVKs0.README.txtJump to behavior
              Source: C:\ProgramData\ECC3.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4944:120:WilError_03
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeMutant created: \Sessions\1\BaseNamedObjects\Global\d5cfe48e6034b18fb74e8523f757fade
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\AppData\Local\Temp\SPLB036.tmpJump to behavior
              Source: C:\Windows\splwow64.exeFile read: C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-manifest.iniJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 98ST13Qdiy.exeVirustotal: Detection: 83%
              Source: 98ST13Qdiy.exeReversingLabs: Detection: 86%
              Source: unknownProcess created: C:\Users\user\Desktop\98ST13Qdiy.exe "C:\Users\user\Desktop\98ST13Qdiy.exe"
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess created: C:\ProgramData\ECC3.tmp "C:\ProgramData\ECC3.tmp"
              Source: C:\ProgramData\ECC3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NUL
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{11654E24-2203-4A9E-B419-2712D31E0D54}.xps" 133594708232220000
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess created: C:\ProgramData\ECC3.tmp "C:\ProgramData\ECC3.tmp"Jump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NULJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: logoncli.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: gpedit.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: dssec.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: dsuiext.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: ntdsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: authz.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: adsldp.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: mscms.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: coloradapterclient.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: slc.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\ProgramData\ECC3.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
              Source: 98ST13Qdiy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: 98ST13Qdiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: ECC3.tmp.0.drStatic PE information: real checksum: 0x8fd0 should be: 0x4f26
              Source: 98ST13Qdiy.exeStatic PE information: real checksum: 0x30a15 should be: 0x2ecfb
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073357B push 0000006Ah; retf 0_2_00733654
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007335E3 push 0000006Ah; retf 0_2_00733654
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007335E5 push 0000006Ah; retf 0_2_00733654
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073619D pushfd ; iretd 0_2_0073619E
              Source: ECC3.tmp.0.drStatic PE information: section name: .text entropy: 7.985216639497568
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\ProgramData\ECC3.tmpJump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\ProgramData\ECC3.tmpJump to dropped file
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Videos\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Searches\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Saved Games\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Recent\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\Saved Pictures\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Pictures\Camera Roll\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\OneDrive\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Music\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Links\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Favorites\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Favorites\Links\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Downloads\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\WKXEWIOTXI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\NIKHQAIQAU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\KATAXZVCPS\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\JSDNGYCOWY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\IPKGELNTQY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\HTAGVDFUIE\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\GAOBCVIQIJ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Documents\AIXACVYBSB\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\ZBEDCJPBEY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\WKXEWIOTXI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\KZWFNRXYKI\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\KATAXZVCPS\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\IPKGELNTQY\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\HTAGVDFUIE\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\GAOBCVIQIJ\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\DTBZGIOOSO\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\Contacts\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\3D Objects\wQbYPVKs0.README.txtJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeFile created: C:\Users\user\.ms-ad\wQbYPVKs0.README.txtJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: C:\ProgramData\ECC3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NUL
              Source: C:\ProgramData\ECC3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NULJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00739198 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_00739198
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007310D4 0_2_007310D4
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_00401E28 5_2_00401E28
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007310D4 rdtsc 0_2_007310D4
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073A064 FindFirstFileExW,FindClose,0_2_0073A064
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00735C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00735C34
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073748C FindFirstFileExW,FindNextFileW,0_2_0073748C
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00737560 FindFirstFileExW,FindClose,0_2_00737560
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_0073F264
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_0073763C
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_0040227C FindFirstFileExW,5_2_0040227C
              Source: C:\ProgramData\ECC3.tmpCode function: 5_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,5_2_0040152C
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_0073A440 GetLogicalDriveStringsW,0_2_0073A440
              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
              Source: 98ST13Qdiy.exe, 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-Hypervisor-Operational
              Source: ECC3.tmp, 00000005.00000002.1883197695.00000000005E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&22
              Source: 98ST13Qdiy.exe, 00000000.00000002.1876639675.00000000009B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-VID-Analytic
              Source: 98ST13Qdiy.exe, 00000000.00000003.1672736406.00000000009C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Source: C:\ProgramData\ECC3.tmpThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007310D4 rdtsc 0_2_007310D4
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00735A30 LdrLoadDll,0_2_00735A30
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess token adjusted: DebugJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeMemory written: C:\ProgramData\ECC3.tmp base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeProcess created: C:\ProgramData\ECC3.tmp "C:\ProgramData\ECC3.tmp"Jump to behavior
              Source: C:\ProgramData\ECC3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NULJump to behavior
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_007310D4 cpuid 0_2_007310D4
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: EntryPoint,ExitProcess,GetFileAttributesW,GetLastError,FreeLibrary,GetCommandLineA,GetModuleHandleA,GetLocaleInfoW,GetCommandLineW,GetProcAddress,GetLastError,GetLastError,FreeLibrary,CreateDialogParamW,LoadImageW,CreateWindowExW,LoadImageW,LoadMenuW,DefWindowProcW,LoadMenuW,IsDlgButtonChecked,GetDlgItem,LoadImageW,CreateDIBitmap,GetDeviceCaps,SelectObject,CreateFontW,GetPixel,GetDeviceCaps,SetPixel,BitBlt,SelectPalette,GetTextColor,GetTextColor,CreateFontW,CreateSolidBrush,0_2_0074946F
              Source: C:\ProgramData\ECC3.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,5_2_00403983
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeCode function: 0_2_00740410 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00740410
              Source: C:\Users\user\Desktop\98ST13Qdiy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading
              112
              Process Injection
              11
              Masquerading
              OS Credential Dumping311
              Security Software Discovery
              Remote Services1
              Archive Collected Data
              1
              Encrypted Channel
              Exfiltration Over Other Network Medium2
              Data Encrypted for Impact
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading
              11
              Virtualization/Sandbox Evasion
              LSASS Memory1
              Process Discovery
              Remote Desktop ProtocolData from Removable Media1
              Proxy
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
              Process Injection
              Security Account Manager11
              Virtualization/Sandbox Evasion
              SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Obfuscated Files or Information
              NTDS4
              File and Directory Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Software Packing
              LSA Secrets123
              System Information Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Indicator Removal
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              File Deletion
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1436725 Sample: 98ST13Qdiy.exe Startdate: 06/05/2024 Architecture: WINDOWS Score: 100 40 Multi AV Scanner detection for domain / URL 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 7 other signatures 2->46 8 98ST13Qdiy.exe 47 2->8         started        12 ONENOTE.EXE 88 387 2->12         started        process3 file4 24 C:\Users\user\Favorites\Bing.url.wQbYPVKs0, DOS 8->24 dropped 26 C:\Users\user\...\YPSIACHYXW.jpg.wQbYPVKs0, DOS 8->26 dropped 28 C:\ProgramDataCC3.tmp, PE32 8->28 dropped 30 10 other malicious files 8->30 dropped 48 Found potential ransomware demand text 8->48 50 Found Tor onion address 8->50 52 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->52 54 3 other signatures 8->54 14 ECC3.tmp 1 8->14         started        18 splwow64.exe 1 8->18         started        signatures5 process6 file7 32 C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy), data 14->32 dropped 34 C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy), data 14->34 dropped 36 C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy), data 14->36 dropped 38 24 other malicious files 14->38 dropped 56 Antivirus detection for dropped file 14->56 58 Multi AV Scanner detection for dropped file 14->58 60 Contains functionality to detect hardware virtualization (CPUID execution measurement) 14->60 62 3 other signatures 14->62 20 cmd.exe 1 14->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              98ST13Qdiy.exe83%VirustotalBrowse
              98ST13Qdiy.exe87%ReversingLabsWin32.Ransomware.Lockbit
              98ST13Qdiy.exe100%AviraBDS/ZeroAccess.Gen7
              98ST13Qdiy.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\ProgramData\ECC3.tmp100%AviraTR/Crypt.ZPACK.Gen
              C:\ProgramData\ECC3.tmp100%Joe Sandbox ML
              C:\ProgramData\ECC3.tmp83%ReversingLabsWin32.Trojan.Malgent
              C:\ProgramData\ECC3.tmp83%VirustotalBrowse
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://cdn.entity.0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://cortana.ai0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
              https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
              https://otelrules.svc.static.microsoft0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
              https://officeci.azurewebsites.net/api/0%URL Reputationsafe
              https://api.scheduler.0%URL Reputationsafe
              https://my.microsoftpersonalcontent.com0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://api.aadrm.com0%URL Reputationsafe
              https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong0%Avira URL Cloudsafe
              https://dataservice.o365filtering.com/0%URL Reputationsafe
              https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
              https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz0%Avira URL Cloudsafe
              http://lockbitapt.uz100%Avira URL Cloudmalware
              https://ncus.contentsync.0%URL Reputationsafe
              https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
              https://apis.live.net/v5.0/0%URL Reputationsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic0%Avira URL Cloudsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://make.powerautomate.com0%URL Reputationsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
              http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion100%Avira URL Cloudmalware
              https://d.docs.live.net0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion11%VirustotalBrowse
              http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP0%Avira URL Cloudsafe
              https://d.docs.live.net0%VirustotalBrowse
              http://lockbitapt.uz11%VirustotalBrowse
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://api.diagnosticssdf.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                high
                https://login.microsoftonline.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                  high
                  https://shell.suite.office.com:14434016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                    high
                    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                      high
                      https://autodiscover-s.outlook.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                        high
                        https://useraudit.o365auditrealtimeingestion.manage.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                          high
                          https://outlook.office365.com/connectors4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                            high
                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                              high
                              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.oniong98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              unknown
                              https://cdn.entity.4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                              • URL Reputation: safe
                              unknown
                              https://api.addins.omex.office.net/appinfo/query4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                high
                                https://clients.config.office.net/user/v1.0/tenantassociationkey4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                  high
                                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                    high
                                    https://powerlift.acompli.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    https://rpsticket.partnerservices.getmicrosoftkey.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://lookup.onenote.com/lookup/geolocation/v14016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                      high
                                      https://cortana.ai4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                        high
                                        http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionz98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://api.powerbi.com/v1.0/myorg/imports4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                          high
                                          https://cloudfiles.onenote.com/upload.aspx4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                            high
                                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                              high
                                              https://entitlement.diagnosticssdf.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                high
                                                http://lockbitapt.uz98ST13Qdiy.exe, 00000000.00000003.1875303206.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, SPLB036.tmp.0.drtrue
                                                • 11%, Virustotal, Browse
                                                • Avira URL Cloud: malware
                                                unknown
                                                https://api.aadrm.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                unknown
                                                http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionic98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://ofcrecsvcapi-int.azurewebsites.net/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://ic3.teams.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                  high
                                                  https://www.yammer.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                    high
                                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                      high
                                                      https://api.microsoftstream.com/api/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                        high
                                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                          high
                                                          https://cr.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                            high
                                                            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                            • Avira URL Cloud: safe
                                                            low
                                                            https://messagebroker.mobile.m365.svc.cloud.microsoft4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://otelrules.svc.static.microsoft4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFFSPLB036.tmp.0.drfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://portal.office.com/account/?ref=ClientMeControl4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                              high
                                                              https://clients.config.office.net/c2r/v1.0/DeltaAdvisory4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                high
                                                                https://edge.skype.com/registrar/prod4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                  high
                                                                  https://graph.ppe.windows.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                    high
                                                                    https://res.getmicrosoftkey.com/api/redemptionevents4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://powerlift-frontdesk.acompli.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://tasks.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                      high
                                                                      https://officeci.azurewebsites.net/api/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://sr.outlook.office.net/ws/speech/recognize/assistant/work4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                        high
                                                                        https://api.scheduler.4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://my.microsoftpersonalcontent.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://store.office.cn/addinstemplate4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFSPLB036.tmp.0.drtrue
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • 11%, Virustotal, Browse
                                                                        • Avira URL Cloud: malware
                                                                        unknown
                                                                        https://api.aadrm.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://edge.skype.com/rps4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                          high
                                                                          https://outlook.office.com/autosuggest/api/v1/init?cvid=4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                            high
                                                                            https://globaldisco.crm.dynamics.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                              high
                                                                              https://messaging.engagement.office.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                high
                                                                                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                  high
                                                                                  https://dev0-api.acompli.net/autodetect4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://www.odwebp.svc.ms4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://api.diagnosticssdf.office.com/v2/feedback4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                    high
                                                                                    https://api.powerbi.com/v1.0/myorg/groups4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                      high
                                                                                      https://web.microsoftstream.com/video/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                        high
                                                                                        https://api.addins.store.officeppe.com/addinstemplate4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        https://graph.windows.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                          high
                                                                                          https://dataservice.o365filtering.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://officesetup.getmicrosoftkey.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://analysis.windows.net/powerbi/api4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                            high
                                                                                            https://prod-global-autodetect.acompli.net/autodetect4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://substrate.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                              high
                                                                                              https://outlook.office365.com/autodiscover/autodiscover.json4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                high
                                                                                                https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                  high
                                                                                                  https://consent.config.office.com/consentcheckin/v1.0/consents4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                    high
                                                                                                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                      high
                                                                                                      https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                        high
                                                                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                          high
                                                                                                          https://d.docs.live.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                          • 0%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://safelinks.protection.outlook.com/api/GetPolicy4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                            high
                                                                                                            https://ncus.contentsync.4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                              high
                                                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                high
                                                                                                                http://weather.service.msn.com/data.aspx4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                  high
                                                                                                                  https://apis.live.net/v5.0/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://officepyservice.office.net/service.functionality4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                    high
                                                                                                                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                      high
                                                                                                                      https://templatesmetadata.office.net/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                        high
                                                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                          high
                                                                                                                          https://messaging.lifecycle.office.com/4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                            high
                                                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                              high
                                                                                                                              https://pushchannel.1drv.ms4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                high
                                                                                                                                https://management.azure.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                  high
                                                                                                                                  https://outlook.office365.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                    high
                                                                                                                                    http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionP98ST13Qdiy.exe, 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, 98ST13Qdiy.exe, 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    unknown
                                                                                                                                    https://wus2.contentsync.4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    unknown
                                                                                                                                    https://incidents.diagnostics.office.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                      high
                                                                                                                                      https://clients.config.office.net/user/v1.0/ios4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                        high
                                                                                                                                        https://make.powerautomate.com4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        unknown
                                                                                                                                        https://api.addins.omex.office.net/api/addins/search4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                          high
                                                                                                                                          https://insertmedia.bing.office.net/odc/insertmedia4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                            high
                                                                                                                                            https://outlook.office365.com/api/v1.0/me/Activities4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                              high
                                                                                                                                              https://api.office.net4016EC53-5F69-4CF7-8604-A2019113C58F.8.drfalse
                                                                                                                                                high
                                                                                                                                                No contacted IP infos
                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                Analysis ID:1436725
                                                                                                                                                Start date and time:2024-05-06 14:06:08 +02:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 5m 38s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:17
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:98ST13Qdiy.exe
                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                Original Sample Name:cd727c8fc0303b9a77641cc43061fa6ae9de3a0af40fd525c4a745c1dcdd5965.exe
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.rans.evad.winEXE@9/822@0/0
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                • Number of executed functions: 75
                                                                                                                                                • Number of non-executed functions: 6
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, printfilterpipelinesvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.16.112, 52.182.143.208
                                                                                                                                                • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, weu-azsc-config.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-ncus-buff-azsc-000.northcentralus.cloudapp.azure.com, ncus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, us1.roaming1.live.com.akadns.net, ocsp.digicert.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, onedscolprdcus04.centralus.cloudapp.azure.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                TimeTypeDescription
                                                                                                                                                14:07:02API Interceptor128x Sleep call for process: splwow64.exe modified
                                                                                                                                                No context
                                                                                                                                                No context
                                                                                                                                                No context
                                                                                                                                                No context
                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                C:\ProgramData\ECC3.tmpDocument.doc.scr.exeGet hashmaliciousLockBit ransomware, TrojanRansomBrowse
                                                                                                                                                  Rcqcps3y45.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                    LBB.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                      lockbit_unpacked.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                        maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                          maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                            abc.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                              55Seo_SeungJoon44.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                55VpD64eOy.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                  0rzZX3x868.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.485844018905281
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:cdCNoth8qB/cnFiZVzHzdJ1D3lfFvMLJ33n:cdCNMSF0VzTdP3VFvE33n
                                                                                                                                                                    MD5:644335B4C6170B847D87D90F9479EE8A
                                                                                                                                                                    SHA1:7DED1BF580AE9990F704BE5E1EBBF2AEA17D18DC
                                                                                                                                                                    SHA-256:71C4CB798E1DE34416EBF37028B0069C51CC9EBFB4EB0AC7E7817337300D43C6
                                                                                                                                                                    SHA-512:583344459823FBA6448E80306DF292FD9671962049C04C9976FD9FB58BC1FA1D7E449EB5AAEB00B68FC4BC24E104404E411514B6FD45739DEDB69FBFE38CB4B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:. A..M..2.h...P...Mh.....Qc..@.x....y.+ObN.......O>4....A...+....C...e....3..oKi..|.D.~y.W..t...:.>. '.Bff..Yh.w...N.m..K...[~.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.495496053772233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:0X+troAiJgfNmikAq24NrugUivoODXAak7LYn:0Xa8jINVEdrusv5k7k
                                                                                                                                                                    MD5:BC0EE7934511A4D24700C7819C377963
                                                                                                                                                                    SHA1:422C31DEED0C8B57984DBB10B1E09DF62DE4B9AD
                                                                                                                                                                    SHA-256:12B5602A06105F7DDF9E0A6837241A22D4813DB4912D57E63B012DB900539C80
                                                                                                                                                                    SHA-512:5C49D64AACE37B457C96FE4203FFB2DBAFA8C61621AF5F3D6E31D60A6450D2AE080420A251C1CD92BE7085CCA58293123CFDB48F1C5FCDD248D8C2686AB75436
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\..7....dw.......M.4..a,.....|.hda..G....1S........k*N."....,+.a.....N.......]...E..%.......ED........n.#.W.e??...l
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129
                                                                                                                                                                    Entropy (8bit):6.58091892205637
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:XpRLepE5duwRTzHYEk27c5v28uR/15Lt7yNwesW5mY:vLeq5duwRTDYEkO8e/159yNBj5mY
                                                                                                                                                                    MD5:EA5F946C9D68043DCE04F772ABCC12D6
                                                                                                                                                                    SHA1:F2281BB49FDFA59BDF83551CF7557E4E524BD28D
                                                                                                                                                                    SHA-256:42F572D9C84F70227B7D929AE3E6ABCB1D01C117A5925C09E9FF66DFF8C7913D
                                                                                                                                                                    SHA-512:91F9F8C0BAAA97FD7EE04DCCC4E2D4822BF1C1B8AF2CF1E6F42A949C717DD54CBD55B9A0472A00FF242330E987ACE99C775404A8A6AA636BC4F6124A631B7BAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.(.+.....t.=.x.#...|.m.C.l.X........Zv..kS.<...$...J..95d.i.W....]|.........`.} J...O..C[.Z....ut(.q.h."|..X3....P..m8..DU..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14336
                                                                                                                                                                    Entropy (8bit):7.4998500975364095
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:5cFP7VtpK4p+31Mzh79W5vM+ZyUgGq4BtMvAxXCRsi:A7Vf9p+qQ02y5HW6kX
                                                                                                                                                                    MD5:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                    SHA1:97B148C27F3DA29BA7B18D6AEE8A0DB9102F47C9
                                                                                                                                                                    SHA-256:917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                                                                                                                                                                    SHA-512:B87D531890BF1577B9B4AF41DDDB2CDBBFA164CF197BD5987DF3A3075983645A3ACBA443E289B7BFD338422978A104F55298FBFE346872DE0895BDE44ADC89CF
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                    • Antivirus: Virustotal, Detection: 83%, Browse
                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                    • Filename: Document.doc.scr.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: Rcqcps3y45.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: LBB.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: lockbit_unpacked.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: abc.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: 55Seo_SeungJoon44.docx, Detection: malicious, Browse
                                                                                                                                                                    • Filename: 55VpD64eOy.exe, Detection: malicious, Browse
                                                                                                                                                                    • Filename: 0rzZX3x868.docx, Detection: malicious, Browse
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....YPb.................,...........9.......@....@..........................p.......................@......................A..P....`...............................@......................`@.......................@..`............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......4..............@....rsrc........`.......6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):239
                                                                                                                                                                    Entropy (8bit):7.020771148812949
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:ACHhQv+zr2051yGy0u+J0wGBY2UeSCL18FRdkctPqW7GTeDsn:AEU+32051mM/a/S7dkctyWFsn
                                                                                                                                                                    MD5:84273A6816016344358A540E68731540
                                                                                                                                                                    SHA1:5232DBA7258A38DC43395D249C1BFB7E58CE7C66
                                                                                                                                                                    SHA-256:D432BCD02183A7F222BA17F05923FBE9FCC7225CC4C7BF03E8594AA94CF896F3
                                                                                                                                                                    SHA-512:15049C5656468E6CE15C4DE9C307CDBD610B37C11027FBC8260C838F075175D1BF526E82E8E687F9EE55BD61E512F127746D5412F05594F667E501DADD1C9FA9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.#...b..*.....M.8....hOnh[...:bg....cIV^....)OjTBv+~&.g0...p..R....Z.&...e.:..w5.....T....q|3..sda.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):166208
                                                                                                                                                                    Entropy (8bit):5.340930108008871
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:G+C7FPgOsB3U9guwwJQ9DQA+zqzhQik4F77nXmvYd8XRTEwreOR6Y:zIQ9DQA+zqzMXeMT
                                                                                                                                                                    MD5:DB813C33C37F5562CC20992AEE4973F8
                                                                                                                                                                    SHA1:ECC29F3F34514DD11A0E4B2C73C98D442B57157F
                                                                                                                                                                    SHA-256:9A97DD9887474D4C08A25A9B1709932C29FC620A8E33AB2A02FE8A9BC0C61A49
                                                                                                                                                                    SHA-512:FCD7E6854BA1EF1B92FD5A1338B2DBC7663A10AEF6F02885BEFE967B1196AE18851ABEDBB669145B91C1602C81B6493E2ED1DD9AF2B3AC147F5754364E1AF9C8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-05-06T12:07:28">.. Build: 16.0.17629.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):0.09216609452072291
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                    MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                    SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                    SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                    SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:SQLite Rollback Journal
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4616
                                                                                                                                                                    Entropy (8bit):0.1370048545379396
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:7FEG2l+6ol+lll/FllkpMRgSWbNFl/sl+ltlslVlllfll64:7+/l3oEBg9bNFlEs1EP/q4
                                                                                                                                                                    MD5:4D8BA52CA44B62B0AC0F67EF144A31BF
                                                                                                                                                                    SHA1:082FD32487EF4522BE1E1F1F0FA69B741AE6FB68
                                                                                                                                                                    SHA-256:2A1AA40A9E8FBF341D03C62B4F4EE476863F9BF53C520C5292BA54454791C50A
                                                                                                                                                                    SHA-512:D070DB064140F372048E9C3504C4269C49C5F7C26C6679199340E9625399BD684CB4467E674E267F570F2B753699B72EE57EBF6456D6BF457595157D9DBA9AE3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.... .c............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                    Entropy (8bit):0.04482848510499482
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:G4l2dh81fCb+tnTWll4l2dh81fCb+tnT+lL9//Xlvlll1lllwlvlllglbXdbllAC:G4l2AtVW/4l2AtVaL9XXPH4l942U
                                                                                                                                                                    MD5:FC60B7AED23D62FA129D211098D46B95
                                                                                                                                                                    SHA1:BCECB94D27E9200CA804CDBF285C9765E1FE652C
                                                                                                                                                                    SHA-256:D0376802B170AAB6E7C60309FE5F57C254F7A7FCF7A6FB5A77DC40A9F22E60D0
                                                                                                                                                                    SHA-512:A24A4075B875E67842EF1AFECB990B4A94A8692F0FC52A675B1B6D3A6F2A1404741EDFB274AFB4EC23C6A23621C1479E3FD9C7DE29B330502EFBD803F6C5C542
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..-........................n..X....\...$.>.Ht|...-........................n..X....\...$.>.Ht|.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):45352
                                                                                                                                                                    Entropy (8bit):0.39464317958500683
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:KdLCtQ3zRDID11sUll7DBtDi4kZERDk9zqt8VtbDBtDi4kZERDF:ALCQ1UD11sUll7DYMQ9zO8VFDYMZ
                                                                                                                                                                    MD5:E65ADF7BFFDCA57F2DC009C80FAC6868
                                                                                                                                                                    SHA1:9348C294CBBEF5F7AD30641AB8F3D48B31B2372F
                                                                                                                                                                    SHA-256:D82D64FA52EB8E8FA84C832245D2DD5468A437A9BE7A53AC4FA47B108F80C2A8
                                                                                                                                                                    SHA-512:3268C570911ED5361755895D123EDC6F21F14CCAE1CFA61B3E0F3855147637917169C48B82F40B4304822765F0F30A7293532D152A254FC05A1002E3CA3F4F5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:7....-.............\...$1....'xg...........\...$.RT..).ISQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                    Entropy (8bit):4.898194985386174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:J+ZCXoPo+UXO3FGijnTeY25ueMEukDtIyFkqdn8cQ:J+ZCXoQ+UXO3FGijnTe3cENhXnrQ
                                                                                                                                                                    MD5:415FA9AB643EC9E1C85F945E464182D9
                                                                                                                                                                    SHA1:1692284A421F93BC99C3FCFF1E46F01549C78C0F
                                                                                                                                                                    SHA-256:1BCAD9D22CD0498ABC2CFBC97BEDFB97831D39FECE90CBEBE5F5F948CF07A5CE
                                                                                                                                                                    SHA-512:1C7D155AEFEB0C5F178DE5CB2EED0AAB1C1595C5B45F7780C96A46532EA8B935E3DE13F7452333188A5BEF2C0F20B1738B8779C9ABAAFD1B2B26D6E2911CBDED
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........0...........P....Z%.....!..4M\2...........;.H....(...p...........P...H... ...@.......@...X...V..@....pt.."[.Hpt..)"..Z%.....H...(...p...........P.................................................?.................................................................................p.......................................................................................................................................................................................................?........?......................................................................................0.......................n...............................`..@,...@.......0...........P...2.!:*.k....&..{?.................... '...C..@a..@...X............................................?..........................................................................................................................................................................................................................k../........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):0.04401584019170665
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:RRk//:Lk
                                                                                                                                                                    MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                    SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                    SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                    SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):0.49435191318762917
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:NTcUvBnHLcBBpAul/GwJBm1jBX1Mxlcw1EV5fKBX1M/lK:Vc8UAV+mEcQETfp0
                                                                                                                                                                    MD5:88C8E1EDE05F696A5454B7D9FEB35164
                                                                                                                                                                    SHA1:B57634DD795C9C45F4CE7F3BA7BE0271A12D1F2A
                                                                                                                                                                    SHA-256:8DB48C4AAA37F069C1F9420E7BDD8B0060F427B235CAA6AEF114BCB945DC8007
                                                                                                                                                                    SHA-512:69FD9F64FD075CC89C28AEA50DB1FC147586CCD9146FBBA81D4117E55C77E8DC2603D0390AF42A385BA9C92C3C6578C1D9EB05D126F94D009CFC3D8A3E2F7D2E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........~.......................................................................................................................................................................................[.e.....[.e....M....I.cp........................[.e....M....I.cp[.e..................................................[.e.........................................................[.eP..............................................................................5........m;.H....7.5N........7.P.............D&...M....`..'....N...^.............................................................................................................D&...M....`..'............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.859548322456929
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:c9qidq5v+OVHfxz3LPExyw0LaEsrBlkw0LJQNw7asECLeNi8hwEwLwzjul6u:g94NHfxjzExyLigL+NwasECGiFEwoA6
                                                                                                                                                                    MD5:9B1A6F36E1F59FFD37AB00DDCAF7717C
                                                                                                                                                                    SHA1:900F8F571240BAE292D4A99CB3B86AC238CF4A10
                                                                                                                                                                    SHA-256:6BE9B895E05FC6836D1095437881E2E94A7F46A61D202E2B7927CFDF9F28B5B7
                                                                                                                                                                    SHA-512:68DDED662698E690E3A960DDB48741FD93E10915141FBC3142A65D887C72A81EDD469562EBE8979022E8688844C154E6C8F7B2883EC30A1A4160B4D6AD8A3FD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:`... ...................................................................................................................................................`... ...........................................LK......LK.^.....`....N.v;......v;...g....j...........$m....T........2......Y.?.[....LK.^.....`....N.LK...........v;......v;..................................................k6......k6...n@..+.5...v;......v;...g....j...2...^...........................LK...k6..M:.:.R.m.[.....}.........k6T%p...M:T.N..:.RT&...m.[T$...}..T.:..v;...5..v;..."..v;...k......}.......LK...c..,0...e...B4.$..........C@RQ.H..B......Y.....................M:......M:...%B.y}W.,a............2......Y.?......-..?....#.....m.[Vb.V@.I?p.G..m.[..M:...%B.y}W.,a.M:.....>.......(..........2......Y.?.[m.[Vb.V@.I?p.G..M:...%B.y}W.,a.}.......}..|..4O.t#.*6{Gv;......v;...g....j.........k6..........c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):4.7563983328261
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:XsTalUMBQ8EMXgj7gcRiwcfkLmbgLtFM9oO0Eq:c4e8EOgj0cRix0tFQoO0E
                                                                                                                                                                    MD5:2C624E70AB815A29E8B6743FB5F2F8FD
                                                                                                                                                                    SHA1:D7A83E3CD5FF4FD4E2980D418D6EFD90F26797FA
                                                                                                                                                                    SHA-256:6EFBC3920B17E4CB73AFE4A5B6867987758466E869C726C25CCE9AF32C95B55E
                                                                                                                                                                    SHA-512:C72A7BE8501B7E627DAA322A65B15BC589B15358579036A848147869CAA087E180F37AC4900625CAAEE42CDAE442A25D478A0A9D85FF2520659FDD9F1D3C1E4E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ..a.4.....a.+...;.S....]..a.+...;.S....]..a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A...p....N.......N...^...............{j}.y%,M......i............>...............................$....I.qk..B.....LZ............A...p....N...........A...p....N..............a.......a.......a...........................................aj......aT%;....a.......a..W....aH......a..+....a..S....a..........Z4...........................................4../4......p...............C.a.l.i.b.r.i....................a:..ak..a..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.414832959313762
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:PsFy95+wVYlCcNj8LWcl8c/8gPNrKR1/GZmXxAPrRkjBeGKNOG+m9DkTGMq:EEBV1ct4WclHfPNI1/1xATRkjYGKjR1
                                                                                                                                                                    MD5:CEC57335C1C6B0A9F6FBA4B4646A7AEC
                                                                                                                                                                    SHA1:EC23F40B45D200437B48D466E281C753AD47B577
                                                                                                                                                                    SHA-256:E44E4D5697C700DE0821271D22BEB6B733E99DB74700DCA9B96A1164402B3AB1
                                                                                                                                                                    SHA-512:80EA4376BC33EC1E2ACA13BFBE3CDC1D48D162E7D463D93828E9F1FFE0D1AF5FFDD744118FE76EAF3B406710FF1C4D085DC653163E9ADBEEB26C5B55F780623F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZZ.j.H...Z.jS.%...R..../Z.jS.%...R..../Z.j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................F1.....N..L.....N...^.................R..o.C..m.,..............................................."....I.qk..B.....LZ...............F1.....N..L..................................Z.j.....Z.j.....Z.j.........................................Z.jj."..Z.jT....Z.j.....Z.j..T..Z.j.....Z.j .A..Z.j.....Z.j ........Z.j3Z.j:Z.j8Z.j..z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.6667550912905815
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:DU2s5QIjCeZUxBi9Ko2EOhjPiIOWkJ1/gJrT+g3SNOX9XNVRpzRUEWmlViDBM05w:DUTeiCeZ+zEMj6I47/zBg9XDRpu6VA6H
                                                                                                                                                                    MD5:D0A86E466D598074317F025CF512E326
                                                                                                                                                                    SHA1:E664C3323C7D74004B20E0B3FC443608D22FB3A8
                                                                                                                                                                    SHA-256:957296758BC1006E9F3E5E953E8302E6798F2CD5523716078449FB620ABDBB5D
                                                                                                                                                                    SHA-512:5B6DF6EC1F41A9A84EDE913F1B7852C941A6265F50FFD9AB83A590B47143C3C03B9B70DA0497DE004FE5CAE25E52298BB8683CD706DE610C740B67AAD92221A0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZE&..N...E&..W....!P....E&..W....!P....E&...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................[@.1..{.......N...^................&.,S..O..................P....................................I.qk..B.....LZ.................[@.1..{....................................E&......E&......E&..........................................E&.j.9..E&.T....E&......E&..s..E&.H....E&...0..E&...`.&E&.........E&.3E&.:E&.AE&.8E&...z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.916520457794656
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:zjsyIkw9L169cCi6WSq46HqSReYLcs60R6fdxzkBcWq83wt/cj6ozcYncmB6Mqpn:zYyIksLbC0j2SReRvkWvWwtkFQf1O4
                                                                                                                                                                    MD5:24E64819F816C0CC739CC951290083A2
                                                                                                                                                                    SHA1:D8AEFA9F8B81173AD9FA97E157843A5BF797F0E9
                                                                                                                                                                    SHA-256:B40B236344F04B0D7D59EBBC4A908E115104BD83CB13ACDC61ABF91C26B498B8
                                                                                                                                                                    SHA-512:FD2C7FE2C755FAC534195F2238FDE2042116B91D8A98F9D97A88B0796C5034D8EA5DD863B7754A0C397C3F08B267FDB44CC38F3CFF8D521E4FBA9FC2800965AA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>......."...v.......8 ..."......>.......r...v...>...@....!...........................................................................................................................................I.......I.qk..B.....LZM.......M...D7..(^..qd...6)..c...../..x..6).M...D7..(^..qd..M....I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............5....@.?..u_.H.....N...^.................../..A...({8L.............(...............................z....I.qk..B.....LZ............5....@.?..u_.H..................................M.......M.......M...........................................6).8....6)..c...../..x.M.......M...D7..(^..qd..2................................I................................6)H.....6)......6)..d...6)......6) .....6)$.7...6)......6) .........6)!.6)..z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59707
                                                                                                                                                                    Entropy (8bit):7.858445368171059
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                    MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                    SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                    SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                    SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.859691557142926
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:4s5OWiHtxzwOao1eXFtRl0gXCKBy3W9feMBk38:tIDvao1QFtRlvChGfJ
                                                                                                                                                                    MD5:CEA1D6167EEE508BB892FC5852985714
                                                                                                                                                                    SHA1:270A6EB287148D91B06465950D86B88ABBBD26D5
                                                                                                                                                                    SHA-256:76413C0D38C946C394C3F3F6425AC13072420E5A518781530EC2CAC96989D694
                                                                                                                                                                    SHA-512:4B968E0CCC7F0F32AB2CA6AC1766635CEE2C314877CDDC211AED9B18EAD6BB25482BC1B300638170056ACC572238AA987B1ABAA3D1F30A6E6D40FD02385AE54F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZD)..<...D).....0'.8...!D).....0'.8...!D)...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................`....?.-.&.....N...^...............+.^Z.M.C....s.r............................................D....I.qk..B.....LZ.................`....?.-.&..................................D)......D)......D)..........................................D).j....D).T.T..D)......D).|..D)...;..D)...h..D)......D). .W.....'D).2D)...z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y........................D).3D).8D)...z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9.............D).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):5.3676101163451975
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:vGKT99L2bzvfgYB8xUBxIkn7fCAQsbeAifYkQGlkjP5g8izDHTZdo4UyEDGF/DXS:v/PtY6YIczXRuJ7C
                                                                                                                                                                    MD5:EB44AE95E880F1FAEEE1F6F587292B81
                                                                                                                                                                    SHA1:E55EBB1386EDDBAFF245D21AC4F7DB782EE3D059
                                                                                                                                                                    SHA-256:964B7DE2EC6E9BAD38A12E5547E571CA645D383E4F91B60A8083BB657B90D26E
                                                                                                                                                                    SHA-512:B7256B838A23063BD80FAC4596D89F0A945B6D168C0DE7D4A3B42E835F731D8809AA568D6D169E092C1BEC8F6E89329541612B8C294CA27F60781D4CD7BDC473
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:4..@n..@p...............(@..8 ..@M......4..@n..@ ................K..8 ...L..............................................................................4..@n..@8................K..8 ..`L...............t.......t.p#.3C..7...a............7..!.S.....RJ......(.....W.RJ.......ca...J...qd.......R#........T.......................................................................t.T.i..L}.T.............X...............~.........................0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....~.......~..d[.M...2<...0.......0..3S..K.Oe.$.\.2...............P...........T....t......~..KC.....0.....................0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.064674492062062
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:MskGqGGGGHcF/sEau2X+9caTPRLAOGGGssGJGrGG:MsUHcZJau2X+9trRLA
                                                                                                                                                                    MD5:B706A3C6D0ADEDF38F19DE364C7BDA2A
                                                                                                                                                                    SHA1:66E47E1A6CAF529DD39751702899599A4748B8EF
                                                                                                                                                                    SHA-256:37A4F51893CFD0AC7843C3D63F9467F80DA458E3466A6056939CF3ACAA7A7FF1
                                                                                                                                                                    SHA-512:4FAB7333515E33ACD4B1D3B8B0FB2969A1FE90E40572138B888ADECE04E8EA5173A4E9B834938F41A3CA8AD3BEB75D2751466087C6625D8FCDEC012AD6FD915E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ ...... ...8..3.s..=j ...8..3.s..=j ...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............R;/....9.X.Z.f.....N...^...............h>:.a..M..E.............f........................................I.qk..B.....LZ.............R;/....9.X.Z.f..........R;/....9.X.Z.f.......... ...... ...... .......................................... .j.... .T.].. ...... ..B.. .H.... ...B.. ...>.) ...J...................;........4...4...4..".............. .. .. ...z...y.. x.. ...........$........4......7...7........................;........4...4...4......... ...... .....# .............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.120455743378255
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:FsUBt6/A+kEEIX89HaVTxRya6rBABt0BMMBbBABo0B5B1:Fsct6/uRIX896VVRya61YmMUFYHj1
                                                                                                                                                                    MD5:9B8E1C66561A336E2AD7BBB4D86C1B52
                                                                                                                                                                    SHA1:A3617966FF9FCF138526310520E127519C5D66BD
                                                                                                                                                                    SHA-256:665B16E6CE6BD18247E01EEC3699EE24BE11409931EF9BFD8DD4E1532B7B4812
                                                                                                                                                                    SHA-512:6D1FA0CD3CA09AA6C1E459B177F0A20A8F3DF651C3DBD56F8501D877FDB35DDA8DF474A5A0FE163D3C2078ECB0FFEB26DFD5A18D4E2810AAD5C4A40AA45AC822
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.._......._W.(.....4...I.._W.(.....4...I.._..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................T....;.K.M7.....N...^..................`++rL..ubE.K.........f........................................I.qk..B.....LZ...............T....;.K.M7............T....;.K.M7............_......._......._..........................................._j......_T.]...._......._..B...._H......_..B...._..>.).._..J...................;........4...4...4.."................_..._..._..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........._......._....#.._............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.074697881619742
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:9sri4Jankt/Ja+7E3pDqX5q9dyDtToErd6r7IBdXvXLpIg:9synkZx7E3ZqX5q9wDtTVRiCPI
                                                                                                                                                                    MD5:F5B6E145B1F0A2641155D09DB7A7EA38
                                                                                                                                                                    SHA1:F0E0BA84C34D860B0685E2BEF954F15DF8E24F66
                                                                                                                                                                    SHA-256:86A026DA8F99391AF62CE18F24F019FBFBF8DA5D5DC1CB3648D601C9E6E68839
                                                                                                                                                                    SHA-512:FCE2A426202589358B7076C7D4E399FCCAD560F1E1CF29021C760B7A441F5B2498ABFD29804C7C43D7127C9F8BF91F5511A8FCE8084BDEE29D53A31D9735C399
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.........;.....c.jP-'m..;.....c.jP-'m....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................<./.R.23:.....N...^...............-...x./B.T.+$...........f........................................I.qk..B.....LZ..................<./.R.23:...............<./.R.23:.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.0770943919494265
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:3c2s5avG9xxUTtdE30ElXBXWnjB93etnTo89rdnrQIzdXN2qPJkT3FqrvPog:3c2svxxUTXfEFBXoB9UnTLRrd1I
                                                                                                                                                                    MD5:71502013889D323B3D75E05C6894AE76
                                                                                                                                                                    SHA1:F90FA8F03D427D8FB7AE680A3F272C0AB2D23D84
                                                                                                                                                                    SHA-256:41F4E64411CC9E5A3F0B7E9EA3F2C7937CA998FC9D41C236E6A73647B4EB92B9
                                                                                                                                                                    SHA-512:1DF45DA3F2150A446AF6D5E0E434C32C51921D035F19AB8FDEC72EE85F4C5D10E8BE117AB1D1054C2B8F83C99FA2114F0DA122A14C22303CEF75B39F940BD01D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ...........D.Dm..[4..{C...D.Dm..[4..{C.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u.0.8S(.?..[B.......N...^...............h... .I................f........................................I.qk..B.....LZ............u.0.8S(.?..[B...........u.0.8S(.?..[B...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.074789627853398
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:ts53dhwoTEHOXo9a72TMRy34G2dEtjcaWRGYlKP7:ts53dhw/HOXo9a72oRy30dEpca
                                                                                                                                                                    MD5:C953BAA3802218BC0DA48804FADBADF3
                                                                                                                                                                    SHA1:D42BBC329EFCE3A1EA7876E5CE7B0D684993EBF0
                                                                                                                                                                    SHA-256:FD3A66B107654B963A1EDFC7206DCCAED72045C52F8A6818DFCFC55CDFAD1F39
                                                                                                                                                                    SHA-512:C1AD6F7D5BB3A2C3CC9ADC83117CC731506B3178AD58CC94ED13D9666A12EF0C9EB915A3F1DA478957CF614877016D0D5344CFEEAED2BD2598E0CDC9D6A6D241
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..U.......U.9(...........U.9(...........U..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............._MM$sD......`.Y.....N...^...............!8%...&N.L...:o}........f........................................I.qk..B.....LZ............_MM$sD......`.Y........._MM$sD......`.Y............U.......U.......U...........................................Uj......UT.]....U.......U..B....UH......U..B....U..>.)..U..J...................;........4...4...4.."................U...U...U..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........U.......U....#..U............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.066210469216517
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:esAAji3CyEGXk9lqX6QT50RP0J0UCS90FVj:esAAjiSfGXk9w6QSRP0J0UCS90Tj
                                                                                                                                                                    MD5:3718A9DF1685B0B3F46CFF9F8900742B
                                                                                                                                                                    SHA1:F997118C65209B677305B58B0ED99EDA4714FE56
                                                                                                                                                                    SHA-256:074005B6B64AC6DE45F757A4DA01013BD7C92DC88C7DEE78EC81857BB60B21B9
                                                                                                                                                                    SHA-512:1FEFFC3DA7EE2224C87FEB8EFBC1B1CD9250A9ACECA96C1FA4DF592215ED741751C8F3274B8A123EAD2B178DE216F7BCED4A6142CB32509ED31EB161FD91E853
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ..a.......a.$.Z.%........a.$.Z.%........a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............n(.........h)......N...^...............z......K...]RG..........f........................................I.qk..B.....LZ............n(.........h)..........n(.........h).............a.......a.......a...........................................aj......aT.]....a.......a..B....aH......a..B....a..>.)..a..J...................;........4...4...4.."................a...a...a..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........a.......a....#..a............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.054646094305616
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:22WsdGCgvZOQLEYXXM9/pZTFR2aHCtaVzt:ysSvQQIYXXM9/pZJR2a
                                                                                                                                                                    MD5:589A7B5D9DD5F8BFBE9C6EAA8BAD5608
                                                                                                                                                                    SHA1:56AB145A6717D827B0AB568B5F7770848A9ACE7A
                                                                                                                                                                    SHA-256:FED6586FA9F174BF5A488B511002608CA266BF3335AF4F11E04A5FD620A7A21B
                                                                                                                                                                    SHA-512:218EF51EEBF988198CB3ED236CFFEA8533853286888093B2424095657537C45D710D404CDB98E6389076FC71EA071A87EBB77762F973E7BCAA57789CBB1AF2C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZHq......Hq.R..7...MF...DHq.R..7...MF...DHq...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e.g..W.-:.e.1......N...^................V6...J......;.........f........................................I.qk..B.....LZ.............e.g..W.-:.e.1...........e.g..W.-:.e.1...........Hq......Hq......Hq..........................................Hq.j....Hq.T.]..Hq......Hq...B..Hq.H....Hq...B..Hq...>.)Hq...J...................;........4...4...4.."..............Hq..Hq..Hq...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Hq......Hq.....#Hq.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.07774828303831
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YJsiTJdIK6rtsGyCEn6rdXA9WqV4cpVMToTrdvlxrIIodXABS2R19ZdJSO47S:KsIJ96rjEIXA9L4mMT6RHqYSS5JSO47
                                                                                                                                                                    MD5:E0D3BE5FFB51E4E3509AE8EDEA8C5AD0
                                                                                                                                                                    SHA1:6C5CAD2C51E533299007AED32CD680CEEA27553A
                                                                                                                                                                    SHA-256:FB3CD01E958E5BD3D36EA45A1D4B857CEE0C70E9F60B09DC2ED987C47E5FE45E
                                                                                                                                                                    SHA-512:3EAB231E8148B6E54638C316EAD3C6B8ECDC52AF20A50AC74A384B17A21680F8E03359E25CBDB113A3D63F2850E5A8CC56BA8599776AA4B3A05CC67597D800A7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ|.......|...R.....k.ZkcL|...R.....k.ZkcL|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............*.&....Sr1...D....N...^...............Oa./f#.@..I...&.........f........................................I.qk..B.....LZ.............*.&....Sr1...D.........*.&....Sr1...D.........|.......|.......|...........................................|..j....|..T.]..|.......|....B..|..H....|....B..|....>.)|....J...................;........4...4...4.."..............|...|...|....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........|.......|......#|..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.033151640858347
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YZsTRVx+NxmKtwHZxUEXgZTIXHI9hMJTo3rdProXeIcdXM5lRRTN+hkLCEKSlrc6:KscmKqHYEXg6Xo9hgTeRjoXM0
                                                                                                                                                                    MD5:642F63C5C90955CD89F9D84BC21DC1E0
                                                                                                                                                                    SHA1:0B70589867E4781A1A9F32095D4F330A1AA7EB61
                                                                                                                                                                    SHA-256:E850FB6E8FBBA60104FA683F66ABCC8E0E7E9549E3EEC508079A745EA1EF3CAD
                                                                                                                                                                    SHA-512:8DB5E7F69544E824081095B760B0A28C8A674E0D96FA6655A7BF3B153987FF6EF3DBABC73BFD9E8C814BCC8B9837C316D45E366184D7091D77C7DED3E8BC2F42
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.K.......K.^...."uJxa....K.^...."uJxa....K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................E...v.."..@....N...^...............OE.....K.w..HJ.m........f........................................I.qk..B.....LZ.................E...v.."..@.............E...v.."..@..........K.......K.......K...........................................K.j.....K.T.]...K.......K...B...K.H.....K...B...K...>.).K...J...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.0925928001243905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YBsL36gej47UqtA4QWE86Xkz922YHToTJrdQr6IWdXWDn+nWR7sb4j+nuKly:6sxej4wqqmEzXc956TyJRISWXP
                                                                                                                                                                    MD5:6DEC6CDF6342EB7FA017C99A1EBD92A9
                                                                                                                                                                    SHA1:8379E8EE9EFCA84CB4C2A8D80C79083EF79A0860
                                                                                                                                                                    SHA-256:ADDAEE1C527AE9C5D4877D2E7B76AC042432699D50B40A0447B47DBDA4FC173E
                                                                                                                                                                    SHA-512:550C697DD90199CA45D55168B7B4DC7B7EC9FEAC4D5320BD58EED39F18E07525BB4838275281FBF8953E1342FC0CFC5124B5574836716BE27BA57FD41725C46A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZp.......p../.E....'..F].p../.E....'..F].p....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3u......;U...S....N...^................!.n..fD...N{}.]........f........................................I.qk..B.....LZ.............3u......;U...S.........3u......;U...S.........p.......p.......p...........................................p..j....p..T.]..p.......p....B..p..H....p....B..p....>.)p....J...................;........4...4...4.."..............p...p...p....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........p.......p......#p..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.088641297176611
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:ysyfc3+8LqEfVXY91CToRfsM4VMV/4VMyV:ysScBbtXY91C0Rfs
                                                                                                                                                                    MD5:0BCD6EA5F2420EAC7BFA5CC90C57502D
                                                                                                                                                                    SHA1:A4663C9E5010E3D2FC3FCB86DBEED4DC3EAC75B6
                                                                                                                                                                    SHA-256:A99B44A3F6A4B034EB31EB1F1C5112D01368F04A7716F5C4AC144A400FD971E8
                                                                                                                                                                    SHA-512:F56C0D6DE8AE0A8128D92DFC637252AAE87486AF34BA1E0303CE0A6ADA04DF7936BAD2196922C9020C3514ECF93D0CA414ED5ADB67DBCFD4DB7D7EE9E15B8183
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.;c......;c.].i....L_....;c.].i....L_....;c..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............f'.\..............N...^..................O.@fO....s...........f........................................I.qk..B.....LZ.............f'.\...................f'.\....................;c......;c......;c..........................................;cj.....;cT.]...;c......;c..B...;cH.....;c..B...;c..>.).;c..J...................;........4...4...4.."...............;c..;c..;c..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........;c......;c....#.;c............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.098295649149276
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:esiFQREP5JEFEX09VENy0T/GReGkUzdozazYvQ:esieREx2SX09VEE0DGReGkUzdYaz8Q
                                                                                                                                                                    MD5:C4E7C0472D17D08C492BD7BDE524A073
                                                                                                                                                                    SHA1:56E50F9EB4D5AEC47CA59369E7234F02B1B16C04
                                                                                                                                                                    SHA-256:C3A9F273962F1CE470C7F13622FDE14E629296355268479F7108444A3B5D761E
                                                                                                                                                                    SHA-512:CE4408E0DBF063AD33712F6F2DC97985F95B833A9C8CCD39511D60FDBBE42E5DAE85598F16F06FD760DCB3747EF34DD6A6D30FB7D0B17184CD768D84A9D4BEC5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ].......]..E....%.^5.j]..E....%.^5.j]....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G.}r.<....f.^%......N...^...............g.8...H..)o"W.........f........................................I.qk..B.....LZ............G.}r.<....f.^%..........G.}r.<....f.^%...........].......].......]...........................................]..j....]..T.]..].......]...B..]..H....]....B..]....>.)]....J...................;........4...4...4.."..............]...]...]....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........].......]......#]..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.078898610711362
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:lsWr1ErtRDt8Et9Xc9+STo1rdfokrBIGdXyqkslZv+/ka:lsUEr/p8EXXc9+STMRfHjnG/k
                                                                                                                                                                    MD5:71539A30B51FEFD858BBF9B9FF85BED3
                                                                                                                                                                    SHA1:E38DB2A7795D5E8057AF173A293DBAC2747FB649
                                                                                                                                                                    SHA-256:C390942C468EF0C91EFFB3FE6899ED658C5A2BBFE0193F30A08FF5BBF09024EA
                                                                                                                                                                    SHA-512:6743514A13A9F1C1896259CA428541DA53F0232B2EFC4634FFB6A9BC941356E67B5F46A25FA004A6929BAAFD65FF7A81D297632C0920869978011EBE8C33D522
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........Tl...%..a......Tl...%..a........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................#{...:..=}A......N...^...................:..F..v.. .z........f........................................I.qk..B.....LZ...............#{...:..=}A.............#{...:..=}A..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.081781970362134
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:J8osWk12ifSapgEVXM9lIbThxRpW/2uuI:J8osWkIifSM9VXM9lIbVxRpTk
                                                                                                                                                                    MD5:23782192B25E989FBE8DC23E93D20E59
                                                                                                                                                                    SHA1:A698E2CAD3C39F2C3356238A9393698F5625F7F7
                                                                                                                                                                    SHA-256:CEEFDA7A1167D9229F1F20E1CC3D1F80E79A595B218EAA38172DED387EA02C07
                                                                                                                                                                    SHA-512:9A5DD9BDE0E9920C2E54F5030F40EE902AE0F1B1AA938B2E0F84BEE9F9D9DFDF65AF02A5ABC374E0D02611F0F75A377FCBEEA5869CF2C159451A64F9626F0C45
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ. ...... T..r.$;D..w.S. T..r.$;D..w.S. ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............31^...............N...^.................,E...E.J............f........................................I.qk..B.....LZ..............31^.....................31^..................... ...... ...... .......................................... j..... T.]... ...... ..B... H..... ..B... ..>.). ..J...................;........4...4...4.."............... .. .. ..z...y.. x.. ...........$........4......7...7........................;........4...4...4.......... ...... ....#. ............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.077880375969858
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xsb5wl3G26mtsl4CytIEdjXw92vNoTofrddr3I0dXEzDOknv/8a:xseU26m6l4CQIEBXw92FoT2RRvIOK/8
                                                                                                                                                                    MD5:F22F456C5FE83E96327B9F752DCFDB2A
                                                                                                                                                                    SHA1:367596CB773F5E3D7D1DD3AEAF7B6602A5A52001
                                                                                                                                                                    SHA-256:2F88CBA27DC4580105864954F86007A1742DA67A454D30825195348539BBC2B1
                                                                                                                                                                    SHA-512:5C5B681125AB743DA798C9D43ADBF8CDF01D32DFC9DF5EE831CC50C1711235D697E9016EBBEA70BE229085BAA772BCE135A490A2A3D0AC20786A68FE9CB33447
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.S4......S4..........&.".S4..........&.".S4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............0.CP..r*?.......N...^......................O...R............f........................................I.qk..B.....LZ..............0.CP..r*?.............0.CP..r*?.............S4......S4......S4..........................................S4j.....S4T.]...S4......S4..B...S4H.....S4..B...S4..>.).S4..J...................;........4...4...4.."...............S4..S4..S4..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........S4......S4....#.S4............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.154221193204216
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:as23kRRxiR+0tphIEtgX89x7HToSrdjrGIDdXdDeO9ig:as3sR+0bCEaX895HT/RvbB
                                                                                                                                                                    MD5:004AD45C18C28CED53D47C7BF369B6BE
                                                                                                                                                                    SHA1:D479594E0EDE5FFBF7F5245B9EF4EDFD48FAFF8E
                                                                                                                                                                    SHA-256:17C7478A43B9C900887D596835FDD5028C2304E2ED7FF758F851DAACD3F640FB
                                                                                                                                                                    SHA-512:173BB3563588E7889D7B86060166D06674B9EF2F9687DF8E3502F63D6A5EEB8E6CB26E76D41A332F960C6B86337AB77DC055B2193EBC208C8278C3CE02D0E04C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ6]:.....6]:Z.......}.S.6]:Z.......}.S.6]:..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............DZcv.....(...y.....N...^...............s..+M.E.ju.uiH.........f........................................I.qk..B.....LZ.............DZcv.....(...y..........DZcv.....(...y..........6]:.....6]:.....6]:.........................................6]:j....6]:T.]..6]:.....6]:..B..6]:H....6]:..B..6]:..>.)6]:..J...................;........4...4...4.."..............6]:.6]:.6]:..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........6]:.....6]:....#6]:............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.1625276006763094
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:p0slty+HgbQBM7butiAtcEPlOMcX//c9TrToJrdQrShIVdXDI8/HCFtGwFS/Big:Ws8m6buUScEPvcXXc93TYRI7q1i
                                                                                                                                                                    MD5:3839F7E39E2DCBA23459AB99EF324F84
                                                                                                                                                                    SHA1:22AC6A68DFF1FDF0A400483CCC0E58B094116EC5
                                                                                                                                                                    SHA-256:EFECBAC55A109E12194C6831DAD2D80AEBF80FBBA1C93070AC53DF8FC1E7C971
                                                                                                                                                                    SHA-512:54A71A94D1F1BF3B6BB4A189AD47A1804AE9FC3C32B9F765236213C18150607A366FF9FF95D7EB04BF58C1B356ED8FFE2E28126330B2D7CD71976C3F6C563F1F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ.#m......#m...%..^..n..#m...%..^..n..#m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............c.[?....... ).8....N...^.................J.P..N.{.j...........f........................................I.qk..B.....LZ............c.[?....... ).8........c.[?....... ).8..........#m......#m......#m..........................................#mj.....#mT.]...#m......#m..B...#mH.....#m..B...#m..>.).#m..J...................;........4...4...4.."...............#m..#m..#m..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........#m......#m....#.#m............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.158629761593572
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:PVsXab1u739EBA7rWXpW9+T2RKu7b0Wc+v:PVsUuWArWXpW9+CRKu
                                                                                                                                                                    MD5:EE50ADCE28A19DA806EA8AD22F99AC5C
                                                                                                                                                                    SHA1:363E68154087F916B11D6F687DCB75D40BE27611
                                                                                                                                                                    SHA-256:15CD39491D4B98F713DDCF2E34F25CDAEB0C259D4FE7E750FC073E1E391E49B7
                                                                                                                                                                    SHA-512:52D1EF478CDCB8A90884FCB2240E7B1E9C9C0431ED4F732C0ABE7B49A6EC21635CEB8390C7769ED41E16A29B5B333A064DA8EB81B98C9FDEFDED0912E7556544
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZD.h.....D.h.x....mb.C3D.h.x....mb.C3D.h..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N..........".>.....N...^..................5.t.G.....r.........f........................................I.qk..B.....LZ............N..........".>.........N..........".>..........D.h.....D.h.....D.h.........................................D.hj....D.hT.]..D.h.....D.h..B..D.hH....D.h..B..D.h..>.)D.h..J...................;........4...4...4.."..............D.h.D.h.D.h..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........D.h.....D.h....#D.h............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.1568626297842135
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xxZs+oQwEeXzGtk+E7CWHXU9c+LToErdSrOIxTdXr0hzUJ0mh4dUo:xxZs5XzGBE7tXU9cUTlRKxTC
                                                                                                                                                                    MD5:413050419719E8D4FE57256B5DFFA8C7
                                                                                                                                                                    SHA1:8066AF7440FA9F41F4365282D090D84AB786360F
                                                                                                                                                                    SHA-256:8D34934D0566F38311E0D5A423E864B567D77AB08AA8673E19FEA2E4A44AE64A
                                                                                                                                                                    SHA-512:190150221F3350241F579848F4F9BEBB3675D519CC7F43A62934E466C2C6ED5532D58BEFA7A7E8D65E4381A138194A0ED9E537672A8865D85886DD9B77DBAEEE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R........................................K+.0E..H....I.......I.qk..B.....LZ.....K+.0E..H.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............E1_.T.3d..|A....N...^...............6....QTF.....;.a........f........................................I.qk..B.....LZ..............E1_.T.3d..|A..........E1_.T.3d..|A........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.14298507374875
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pQhl0s15IpZGtlvFgtoaEEC/7xXex97fNToCrdSryeITdX9kLaYp:e0sTvhFgpEECxXex9pT7RKME
                                                                                                                                                                    MD5:E04E7F242DF01B3F0AAABEDDF483287B
                                                                                                                                                                    SHA1:178AF39CD348D81174B7F0567F3C71D2FC7CE909
                                                                                                                                                                    SHA-256:3B263D1A562539C57F8B23DF801C721B90A2021552B6DFDF9145E2C742E3F1D3
                                                                                                                                                                    SHA-512:7BBEC2FB928FE3ED0D6F2315BC37CCE4DA868EA7BD8FB03D2BA4075DC24DF541A8BA8E472A8E1875612D05335CC0D61CE44E58B2C867F66DEDAFFA2C55D7AE3A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........X-....|.....T...X-....|.....T.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................3h....6.>.p.....N...^...............I"D.:..K....d.t.........f........................................I.qk..B.....LZ...............3h....6.>.p............3h....6.>.p.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.13037128255259
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:K1712sbWUQMpEt4+E2CHcXs9koFTo+rdSrCIrdXo0qouN:K1712sAMpEVE25Xs9JTbRKXw
                                                                                                                                                                    MD5:A7C876718990D6BB39F1C30A13BF688E
                                                                                                                                                                    SHA1:3875FD3BE65D0011AD6894C03C2735A9501093E8
                                                                                                                                                                    SHA-256:8DBFFF09BBE8850CFCC66E7DBC968BC3CE7AD7E3A91B22DC7DB3018D948248C7
                                                                                                                                                                    SHA-512:485430C223A1FD46C82D0D3A7B5B72381A9E73C294BB0A7B2E0A39E33277816691F367269733D1A307C18179AB98BD2E336DA8C75E58A02815E0F173F10F58F2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ@.......@......-.}.O...@......-.}.O...@....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o..w(..=..!.t.....N...^...............Xl.Z.#I.-.............f........................................I.qk..B.....LZ.............o..w(..=..!.t..........o..w(..=..!.t..........@.......@.......@...........................................@..j....@..T.]..@.......@...B..@..H....@....B..@....>.)@....J...................;........4...4...4.."..............@...@...@....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........@.......@......#@..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.133361693778262
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:fxsNrsTKVtpzB7nftAyBm+EG9CCZXX6t79PfToIrdSrtIRdXnYOgVVguOVoKlpOX:fxsHpJnfqEEiHX6t79nTZRKwK
                                                                                                                                                                    MD5:CBEF644E74D1F1CCF1C3ACF9BA26A770
                                                                                                                                                                    SHA1:21212E9813E71EB56CF9E0D070DADAE0D795B0A4
                                                                                                                                                                    SHA-256:24AD29A83E1E475271E6D49279E42032CA4DCB7785D369404643D7A03EDDE1D7
                                                                                                                                                                    SHA-512:683FAE0D7A21532F0D4FA0EB3A44F5009658BBCC30F1DA65552364AD978EE05069CD4C8D32375C5D1EF0ACC6BD45EEA5126C47DCC52CAFC49917C66684C01042
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZpOH.....pOH.B...$:.EfN.pOH.B...$:.EfN.pOH..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............a.b.Q.4..gc......N...^...................6..B..S.@.........f........................................I.qk..B.....LZ..............a.b.Q.4..gc............a.b.Q.4..gc...........pOH.....pOH.....pOH.........................................pOHj....pOHT.]..pOH.....pOH..B..pOHH....pOH..B..pOH..>.)pOH..J...................;........4...4...4.."..............pOH.pOH.pOH..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........pOH.....pOH....#pOH............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.111683042798435
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:tsMccXE2gK2cW5tE7GEnpDCZPeXw9THvUToprdSrp/ImdX6wW0V6rltWNdLj:tsMOhrcW5xE1VXw9THMTwRKpRF
                                                                                                                                                                    MD5:7C28E9FFBEC9F0F03D2E9221484F935E
                                                                                                                                                                    SHA1:B1EC923DF3F8DDE164118469E5447C3D516CFE5D
                                                                                                                                                                    SHA-256:FC7FFA18D3A03FFF4C8D568FFAB56F2675D145FB710BD6CCFD5CBA62E5BA218E
                                                                                                                                                                    SHA-512:057613592B58735851F41F715107B3ACB2C2C2537D2DE925357B7678CD74D6128C31E55664C8A33B610C82FBE78BA1EA28142BE67F5F1ACDA9FBD5406A2D0DA8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..0.......0..r1.?.G.jU...0..r1.?.G.jU...0..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g.....(.a...E.....N...^................{.....K.nnpe..........f........................................I.qk..B.....LZ.............g.....(.a...E..........g.....(.a...E............0.......0.......0...........................................0j......0T.]....0.......0..B....0H......0..B....0..>.)..0..J...................;........4...4...4.."................0...0...0..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........0.......0....#..0............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.12944607347251
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Nso0kRmgzEmXXs9gTTURKzn02ZCwCZPQc:Nso0kjgIXs9gT4RKzn0
                                                                                                                                                                    MD5:D380105BD8BD0CFCB1B3C89C339652FB
                                                                                                                                                                    SHA1:A5E73A36FA78154FA72E8A6B29EF8987ADDD15DA
                                                                                                                                                                    SHA-256:FC87793A9771C5491F7A1454464A3AE8CDA60129ED95CF661BD75C2E6B1DA438
                                                                                                                                                                    SHA-512:7FB576449C5DE33885068A76BFDF100950525F4DB9AA3A58C9DFDCFA0E0C3A6BF808464E2217DCEFA504DCB24CD54338F0A5F789D0E21315CB6BBFCA9537E050
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........B.\..,.Y_^....B.\..,.Y_^......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................]Oe.....$........N...^.............../...1..L..j..C.:........f........................................I.qk..B.....LZ...............]Oe.....$...............]Oe.....$............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.089510148748566
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:KksIeehcVy8ElCPX492TLRKLhKLP3KomB:LsuhcsOX492HRKL
                                                                                                                                                                    MD5:5B15E053570C0B0B889C55E4AEC429A9
                                                                                                                                                                    SHA1:34AFB6381C21642020AC508CB1C39F0B51729BF3
                                                                                                                                                                    SHA-256:46DC27BE7C741FCCFB385FFCD531E69535A593DC28782BC5CF18786948DDEA1C
                                                                                                                                                                    SHA-512:4DDCD9F275F9B77502FA17B21DE0F9830C6C4F9092A0FA8033C21826A1069A255222BD1337721895483818AAF8900E805471E6F1F23A396D6E0B90D8C13B2368
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZlf......lf....../..C1Z..lf....../..C1Z..lf...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................4.!..B.R......N...^................590G.nG....Lx..........f........................................I.qk..B.....LZ.................4.!..B.R...............4.!..B.R...........lf......lf......lf..........................................lf.j....lf.T.]..lf......lf..B..lf.H....lf...B..lf...>.)lf...J...................;........4...4...4.."..............lf..lf..lf...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........lf......lf.....#lf.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.143691754198923
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Kks3/YW7H/xqGzFtOMSbtFQ0E6tiC+GLXw9KYToVrdSr97hIbzF0dX+F0Qq7wpvm:KkspqkFtobFE6c7EXw9bTURK90F0Ph
                                                                                                                                                                    MD5:386C8D165738556860B95BC074819473
                                                                                                                                                                    SHA1:684B4F0B024CB3B98EEB18F7A8AED1281ACF7942
                                                                                                                                                                    SHA-256:645135734E81D02A1B7CAD5D89B71A187A27D3B31CFC20B9798FCF2D48F82781
                                                                                                                                                                    SHA-512:61838BFFDDE9AEA4437FF42166988025B05AFD42C0DE1245F3E014CD124E04F461E20BF37D972D4048C70A9EB5D4DC3CB68FED55252E61ED676DEA597914FB8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ....................).Q.............).Q......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............B.+...0..e>/......N...^...............&.Sa..M...rS.}.........f........................................I.qk..B.....LZ..............B.+...0..e>/............B.+...0..e>/..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.105891197732592
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:QPqes/LKmbDVJstz15V/kEIWCCYaX8B9kSoLTocrdSr4hIRdXPZhPRnZh:QPTsOIDVJsX78EPBX8B9k3TdRKNLJhZ
                                                                                                                                                                    MD5:A10BE82775DA68821422579387349E70
                                                                                                                                                                    SHA1:53E169DCFB2B7D27AE35D9E36BACE622BD0AC7FA
                                                                                                                                                                    SHA-256:E9F500154499FF499114B4A3813FEDA9AA5CB6516ABD0ECE7A08A916D7089F7C
                                                                                                                                                                    SHA-512:E0E60E95560B7EB495F342747B5680E8694335C1D579E659C5668BE92F9A529746C17CA5B3E639E42298723A5596928114E093CA2A266A6690BE0E2A582D9554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ.@Z......@Z./...1.os.3...@Z./...1.os.3...@Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W..Hu..'.e.&S......N...^...............@;.5...O.,..,..l........f........................................I.qk..B.....LZ............W..Hu..'.e.&S..........W..Hu..'.e.&S............@Z......@Z......@Z..........................................@Zj.....@ZT.]...@Z......@Z..B...@ZH.....@Z..B...@Z..>.).@Z..J...................;........4...4...4.."...............@Z..@Z..@Z..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........@Z......@Z....#.@Z............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.129931906486086
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:VsfojWv5nL6TJtYzWEVC/pXo9byToLrdSreIgdX0Cbi99hsR:Vslh6TJ5EVEXo9WT+RKQbe/s
                                                                                                                                                                    MD5:77AEB0E2FD031370A29275D015B765F9
                                                                                                                                                                    SHA1:DC3569A825E207026F0187205CC5A8A3FB43D908
                                                                                                                                                                    SHA-256:F88BDF6EC3D982A00934711F9F2B5693B36929C7E1E417165DA0C1FBCDF1F7E8
                                                                                                                                                                    SHA-512:3F5DC6FD9E1D01BF0CFE86DC60DEF7996D6B1BDA01D365C692F5DC553DF61B1649D9B5EFD7CDCD14DF17D04BF22CD6467D49C31A2AC3EE821756740571442088
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ6.......6....a....5..7.6....a....5..7.6....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W&..&...*.....W.....N...^.................ZS...E.d.o.*.S........f........................................I.qk..B.....LZ............W&..&...*.....W.........W&..&...*.....W..........6.......6.......6...........................................6..j....6..T.]..6.......6....B..6..H....6....B..6....>.)6....J...................;........4...4...4.."..............6...6...6....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........6.......6......#6..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.100118531799817
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:FsKRVQPdU5JEsWMWXg9S5TwRKr63VGxOoZ:FsHUk8WXg9S5kRKr
                                                                                                                                                                    MD5:58C74394126EAE79E2BF5E0A77A318BB
                                                                                                                                                                    SHA1:D51B18B7B83894A5E91477973C973FC0484C9541
                                                                                                                                                                    SHA-256:9381AAB082142422F3771E20155956322BA0B2218041D6F301005CA5405BFB0D
                                                                                                                                                                    SHA-512:5A27D43F567D5F0516239625E2C8C0521A7BB133E8DBC722566E89664E6F1A58352B2F8613524B068A38A5230E718EF69392CE00C286D9EBBDC4CF59A3E5104B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.7.......7....+.&.....f..7....+.&.....f..7...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............AZ|.>..5.t].@M.....N...^................H~Zcz:K..W"U.NV........f........................................I.qk..B.....LZ.............AZ|.>..5.t].@M..........AZ|.>..5.t].@M...........7.......7.......7...........................................7.j.....7.T.]...7.......7...B...7.H.....7...B...7...>.).7...J...................;........4...4...4.."...............7...7...7...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........7.......7.....#.7.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.124716052601823
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5sTzRK0EAt8uER35uCAZ0Xo9fjToErdSraIgQdXrbKdRsa5:5s00EAhER3cKXo9LTFRK0Qd2ka
                                                                                                                                                                    MD5:9D62BCE7E6D0F81A427627543B0B60ED
                                                                                                                                                                    SHA1:04526172B0EC27E5AD713E78A9F0D586710612FD
                                                                                                                                                                    SHA-256:5259E4EA0440F48C900CA620053AB5107990CE51A92686A2CEB1CE79A14C24AF
                                                                                                                                                                    SHA-512:AAF7CD1851531EEB2DCD4E9C9D6C69D43158DE4BE8446B51E19EA98F71884E1243DABD94320A4E0A2DECE464E092C4FE56CA305A032EBA2F9D2EA5B46424CA69
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ............ES.."".(..e....ES.."".(..e.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............]..B.cm....).ju.....N...^...............|....M5B.....8..........f........................................I.qk..B.....LZ............]..B.cm....).ju.........]..B.cm....).ju.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.143974573903606
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:SasPqPM900tI7SENAIWCp2h9XE9sOUehTo6rdSrscI/dXRuOWHASWrOvpd5:lsb9VtENA1s2DXE9sO7THRKsNMT
                                                                                                                                                                    MD5:269424FF26A8863F6F7E7A57EED56A0C
                                                                                                                                                                    SHA1:AB9D63D1F0B46DA188D1F421F5407AF3C2B55A5E
                                                                                                                                                                    SHA-256:B3AFF02E4987DC49D9AC29DDF4C361BF08C4B8D2A6174A798214E97352CAD8F2
                                                                                                                                                                    SHA-512:122B2B14443094408BE892CB4DA2B1B1432E45608115CCCA865DEFC783D7912A94DFCD3957A8F1AC7D7E34BC487082478815BEAFCD6E90DBFB7FD9261888C5EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ5.......5........._. x.5........._. x.5....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................N..9.d}.c......N...^................c.Tj.oD.?..>-.........f........................................I.qk..B.....LZ................N..9.d}.c..............N..9.d}.c...........5.......5.......5...........................................5..j....5..T.]..5.......5...B..5..H....5....B..5....>.)5....J...................;........4...4...4.."..............5...5...5....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........5.......5......#5..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.145786952487935
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:K8s5VaeRhEyruXI9RyTtRK05Y2KNYAM3z:TsDr0ySXI9cxRK0
                                                                                                                                                                    MD5:42087C6962E5BD9C6DDEFF81943E2E04
                                                                                                                                                                    SHA1:0F4C43F59EB7D90E30F17EBAFD6E2B26F5AE0982
                                                                                                                                                                    SHA-256:30F4FEA097C7CE30A7E17ACC198D5CBFD17F27DAFC02633C306DB805A887EA54
                                                                                                                                                                    SHA-512:B24BCDB9C8EB0550A04599977C9767A78144B037677BC5DA9EA0C7F0B5841F03C0EAE5F95E728695CC4A0421CCB45A51AE27A917AE336725746BF1D968EDE690
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZb.......b..dQsE..M>...?b..dQsE..M>...?b....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............l...%.5..rg.z.......N...^..................1..I...............f........................................I.qk..B.....LZ............l...%.5..rg.z...........l...%.5..rg.z............b.......b.......b...........................................b..j....b..T.]..b.......b....B..b..H....b....B..b....>.)b....J...................;........4...4...4.."..............b...b...b....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........b.......b......#b..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.13129543600894
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:mKXs9QHW7HQtR+K4EJlCDoXHzS9HF+J5VToYrdSrpIFdXbsmkbgtf:mKXsmSHQ+vEXJXu9leVTdRK8eVgt
                                                                                                                                                                    MD5:CF6A9F49A2F82EAD11D46ED017C4A4D8
                                                                                                                                                                    SHA1:506A369ED9B1CFD5B1ED16675F4FE3DDE0F5F1FF
                                                                                                                                                                    SHA-256:08A1EEB60A7E20EAA4F445DA7264EC1193EC7AF483C72430F0AC988B58EA3AB8
                                                                                                                                                                    SHA-512:5C8986D951C0943B9926F7F1D760468EC2278D4DB79AF1406539961C4DD48657C04502AD906C3C4D06F437B484AD7E076945D4A4C4EE2A9EF96541F91C5143DF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ..m.......m...6.?<S.o.Z...m...6.?<S.o.Z...m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............D........&...5.....N...^...............J6..)..N.e.|OKr(........f........................................I.qk..B.....LZ............D........&...5.........D........&...5............m.......m.......m...........................................mj......mT.]....m.......m..B....mH......m..B....m..>.)..m..J...................;........4...4...4.."................m...m...m..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........m.......m....#..m............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.7065610193044685
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:0bBf47J9jr2LC7wJEqISpep5EG4IUzE5koc4IzQXLJEH4I82aYW:0bBqXjr2Sw2qIcesO7dUzQL2XuYW
                                                                                                                                                                    MD5:73455C4DC19188D14564C02A65CAA1BB
                                                                                                                                                                    SHA1:8D5F335580DAA0432E5E394085F9ACD379DFC39F
                                                                                                                                                                    SHA-256:D6C32DC436435443AED7819BC91A6C52402F9F95327ED9388E50653FF20108BA
                                                                                                                                                                    SHA-512:D6C6241FA2F68168AFD183590F3A3125B7CC7618A5368874302FBB024CB319942DB5CDAE8D249932F505834480AA26FEA8F54811C799AF674B655CCF238914A8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....................0......................................................................................?................................................................X.............................$.......$.j...#.J...<8.O......O n.gF..$.....z.....L....:^..zz.....$.j...#.J...<8..$..E..n...,..x....E...........z.......z..................................................P.[.....P.[.F.oD.k^l...^................4..Ygo/.2.......^.......,.......0.........$..O.P.[...n.....z....E........m1T./...OT....P.[T).....nT.v..+..T)...z.......z....n....T)S.......O......E...c..,0...e...B4.$...........GP..A..}.....J.....................8.........B)..&.8..a0.:F.......o:..a0..........4..Ygo/r........>...........<.....$.j...#.J...<8........4..Ygo/r.O n.gF..$...............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):4.576540836916994
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:+lAR8XTT7m0gKTm6ibuoAFRtHPHB6uNa7eV4iA8kGkI/GN+HeInNch1b+2:+lA6XTTi0gKTm6Au7FR1PHI8aSV4iA8i
                                                                                                                                                                    MD5:ECCC218249FA84840BD38E28F6F71660
                                                                                                                                                                    SHA1:1AEE0396C9D6B13E38F2CFBAA181CDA6037031D6
                                                                                                                                                                    SHA-256:65E4D74FD2615DD499BEDE663C9B26ADB00D592AFF890E999FA84A4079B6AB90
                                                                                                                                                                    SHA-512:F10006A7642E7CB0571F24CBAFF085EC5DBF37D492775C01BBCB3FEEBBC112BD09F6C616ACC5AB42554C9F4B2C99F3C97541F319A0DF0811B1042B0CFE517563
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZ............;T......=*......Bu........6#........;T......=*.......I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............=.....*..i..;....N...^.................#...O..}Y.A..............J...............................4....I.qk..B.....LZ.............=.....*..i..;................................................................................................(.6.....(.z..... .......$....... .......(.5..... .......$...........3...8.....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.958850587377326
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:aopDsvAyLEByoXBZdDLoR/JDdyeySeOudWE8N9DkHGJk+yXxe:aopDsIyLE8oXBbDsR/JDl2p8N9gHGmz
                                                                                                                                                                    MD5:7ACB3BE45E14AF6883D8AAEC527E7E0A
                                                                                                                                                                    SHA1:F89E6D62DFBEBA5BF6B302346DC506511966218D
                                                                                                                                                                    SHA-256:12094E4A61BB5B124F94EFEA4303CFCDC4287E7ED1FDC51DD368E85DEAF6B1C5
                                                                                                                                                                    SHA-512:F65A06F1A22E9CD91A5594BA6C55DE9AEBFD69F14544CEB6D7D444CA9DB0EE3CA69611C17AA843FE01FA23B6FFFA4623711A4C44E54E8A247C11BB2500FDA031
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ.6O.)....6O.j2..9..O.&`@.6O.j2..9..O.&`@.6O..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e./k.t........2....N...^...............bo.z...O.Hi..oW..................................................I.qk..B.....LZ............e./k.t........2........e./k.t........2..........6O......6O......6O..........................................6Oj.h...6OT)....6O......6O..L...6OH.]...6O......6O..H...6O..}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i...................6O..6O..6O..z...y.. x.. ...........$........4...!..7!..7................6O:.6OF.6OG.6O..z...y.. x.. ...........$..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.531895520288043
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:qsHqVL1xBinHD1kX8REYuHRRtV7fTu0Lxtcx1sVZbI29c1H4Mt6J:nYcnHD1GUEPHRRtVXgx1AZbImc1H1w
                                                                                                                                                                    MD5:44D88CDE1973C75E93AB2DD28123C9DD
                                                                                                                                                                    SHA1:55DBFF8E830BDD787D3AA1C670C28436A48A60FF
                                                                                                                                                                    SHA-256:7508838DC3F7C65F98175B4683C50E016FD1649C8DFC47ADE84DF6E44A42F026
                                                                                                                                                                    SHA-512:4EDDEE162E437F50A73F5BA09DAF007EC8BA88A7BB032C855543C6397D781882260B39778800CB2008BC84CB4C53FD159EA2C111016EAE359300FBCFB10BC462
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ..1.9.....1:.j..#..".un...1:.j..#..".un...1..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............c.5.....9A.B......N...^...............<.)>...J.....X..............................................r....I.qk..B.....LZ.............c.5.....9A.B...........c.5.....9A.B.............1.......1.......1...........................................1j......1T.H....1.......1..\....1H......1..3....1..O....1..........Z4...........................................4../4......p...............C.a.l.i.b.r.i....................1...1...1..z...y.. x.. ...........$........4...!..7!..7.................1:..1F..1..z...y.. x.. ...........$......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):3.202755048126972
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:5NS8H9JU32V2BFDZ02KZeOH2QdD29LykvZaiRS22Yl8Z3ZvLuy812JZHiNCSH:5NS8H9JU32V2BFDZ02KZB2QdD29LbvZT
                                                                                                                                                                    MD5:B847A75C8308056DAD2ADE6142235979
                                                                                                                                                                    SHA1:9E62C2273E6FBB0C2AA4CD5F1A08FD587C477FA0
                                                                                                                                                                    SHA-256:4080B172EA86461A7B5852AF4391DA7EF73BFD03DCA93D2EDE59930160F2C7F1
                                                                                                                                                                    SHA-512:76D8C87B26E9F3B315695D4E2EF74B8A47CDC8B0B75717C0F9148B15EA8A6729B941373E7D6A420716D3799ACBB0365EE6BDAB925960F302890C8A76A77BBE7E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......0 .../.......o....JQ....".........o....JQ....".....I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ...T.....b..2...2d..sI..b..2...2d..sI....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o....JQ...."....N...^................doO...N.t..<.Id.........................o....JQ....".........doO...N.t..<.Id.............o....JQ...."............................................................................................j.e....T.....................a.................. .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i......................z... ..$..............
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.7883717773264047
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:dshHLabw0rqSgF8tuXsdgQwRtxmyqCX0ivE3ugW4XK999trX+MXb1+jCMQpbdh2e:ihHOM0rq3TsmQwRtEy50oruXK9/1+Eia
                                                                                                                                                                    MD5:54F222239E186A4042E0C1A49A06369F
                                                                                                                                                                    SHA1:4C71020FA19762989B48B71F3E76E900C667B3B1
                                                                                                                                                                    SHA-256:A301B24F836CE8EE46EF9FBB5AD4940CB095CF221B598E44244A2125FE97C4D1
                                                                                                                                                                    SHA-512:6BEEBF660815606DEF2D5A8E9351D5C37AA618B4F89BCE26FCAE1970AE46666C13F0D57056B04F0F0F3FE3B87EAF067BA25687BFCC80E0E120174D5E5B1035E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ....9........`......o:.......`......o:.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o........#p..k....N...^...............^....!K..;...&.................................................I.qk..B.....LZ.............o........#p..k................................................................................................j.......T.Q.............n.....H.........9.......V...............Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ...........$........4...!..7!..7..............'...%........z...,4. ...........$>........4
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.701073859086095
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:KsO5uZJqf45BfEQ4wqoSQAi7PWtH2vb/6XLgmzzYRtxcLf97FSKfc9Wbi:HO4Jqf4TfMwqoSZiTU2vLU9kRtuLV7F+
                                                                                                                                                                    MD5:CA2AF6F3F63E45A4C59C294DF8A84747
                                                                                                                                                                    SHA1:D0D185930899542582EAB7D31788A6587511FE9C
                                                                                                                                                                    SHA-256:7159273A5AB77DEB7BA0ADAE7797982ACFCC702D21256C5F295CC5ADB52B02CB
                                                                                                                                                                    SHA-512:DA30E944BF55E20FB5EC76C016E705594269E3960A0ACEF65E89789D72A91A3D4405185C19D92A52B5F8EF06ADE948B547DB6D0225C3C9CC734DD0A6C5C8B8F8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>.......^...v...2...0 ...+......>...........v...z...@....*...........................................................................................................................................I.......I.qk..B.....LZ............x.e..C..0.......x.e..C..0........I.qk..B.....LZ.I.......oK...6.UN...............I.......I...................................................I.t.....I................................................................4..'...'..............X..A.qF...{HJ.U....N...^................mC..eI...9....................................................I.qk..B.....LZ.............X..A.qF...{HJ.U................................................................................................j.N.....T)................f............. .<............. .......'...8.....z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.57846078803772
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:PsjjOtAXpF9eA/OKBP3dU1NSW6BT/uJ2HqyULXSV6/IP6Rt5DdtFP5K1skkL9Ifz:EWAXpHz/O2FU1Ill/uJWq5jzDRtTtFPg
                                                                                                                                                                    MD5:7AAC3526F266BA78909E0E67BCF8D4F8
                                                                                                                                                                    SHA1:392DAAC752C62644CEDE3CE768E65BD0A286C85C
                                                                                                                                                                    SHA-256:932BEF80D25DDC3429EF4762E60D284E5838CD2E0C0B8BCF62AD377AA8C404C8
                                                                                                                                                                    SHA-512:E9827D979FE2DDFA4B59AB8DDEDEBA7B9603936A20251FA79F3A4190B7A2CE5DB3F4A758ED567F2638F95D5BC23DC92E9304F90944EA6C2181865F80774C1B92
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ.w(.G....w(.....'K*.0.Q..w(.....'K*.0.Q..w(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................M..,.$...j.o....N...^..................EPprN... ..1.........V...x....................................I.qk..B.....LZ...............M..,.$...j.o..................................w(......w(......w(..........................................w(j.A...w(T.....w(......w(..r...w(......w( .7...w(......w( .........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................w(..w(..w(..z...y.. x.. ...........$........4...!..7!..7................w(;.w(..w(..z...y.. x.. ...........$......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                    Entropy (8bit):4.627609622733788
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:0QRVIpkBg3sXNKuVUGVk5o/xfJmzLThsB0vP6um8pKIab/1tQ787HCvXMRd6Qzsi:0QNm8NS5F7h3jHCi/idG9YOB36eheV
                                                                                                                                                                    MD5:C6D41FCF82EC9BB15A32E65E6A7B4A15
                                                                                                                                                                    SHA1:580E8279068CC5B084C8B8479B1D72492A4C0FC3
                                                                                                                                                                    SHA-256:CBA64B77D2D375648DD5CD418CA3566A2FBE0135653571E6843154AFB33046D0
                                                                                                                                                                    SHA-512:230859357CD1EE072E19C9E1E90E663AFAA3DF4CBDD043250947E730D03E040836B5B6928EC036A6DFD7C6DA04124EFF80A54B6F525BEACBEA390C1E9A77F6ED
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.........%......F%...&......0 ...@..P`..(................%......F%...&..h...0 ...@..P`..........................................................................%......F%.........0 ...@..P`..H..................1C.%G.._u....w.......w.........RdH3.Fx.].:*........?Fx..!5.A..-.-.P..j..!5..1B..d....,..T...1B..........................................................................T.m.....T$....}.T....~..T.......T"e..Xx.T#B....&T......&T.............0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e..........M'......M'b.:.D.;.N..J...*.......*.h.fE../.F.2...............d...|...x...P...w........}..~....3......Xx.............&..........c..,0...e...B4.$........{p.....G...^...?@kO.....................*.)Y.@..9W.....*.M.~.MUo@.......M.~.G.t`.>fA...... G.t.....>.......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344377729821398
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:gxsGkDkFkezqOE88X5F9FRGRA9UBhkFkVykYkKky:AsHoSezW88X5F9DGRA9U4SVrxj
                                                                                                                                                                    MD5:DB0DF982682B97EAD4344A71294E68FB
                                                                                                                                                                    SHA1:5BD5D1F04413D77A6351DD56230242E64F1BFE6D
                                                                                                                                                                    SHA-256:1EF6EA91EEC5D097735144AFECFC8F970B396AB06055797F007E8C4453FF4F2E
                                                                                                                                                                    SHA-512:0AC44591828FD2688291278FB790CEEA0EF3477ECF763A5AAC1C5D6F25D6D420F2FC9B46370F82F2A7FE7618E844CF23F40D92D22F0DEC7966E01F26FE543D20
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..I.......I.@.{..8..l.W..I.@.{..8..l.W..I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............0.k.y..?..........N...^...................s.K.)+.............f........................................I.qk..B.....LZ.............0.k.y..?...............0.k.y..?.................I.......I.......I...........................................Ij......IT.]....I.......I..B....IH......I..B....I..>.)..I..J...................;........4...4...4.."................I...I...I..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........I.......I....#..I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12654
                                                                                                                                                                    Entropy (8bit):7.745439197485533
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                    MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                    SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                    SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                    SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327534495791936
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YsQL94sKattdmOEp83X68U9zd5csSrdhSrH38xoktXqQ9XHV:YsVs3vEpuX6Z9zd54RA4vP
                                                                                                                                                                    MD5:435AE9F3CC8B1A1FA9752AC458667D87
                                                                                                                                                                    SHA1:FBBA6C3724893CD88A9FE853D1E30443A015E424
                                                                                                                                                                    SHA-256:B100DFD25DC433D4A5562D00B80B9AFBD6296C3DB1784DFD79C38764DCBEBC42
                                                                                                                                                                    SHA-512:851D7DC45BB181879CF4D71DC7A14F45106C0592E603E0D5D777154D59875C12B7BB475EB5711CDACAB57C6AD0EA6A09382B13E6CB7817B73DFD77D51618BC2F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........Pt4...Q.0..o..Pt4...Q.0..o....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............a7.q...;.....&.....N...^...................MN.K....R...........f........................................I.qk..B.....LZ.............a7.q...;.....&..........a7.q...;.....&.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2695
                                                                                                                                                                    Entropy (8bit):7.434963358385164
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                    MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                    SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                    SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                    SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.359088401983543
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:gsbvzsCcY7E/7+XcxB9lhURARfzsvE3xB:gsbvzsCcH/7+XAB9lhURARfzsvE3x
                                                                                                                                                                    MD5:09E25CA8E1D0AE84E08AA5709BDF8C73
                                                                                                                                                                    SHA1:9E4C04A0568FB22DB001A786281F6B6251F6E933
                                                                                                                                                                    SHA-256:175E2932B5807221730A6C986089AE2020BFBAD4D86B783C29A1462B93266DFD
                                                                                                                                                                    SHA-512:AC100D4E56DC06F89572A1B349FA8A6364A44C4AAEA7DAE90F0014FC940E2DB514E812AE69E6ECC54ABB77641DBD57EACE16D84982FFEE5E98B18802248A159B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............e.1..D4._.L.....e.1..D4._.L......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G..=...<..T..A.....N...^...............&?K<W..@..n...G.........f........................................I.qk..B.....LZ.............G..=...<..T..A..........G..=...<..T..A.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11040
                                                                                                                                                                    Entropy (8bit):7.929583162638891
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                    MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                    SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                    SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                    SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.486216847635323
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:GsBR+BuCV7a5tNxtUEP3F7fXO9ryuAccwrdHrFd9CxtX9DvYT8Jn:GsWZhaRxWEP3FLXO9ryuAeRLVCxvC8
                                                                                                                                                                    MD5:AE7666FE283C239A4A5C2E3A570522E1
                                                                                                                                                                    SHA1:9712599CDD9D064D921E4EC09CF9338FB7707B22
                                                                                                                                                                    SHA-256:3EC673D0C5C8F9294199FCB464CE6FBF0EBAE8274342524F0B21A9E02191B66F
                                                                                                                                                                    SHA-512:74C93E3B894BAEF3E707B5A1DB9184C69C2D2F52B64ABABE268D1FCC95ABA6E861F84337691D56016E8FB3C82E5B81DF61E3C5EB220A319ED21A388A0E65E7BF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ............u.......9.F....u.......9.F.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............X.QoJ..5.e-.:5$....N...^...............~.\.'.O.._FN.J.........Z................................... ....I.qk..B.....LZ.............X.QoJ..5.e-.:5$.........X.QoJ..5.e-.:5$........................................................................j.......T%c..............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2268
                                                                                                                                                                    Entropy (8bit):7.384274251000273
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                    MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                    SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                    SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                    SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):784
                                                                                                                                                                    Entropy (8bit):6.962539208465222
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                    MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                    SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                    SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                    SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.741499649342137
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:1s1ymg+9VkBuspWEVPXP9oWhRQ5mIlje:1s1W+kNdVPXP9oWhRCVj
                                                                                                                                                                    MD5:3B3F27B1EDFC578B753658350B14841F
                                                                                                                                                                    SHA1:8D93306C580548598F32F8B282D279D64FCBD3C7
                                                                                                                                                                    SHA-256:B8A30A77F07D5AFDFB53BC93B60FAD7DEE3FE3C1FF39A2F04DBD0AA2247DC025
                                                                                                                                                                    SHA-512:044718C00662C8D8B35821A1520DDDD79B9EE91AFA36D65F6AF207AB96389E97D6C739E3927EBE44CF7A84FD67E0C4A69B6CA7E0EE952E8DE838498CB4B9811A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ/.+...../.+.K...5w.|..BX/.+.K...5w.|..BX/.+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............x.]..'.n6.1I....N...^...................*.7I..SI...............................................^....I.qk..B.....LZ.............x.]..'.n6.1I.........x.]..'.n6.1I........./.+...../.+...../.+........................................./.+j..../.+T.l../.+...../.+..Q../.+..Q../.+..>../.+...../.+ .3...................;........4...4...4.."............../.+./.+./.+..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........./.+...../.+....#/.+............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3009
                                                                                                                                                                    Entropy (8bit):7.493528353751471
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                    MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                    SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                    SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                    SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2266
                                                                                                                                                                    Entropy (8bit):5.563021222358941
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                    MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                    SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                    SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                    SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.357516738627187
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu2sVBPX1nKmKtKLEgdMWXT1zW9eDoRrdQqrCBFvBXxNpgA5:YJsrlKmKqEnWXxW9eDARQygV
                                                                                                                                                                    MD5:90093FC670A8D636F47DCBD118007853
                                                                                                                                                                    SHA1:2F7C4D8CD265F93C2243C1046C934BF850E057D2
                                                                                                                                                                    SHA-256:43162BA687C89FAB55D39E2D664F775E5403FD3199F24053C9DFD1BFB43D5C15
                                                                                                                                                                    SHA-512:A101AC083CBF0B5288AA1B5CB053738756198436CD94D9319FADBEB7E8548C2F8F08C614B00B5EF1002B6B80C59EA280255538595D98A965B31D20E2B1A37A47
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.q.......q.jD..."..GM....q.jD..."..GM....q...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............2E._......}.....N...^................[..F..D..Z.6..P........f........................................I.qk..B.....LZ..............2E._......}...........2E._......}...........q.......q.......q...........................................q.j.....q.T.]...q.......q..B...q.H.....q...B...q...>.).q...J...................;........4...4...4.."...............q...q...q...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........q.......q.....#.q.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):99293
                                                                                                                                                                    Entropy (8bit):7.9690121496708555
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                    MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                    SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                    SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                    SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.37368650950026
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu4dpXsXfakQx65g2stfilxEVpygkIX1vGkI9+/oprdQqr2rBXnIsH8oB:YJDXsi5k/sOEPTX09+/QRQyoGUh
                                                                                                                                                                    MD5:A157447A0014C935474E67F48D57692A
                                                                                                                                                                    SHA1:7F69DEE0240689B870554B1C0261B1B61EB6E687
                                                                                                                                                                    SHA-256:0A277DDC778401D5328240E6921135B42160E3C538B4031B4691B38708F06B90
                                                                                                                                                                    SHA-512:7C2CBB0FE6AAD282F51A3512D617E96FA1B3B4FBAFFED2B39146010ED073ADE57BDEAF4C72FCC6CD0BF05E94AE670A486DE2E8CCC6A6B5C1DC708748D3549A72
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........Q6...;$l.)..*...Q6...;$l.)..*.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................C..^./{6.(8......N...^.................FR.OD...=...#........f........................................I.qk..B.....LZ...............C..^./{6.(8.............C..^./{6.(8..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2898
                                                                                                                                                                    Entropy (8bit):7.551512280854713
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                    MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                    SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                    SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                    SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.336928442001352
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:PfysVvykaEShMXnrt9MmMRQyRz1HM6Lg:PfysNyITXx9/MRJRJz
                                                                                                                                                                    MD5:36414FF67392344CCC64517F21561ABB
                                                                                                                                                                    SHA1:C213ED14D5A5F7B489C789C55F7325C98BABEE61
                                                                                                                                                                    SHA-256:29353355DB9BBFC671C8D03CE543E2A841B666AB2F5A29F1D78F8FB373264CA8
                                                                                                                                                                    SHA-512:274EDB893EC4AE56B221EB8B8382838BD065713AF6A471D840E7DC9061B727A9B5751507A212E1B89485D1B21DB2F10858C2C99817BF5FB1128FDECFF89FAE15
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.[.......[......#.r{.f..[......#.r{.f..[...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Y.....S.g.......N...^..................B,]rO.'.F...........f........................................I.qk..B.....LZ...............Y.....S.g..............Y.....S.g.............[.......[.......[...........................................[.j.....[.T.]...[.......[...B...[.H.....[...B...[...>.).[...J...................;........4...4...4.."...............[...[...[...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........[.......[.....#.[.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):29187
                                                                                                                                                                    Entropy (8bit):7.971308326749753
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                    MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                    SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                    SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                    SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.346631452860475
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:DL41ssbh9amy1+tWJEYYOt72NX1+92folrdQqrsVBXJU9zPf1:4s1h1+kEYY6mX1+9Q0RQyYWX
                                                                                                                                                                    MD5:9F4066587A70406EEA89328118A593AC
                                                                                                                                                                    SHA1:98B0D9C2C1E9B4C683A4EC2ACC014DBE6C19369A
                                                                                                                                                                    SHA-256:9DCC6FD99F39EE171343C8084EC9FA24521C7858C35EA650E273F225556C3278
                                                                                                                                                                    SHA-512:70256AF882EB818D4C750C858D45B8B2B901660209477B88401522DDE8C6F7D4133770ABE27631B0B1EFFE59E24FB8D272EAE18475C82847A055EC83AE195312
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.u.......u....&.<$.#..|.u....&.<$.#..|.u...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............%..#G.....Oy...6....N...^.................R.f.J....g.%.........f........................................I.qk..B.....LZ............%..#G.....Oy...6........%..#G.....Oy...6..........u.......u.......u...........................................u.j.....u.T.]...u.......u..B...u.H.....u...B...u...>.).u...J...................;........4...4...4.."...............u...u...u...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........u.......u.....#.u.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4819
                                                                                                                                                                    Entropy (8bit):7.874649683222419
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                    MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                    SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                    SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                    SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.356843353576967
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:usTFbiDS88+mt7PEnV59vpXvLp9WdoFrdQqru3E5UBXT7kHa4V:usEDS88+mpEVzvpXvLp92kRQyz5UZm
                                                                                                                                                                    MD5:6EE6B610F0DA9CD2C56E3B1F03F49316
                                                                                                                                                                    SHA1:BEB150FFA8745022F64FA5F416559167304AD5D0
                                                                                                                                                                    SHA-256:6A0BE094E307B6A4AA3D382B5DFF8E886B610DD9331913764AB00CC998283B1F
                                                                                                                                                                    SHA-512:024888DA3ACEA458F40149F1AF4D1AA260C6767C0AFAFF26B5F067741145161F5F6D495C727B9179FED3397C70B58E3505FE828E7C3B0A98FF18C04DC637408B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ_&x....._&x.KY..>4.a~L.._&x.KY..>4.a~L.._&x..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3...D.$T..21....N...^...............m2....(F..p;~..........f........................................I.qk..B.....LZ.............3...D.$T..21.........3...D.$T..21........._&x....._&x....._&x........................................._&xj...._&xT.].._&x....._&x..B.._&xH...._&x..B.._&x..>.)_&x..J...................;........4...4...4..".............._&x._&x._&x..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........._&x....._&x....#_&x............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1717
                                                                                                                                                                    Entropy (8bit):7.154087739587035
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                    MD5:943371B39CA847674998535110462220
                                                                                                                                                                    SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                    SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                    SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.308549188122126
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:us1CsgopS9EKd5xXSI99IRQyjJi/xDV0:usosgTaK1XSI99IRJVi/xD
                                                                                                                                                                    MD5:248154952B54B65B7AA1E769A7F29FB6
                                                                                                                                                                    SHA1:301FFBA2E58239CFEBD509E55D7CD145A14D2C83
                                                                                                                                                                    SHA-256:65A98B4BB18D79A173A8004DADA1E2B91B34A4E046EFD8BE3C3BCAE0484F581D
                                                                                                                                                                    SHA-512:0E9E0E405A33B29A9C0BFEEDACBF4BD59300718BC94AD6E070BFF26A808D12A92856BD73675C20C637D1D403A487A256CDC9F6169F6AE8F381D08D349159D5A1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............dx..7?4..2/.....dx..7?4..2/......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............@..lg...#q..b......N...^.................!....E.%.e.ey.........f........................................I.qk..B.....LZ.............@..lg...#q..b...........@..lg...#q..b..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3555
                                                                                                                                                                    Entropy (8bit):7.686253071499049
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                    MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                    SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                    SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                    SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.317369559616249
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Is+Ws7Q2T0tglDEl1XDeF9WloBrdQqrbwGxel2BXzE96ox:IsW82T0aEjXw9OQRQyEN20
                                                                                                                                                                    MD5:A32FBDFDB37DF7CC938B2A4C4CDBBB63
                                                                                                                                                                    SHA1:836F6061CCF78A0D578A510F99D9EF67F97EF6A5
                                                                                                                                                                    SHA-256:B86F3856B7B0F5FF614A438FB95E987E1B4C45921BE973E6697F7655175B093F
                                                                                                                                                                    SHA-512:C9A62BF389075B8DCBEF4FC552DB5B6DAFE6A77B65B55AB00AC4B5E524233F38DDE50E5223D3202BF920BD53C6D125A84ABEF03A9478BD0CF836B1EA32DAADC1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.a.......a..J\.......lD.a..J\.......lD.a...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............|..w..##..j.F.....N...^...............Z,...iE.D..b.4........f........................................I.qk..B.....LZ..............|..w..##..j.F...........|..w..##..j.F...........a.......a.......a...........................................a.j.....a.T.]...a.......a...B...a.H.....a...B...a...>.).a...J...................;........4...4...4.."...............a...a...a...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........a.......a.....#.a.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3428
                                                                                                                                                                    Entropy (8bit):7.766473352510893
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                    MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                    SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                    SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                    SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.34779154360075
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5mBsnKEaLKMtn6LoEXNrx7dXgz9FsdeogErdQqrlUIaBXo09ghcJ:5mBsnQKMhEXNrxpXc9FdERQySXWc
                                                                                                                                                                    MD5:3246649BC5618388A38AA31497DDBEBC
                                                                                                                                                                    SHA1:0F5BE20D5CFEC88D50C12AD12CAAD2615511BE2C
                                                                                                                                                                    SHA-256:EC3933D9EEFE15B41A567A44D10AEF36A9EEC74414DB751CFDBD1CFE1233E1C5
                                                                                                                                                                    SHA-512:4F127D1C9BDEA666E8CE546ED4280835CA99CD5B62A8C0D355ACE0B9BF49C74497A90102DEC1B5C0491765DD1F51FA246433F729F3DFDE3732CBA68B0BD7069E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..k.......k!-|`.!.....9..k!-|`.!.....9..k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................0........N...^................N..?.uE....@V.........f........................................I.qk..B.....LZ......................0......................0...............k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........k.......k....#..k............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65589
                                                                                                                                                                    Entropy (8bit):7.960181939300061
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                    MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                    SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                    SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                    SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344804100228283
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:dQshQZgv7P5Emd4Xl9GARQyVqduZoSEACm:dQshQZQ7+mCXl9GARJVqduZoSEAC
                                                                                                                                                                    MD5:3335A1AD2E880E4DF4103D5C82B3E4BD
                                                                                                                                                                    SHA1:1E43668908E3CCDA25CAF08B5E13FCCFB2FEE553
                                                                                                                                                                    SHA-256:31C42A2C647E245BDB302B21557B0475035800CF01848A802CF1135CD45374CF
                                                                                                                                                                    SHA-512:87DBCC748C4DD2A529B2E1817554B277601EDB86B4F36E5E93CE6E8613B011DE566E89A60862FCB80575C51FE04E83EB63BF1E021F703CB7FB0C7D972F99F52A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~.....................................?3..>vE......I.......I.qk..B.....LZ...?3..>vE.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................$...K..W....N...^..................[ELA....i<^.........f........................................I.qk..B.....LZ....................$...K..W................$...K..W....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1873
                                                                                                                                                                    Entropy (8bit):7.534961703340853
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                    MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                    SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                    SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                    SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.464433240703984
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Hejs4gR6yUWEdcX1c9TIJRQ5fVo7cZ5oy23:Ws4g8yU6Xy9TuRCfVowZ5on3
                                                                                                                                                                    MD5:A9D10253E91B34290AE676843214F861
                                                                                                                                                                    SHA1:1F92B16EF79D8BCCD7F4E581ACF51B1B08BC531E
                                                                                                                                                                    SHA-256:CC32C7DAD2A7E0496813585F5FF67641FA192AFEEF992334669C311742324DCA
                                                                                                                                                                    SHA-512:D230D4F145AD66B5483E2CD0B2C47C524333B958BAF205FC1EB17185FD5CA2818DD1F21E7E0B01EBA9CE30DCEC79A9C4F86671D1F6FE85EEF75CC0CC1163A2E8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ..........C/K.!...K..|...C/K.!...K..|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:...>...3Tz.r.....N...^..................^..O.9.n............Z........................................I.qk..B.....LZ.............:...>...3Tz.r..........:...>...3Tz.r.....................................................................j......T$c.............G......H......>........... .3...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5465
                                                                                                                                                                    Entropy (8bit):7.79401348966645
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                    MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                    SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                    SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                    SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3361
                                                                                                                                                                    Entropy (8bit):7.619405839796034
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                    MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                    SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                    SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                    SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.338776747258325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Ks1ciLYRgLdtK66Usm/ED5oCpXcw9uzoRrdQqrPCGh8+BXHhfW0tDlp:KsggLdQKE2WXJ9uzARQyPCG++vRDl
                                                                                                                                                                    MD5:272D5DCB4ECFC10F30B04BADEB573A3C
                                                                                                                                                                    SHA1:BB3E9F3503604959EA653A3B66E8A504A795AB8D
                                                                                                                                                                    SHA-256:493181A1473A0D9B013BFD1A6E0FADCC04CE2DC75C0A9F839378659660C0F430
                                                                                                                                                                    SHA-512:B5D96160482DE9A6793195217F198D63F54C9DFE78C9B15AA4BDC356C0AAB4F23326619219D3311F6F7316CA9124E7224A660F5F959CE32F44EC402D3E89E8D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..C.......C..6{."._..1..C..6{."._..1..C..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............mp..;M.$....z0.....N...^...............X....R.I..x..-3.........f........................................I.qk..B.....LZ.............mp..;M.$....z0..........mp..;M.$....z0............C.......C.......C...........................................Cj......CT.]....C.......C..B....CH......C..B....C..>.)..C..J...................;........4...4...4.."................C...C...C..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........C.......C....#..C............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):140755
                                                                                                                                                                    Entropy (8bit):7.9013245181576695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                    MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                    SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                    SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                    SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.365943170174532
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yumss1c5FikEInlN7t71ZOxEuVLmRXv89SuooysrdQqrzwJYkBXx9YZ+GG:YpsL4ClN7h1ZyEuVCXk9Suo8RQyfkf
                                                                                                                                                                    MD5:BDAC92271AB9301470C949BEB6B44EEB
                                                                                                                                                                    SHA1:A6C00F91C23E0EB92632B3D56723762488E3E9A1
                                                                                                                                                                    SHA-256:9C31BD8CAFC86DB3137F68BBCC85FE72914108E9C378FE69C56318E53D5F8079
                                                                                                                                                                    SHA-512:EB43918A8CD6286D465A5BA60BB224FFC7446B50E61CFFB2A78D44ACB6D940711679D4AD64C352F861FC0D5450668B21DF0CED64419D7FFF7C6B3273C85CC577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..T.......Tr..L.!.^...+..Tr..L.!.^...+..T..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............\M...r..`....-8....N...^...............{...W.D..{............f........................................I.qk..B.....LZ.............\M...r..`....-8.........\M...r..`....-8...........T.......T.......T...........................................Tj......TT.]....T.......T..B....TH......T..B....T..>.)..T..J...................;........4...4...4.."................T...T...T..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........T.......T....#..T............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129887
                                                                                                                                                                    Entropy (8bit):7.8877849553452695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                    MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                    SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                    SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                    SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.349998409272559
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuaVshdcig7EEbtgTXEr7LnXwF9o9pJoVrdQqrbieBXrlXGcp:Y3Vs7Dg7TbODEr7bXwF9epJkRQyeeOc
                                                                                                                                                                    MD5:268C4A7767ECAC0F6D56E08ACCFAA849
                                                                                                                                                                    SHA1:0FBE4D0DC21C0E552D339F086C3D655BFE218494
                                                                                                                                                                    SHA-256:F300B0795B5CE68CE9A487F10E18D12C3EB43D0D411935B60FA437F93D01E639
                                                                                                                                                                    SHA-512:CD26DA5CF7C77A7BF7599845D3A7942382576FAAE58DA7E5F460D7315CADDC6663EC162385469B3A51130DDB27D1C7590EDF9FA2EBDE9D3A195E1B26226F1371
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZb&I.....b&I.s.=...<..yb&I.s.=...<..yb&I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|..rDmW......2.....N...^...............M.3P..@.f.f.V.........f........................................I.qk..B.....LZ............|..rDmW......2.........|..rDmW......2..........b&I.....b&I.....b&I.........................................b&Ij....b&IT.]..b&I.....b&I..B..b&IH....b&I..B..b&I..>.)b&I..J...................;........4...4...4.."..............b&I.b&I.b&I..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........b&I.....b&I....#b&I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84941
                                                                                                                                                                    Entropy (8bit):7.966881945560921
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                    MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                    SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                    SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                    SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327824874825786
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu1cbcpesEvtFvgpt8r+fEe+hTXU9CUolrdQqrjxEccBXSZbVN:YQiXscgpnfEPxXU9CUkRQyFEly
                                                                                                                                                                    MD5:704ECCE9690E16FD190313A39A85E001
                                                                                                                                                                    SHA1:6D81AFB18EBACB30A09D751C88FD4B5A4B13893E
                                                                                                                                                                    SHA-256:C69718F039E10B3C2DA0450268F2A5D2BDF07DCFC81B7490989016C6A32B018D
                                                                                                                                                                    SHA-512:F80228840EB7642B8ECE3B054B18D953F6EB8A1EFA36C61D5BF68120130F0A34615C19F327BCE648C96D9C709C09FD366AD65753309FE9C4C4B3083E2BCCE05B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ................=.n"..\........=.n"..\.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............~.9.%..7>&.#.}+....N...^.................c8:E.A."...\t.........f........................................I.qk..B.....LZ............~.9.%..7>&.#.}+........~.9.%..7>&.#.}+........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1569
                                                                                                                                                                    Entropy (8bit):7.583832946136897
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                    MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                    SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                    SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                    SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.329641296414055
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:4sbzwwRWcAykEplEXQ79qUoRQyMS4bTwHHNTq0bOxW:4sbMwMczplEXo9qUoRJMzwnNT
                                                                                                                                                                    MD5:B7670C1C431636CDF412211E3FE0F345
                                                                                                                                                                    SHA1:0B685C2F49039A9122E0D58B516F957FD1D9815D
                                                                                                                                                                    SHA-256:EC5A663FF13EAEB7A936492ACF8FDDAD7A881F7FBD7C1AF822899C518BC603F4
                                                                                                                                                                    SHA-512:C6D413AAE040B831258EC7C124776D4D80CB19C97973818F430A3ADDBEE29AFF03FC6762F7A2FBA575D93622F05A43523280F21B639E7591558D1F6008AFF0B6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZDy......Dy.v.n..S3-c...Dy.v.n..S3-c...Dy...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............T...c...>..v.3......N...^................p.....M.Id.J..........f........................................I.qk..B.....LZ............T...c...>..v.3..........T...c...>..v.3...........Dy......Dy......Dy..........................................Dy.j....Dy.T.]..Dy......Dy..B..Dy.H....Dy...B..Dy...>.)Dy...J...................;........4...4...4.."..............Dy..Dy..Dy...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........Dy......Dy.....#Dy.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40035
                                                                                                                                                                    Entropy (8bit):7.360144465307449
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                    MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                    SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                    SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                    SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.607142099692814
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xsSp40S09EtL9R1E3/L23IXII9ozlotrdQqrL6BXdYDd5d:xsd+9Ep1E3/xX59ozlsRQymAj
                                                                                                                                                                    MD5:ADE97B0517A7BD0ADA4C9D792058DAD3
                                                                                                                                                                    SHA1:B33C7C186782F412813694A2E28E81ABB174CE29
                                                                                                                                                                    SHA-256:A349F5A667E5CD8F01CB925AD38111DD9F5DACF52510956E55AC749981F95A05
                                                                                                                                                                    SHA-512:E43F8610A021D95CFC3D9ED3C84AF16B06F80A2FA016DEDBD3F63FC3AE88CD2C095BB04E11ACED85BA84D92F69965C231A68103FA28A6930CAB9FE635003D037
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v...~...................................................................................................................................2...>...f.......v............................................~..e......I.......I.qk..B.....LZ.....~..e..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............h]r.%...........N...^................N.:...E.Rz.8..........f...................................:....I.qk..B.....LZ..............h]r.%.................h]r.%...............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):242903
                                                                                                                                                                    Entropy (8bit):7.944495275553473
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                    MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                    SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                    SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                    SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.309143139623511
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuwoesVjKu6ie2cktby+EXMRLrXoB9OIoblrdQqrvV2BXO1Cux:Yj9sMuJpckh5EXMRHXoB9OIwRQygC
                                                                                                                                                                    MD5:ABD31199D3ADEC5974CE11F711357FA3
                                                                                                                                                                    SHA1:0823ADE8CF392182D255A7DF9A1AA2FA02597501
                                                                                                                                                                    SHA-256:9ADB16942EABE7A0E902454369E42C57E31B80F103370BEF749F1DE8AA160243
                                                                                                                                                                    SHA-512:C21C56B75491CC62E5E50A971FB895DAD0DC23A2D13E26186A0AF346835333983721E64DBC750C7BD166927B14AF4E8D9FDBD972F535F12973D48BDA83CDF8F5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x.......................................e.8...@.f...I.......I.qk..B.....LZ....e.8...@.f.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............3..W.H..%x4tD%.n....N...^..................86].@...............f........................................I.qk..B.....LZ............3..W.H..%x4tD%.n........3..W.H..%x4tD%.n........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):70028
                                                                                                                                                                    Entropy (8bit):7.742089280742944
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                    MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                    SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                    SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                    SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.352524411915079
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:2sJU0HxzKmwY8zdE5VpXr9C9wRQySz0Hx9sl9Vv:2stZKmlU6XpXr9C9wRJSgi
                                                                                                                                                                    MD5:42469BE86D3291DFF42C37C46049E28D
                                                                                                                                                                    SHA1:98848CE9A84A7EDD27BF918F8CA5D6DC38FB6B1A
                                                                                                                                                                    SHA-256:02BD8D1BDD9A491657CD715DF9FCDC3477EBE5116727D001DEF0497F54298A63
                                                                                                                                                                    SHA-512:175EDD25C1AEF2B2A6AEF21F45B6E69E86E3F4BDBBE73A6A6EACE60BC852D8DE61A6B4C4BCE24A6FA2C60243F118FCD5503D4AD9DA70B5B8ADAACA41D7F589A3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.,.......,..@.,. .7.8....,..@.,. .7.8....,...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............byz.K....qH..F.....N...^................x..#.K.j.=...........f........................................I.qk..B.....LZ.............byz.K....qH..F..........byz.K....qH..F...........,.......,.......,...........................................,.j.....,.T.]...,.......,...B...,.H.....,...B...,...>.).,...J...................;........4...4...4.."...............,...,...,...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........,.......,.....#.,.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.345719350019819
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:h4saadmAtdEv5dSMta+tZJQEr0AX+Q9eYoqKrdQqrDxzM1DBXWgcGd0dioPWIEC:h4sUv5dSMtjyEFX+Q9eYYRQygDl4H
                                                                                                                                                                    MD5:6128F29B46A1BDE4B52EC14F2E5C2C74
                                                                                                                                                                    SHA1:19EEB1000902D06B2B9D5F5EDB76CA2A72EDBAAC
                                                                                                                                                                    SHA-256:BB75404842E6A18F4B186569229CAE09E46B04DE2D83016EBF9EF3087E9E4CB6
                                                                                                                                                                    SHA-512:923BAD07709709FB246DA0428AA22A96E0280DFD4984290778B845D199A1F3379BADFFF2935C2B9C311C21D92E988A129A14A1DF2C4136C3D0F440ADA1BC185A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..&.......&.w %.=DN.......&.w %.=DN.......&..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............yf.../R.,..T.>.....N...^....................@D.VAJO...........f........................................I.qk..B.....LZ............yf.../R.,..T.>.........yf.../R.,..T.>............&.......&.......&...........................................&j......&T.]....&.......&..B....&H......&..B....&..>.)..&..J...................;........4...4...4.."................&...&...&..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........&.......&....#..&............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):47294
                                                                                                                                                                    Entropy (8bit):7.497888607667405
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                    MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                    SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                    SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                    SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.485483028944822
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Qsdk3ovnwmVHYtNcEwLkFLNXRFu9AtOorBrdQqrL4mMBXcGkFP1J:Qs3wC4MEw0XRFu9AtO2BRQyfMU
                                                                                                                                                                    MD5:462EEAEA5665884FEE6E6824F95B33A8
                                                                                                                                                                    SHA1:49A1CBC721AEE23AB7EF2762BDD9ED89EE8FD886
                                                                                                                                                                    SHA-256:DB5C8191C74E8768B0E569202AAB667422F116CBD14259356611CF02974798CA
                                                                                                                                                                    SHA-512:3B690CB557CF752EC79A0BFF6184306E912C1107B4E137FFBE3E033EA9A00092F56887045EC08808DBCA623B7C2BA7F339154ACC21B6483183C991C58756485C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ!.......!..f..../ab..O.x!..f..../ab..O.x!....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............GO(...i.-.X...v.....N...^................5.P6.IN....P..........f........................................I.qk..B.....LZ............GO(...i.-.X...v.........GO(...i.-.X...v..........!.......!.......!...........................................!..j....!..T.]..!.......!...B..!..H....!....B..!....>.)!....J...................;........4...4...4.."..............!...!...!....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........!.......!......#!..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):347
                                                                                                                                                                    Entropy (8bit):6.85024426015615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                    MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                    SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                    SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                    SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.231197751935102
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:os1uiDUwfEVXU9Kip0RQy8lJCY8FCpRL:os1uiYwMVXU9KK0RJw
                                                                                                                                                                    MD5:F45D285BDDBE61F35F9D95E1D05E5B3D
                                                                                                                                                                    SHA1:A95D7859BF60EE94ECAEFA1D4954B6B2A015FB9B
                                                                                                                                                                    SHA-256:247BB5CD8C577253A1E18565BC11DB83AF5032FA1473709085124557C5DDCE81
                                                                                                                                                                    SHA-512:D4DB92928B4A9C85CC560C3E8FFC1DA701AAF7D4B9CB7C38E0ECAB6D9ACAEC07B6AB050B4E7B44C4697EAD8750D3C6352FDBDF121A5893D3903FE607F429D561
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........8..........s...8..........s.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............sa..ou......7g....N...^.................Pv.#|O.b..q;..........f........................................I.qk..B.....LZ............sa..ou......7g........sa..ou......7g........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):827
                                                                                                                                                                    Entropy (8bit):7.23139555596658
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                    MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                    SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                    SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                    SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.320469541241834
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:2s7NDZGj0vgn/EXn4KXngK9GgwRQysIClDWpeEfU:2s7NDZc0YsXnXXnP9GgwRJbClDWpeEf
                                                                                                                                                                    MD5:FE5A1F8B2DD536B65626AC3C002E5A67
                                                                                                                                                                    SHA1:FE3A80EBEC35E1DAF0DE03C4C810D18F97AEDBC1
                                                                                                                                                                    SHA-256:AED3593A3635924E0E299CFDA790D33631549292AD9267E5DD11683700766C13
                                                                                                                                                                    SHA-512:14651F909B94D54C8CB1349155F2B2618BC143DF5135761ADA561941E5C22A009C9755977E9A6E9AAE0596692987135609B7BFD3E4CDB307B44DD63DCBA501D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ........... }......k....... }......k.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............jb.D.t.1....G1u....N...^.................r.&..C...............f........................................I.qk..B.....LZ.............jb.D.t.1....G1u.........jb.D.t.1....G1u........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4410
                                                                                                                                                                    Entropy (8bit):7.857636973514526
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                    MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                    SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                    SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                    SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.330306804914361
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu2sDQ6Nz6+nyGtVyhgEZUncf0LSXHh9+23otrdQqrEeKNTBXwRf3JBFp:YhszQ+nyGf1EZnf0GXB9+KkRQyEB2L
                                                                                                                                                                    MD5:C7B71E3B7B9886475B9BFE769F881F09
                                                                                                                                                                    SHA1:560CB809A14A715391C9724E1D138B07677AA69F
                                                                                                                                                                    SHA-256:70F9C35AD0E641D52C7DD0B5862A16C6A6A2EFA86F4AB7B0019396C08E31F987
                                                                                                                                                                    SHA-512:8EC1F328A3B972CCE3F990CD6199AC894ED3F8F0C00A2137E872E64FC836F0EF284F856E53D5D16A8C671439A1C55152412AB472B016637518DB3E1B3B427909
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........a;...;..w..0J...a;...;..w..0J.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.v.f.....}..n......N...^................l_i.d.E..{...!........f........................................I.qk..B.....LZ............8.v.f.....}..n..........8.v.f.....}..n..........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):136726
                                                                                                                                                                    Entropy (8bit):7.973487854173386
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                    MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                    SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                    SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                    SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.333119899023718
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:qBsWo9R7Og5H6kttwEKHL35XD9muolrdQqrCEBX4t67+OqtKkhJ:qs+g5akIEKHlXD9muERQyPiJ
                                                                                                                                                                    MD5:3A412A9F0D2D74EF54041EAFC34DEAD5
                                                                                                                                                                    SHA1:A206493D10E496A834612116EF4D3C34E134AA74
                                                                                                                                                                    SHA-256:DD00A081DFB22E860FCCD84C30C6ACBF64FFB997C44D0B3BA081E0CC8C9C7B25
                                                                                                                                                                    SHA-512:3B9C03E334263F87310137DFD426D860F35F455505AB09842BA965D4B38392A8173081C1C5F06AFDC3B75AF842B2571E4251F0C9BFE8719F1DD04D790D1A30A6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZs.S.....s.S..k...&...7.2s.S..k...&...7.2s.S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............C...;..?......N...^..................cp..M......8........f........................................I.qk..B.....LZ..............C...;..?............C...;..?...........s.S.....s.S.....s.S.........................................s.Sj....s.ST.]..s.S.....s.S..B..s.SH....s.S..B..s.S..>.)s.S..J...................;........4...4...4.."..............s.S.s.S.s.S..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........s.S.....s.S....#s.S............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5136
                                                                                                                                                                    Entropy (8bit):7.622045262603241
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                    MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                    SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                    SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                    SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.341693806511469
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:zWQDsGsSXVXPm9UaatFIY/EBuKX+gK9a+W0olrdQqrecBX4A2UV+TOWgOlh:NDsMPmiaa/VE/X+P9a+BkRQyLNm
                                                                                                                                                                    MD5:39811E106EA814C9D4B6CE5FCE2A309E
                                                                                                                                                                    SHA1:8C80B0EF3454FEE23F6599472EB3B502D3BDA064
                                                                                                                                                                    SHA-256:2BEF7D93C19AF9CF1536132D82666C0BA4B7A0FDC32E01B32E2F3F0E32C61B2E
                                                                                                                                                                    SHA-512:057704D82681C59540A23B850B4CE2E3C0A026F2F2671F593B558D26E1AE90872EBF325B2B82632D8A5E4DE3B596E6D5AC2289ACD3AE32D9A924F159CD65739D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ...........q1....Z.3|..J...q1....Z.3|..J.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................F.l.#W..........N...^................-.....I.j.#[;..........f........................................I.qk..B.....LZ................F.l.#W..................F.l.#W..............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.435449486954982
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:A9CsUQTXE0UusEbJXbA09SLZRyFU+pKlvGC++sdBK8qz:JsDE0FJbJXM09SLZRyFUv
                                                                                                                                                                    MD5:4685BAE2FD3B9999E2E508E7C4B69204
                                                                                                                                                                    SHA1:7FE72476EF97E68BFB7FBE58382DC95C93DA5566
                                                                                                                                                                    SHA-256:114E619E5060DA1A6370543E07EFA0B905686FCB9631E5A6F89A7147D03C25FC
                                                                                                                                                                    SHA-512:E21C94C630A190158A0E89957C2D05D3EE399DA84D34CC93574C957B5567B898C94E208531FB259213FE9365B2FDB56978F53417F875F3C8269EB2056C4BDBD0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.Y.......Y......2..>....Y......2..>....Y...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............O....G..;.M^..f....N...^................A.i:..F..kit[.I........f........................................I.qk..B.....LZ.............O....G..;.M^..f.........O....G..;.M^..f..........Y.......Y.......Y...........................................Y.j.....Y.T.]...Y.......Y...B...Y.H.....Y...B...Y...>.).Y...J...................;........4...4...4.."...............Y...Y...Y...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........Y.......Y.....#.Y.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):79656
                                                                                                                                                                    Entropy (8bit):7.966459570826366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                    MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                    SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                    SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                    SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.432671833185752
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:S+QsXYVCX+MUEcWXMLDR97JERy21xOYaj:wsXYVCXXcWXMLDR97JERyKxOYa
                                                                                                                                                                    MD5:7E1CFB22BEFBC6BB9B56570133B7F78A
                                                                                                                                                                    SHA1:51363952B36A87758CD15D520B0C3F4F21035C60
                                                                                                                                                                    SHA-256:D229058F80DC75DFA11A3650B4F37B1DB7366AE9575CBBDF07D27A22BBF0B28E
                                                                                                                                                                    SHA-512:E486E46CE6A05AB948EEBFF2B960672CFE40427D3818EB91DA32A5223DD6FF5EF555E8256D99E94A40DE57BB3CF02C9CE36EE3B510377389CCCE2FDBC45BC168
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..4.......4.e. .4*.u..]..4.e. .4*.u..]..4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wX]..l..1$D..{.....N...^.................m....L.".n..>Q........f................................... ....I.qk..B.....LZ............wX]..l..1$D..{.........wX]..l..1$D..{............4.......4.......4...........................................4j......4T.]....4.......4..B....4H......4..B....4..>.)..4..J...................;........4...4...4.."................4...4...4..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........4.......4....#..4............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3284799323108345
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuSFs194N/u5QJ7+hSOt5OrTEf/+jXrZdOL9jcodrdqrHQRXmCpLbEGKKLB24L:YxsW/H+hSOjOnEX+jX/OL9jccRyw8Q
                                                                                                                                                                    MD5:7916303F09087CFEE9C88B8683F1D925
                                                                                                                                                                    SHA1:B00B40489EAE6B15199F6FE2D0ED5EBBCE4E0CCA
                                                                                                                                                                    SHA-256:5C063C84538486130BE6D531326715BB761FC0889C6BF2303D60F0B656F761F5
                                                                                                                                                                    SHA-512:A262653F9638BFE8EA74D51DBDCDE448A7F27CF74342CF0B3C9C889D9AEF412CE86F2AF07BA3112FD1DD00B6D770D58547F08197B4EF0FBE025C760AE97B89C3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..\.......\..... H.w.V...\..... H.w.V...\..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............]......X,...-....N...^...............$3H.:b.K.3...7..........f........................................I.qk..B.....LZ..............]......X,...-..........]......X,...-...........\.......\.......\...........................................\j......\T.]....\.......\..B....\H......\..B....\..>.)..\..J...................;........4...4...4.."................\...\...\..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........\.......\....#..\............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.42824347474296
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:5mBsn/YwrVZgEg3CmXpXA9jzScRySv3eXUY:5WsgwrVTg3CmXpXA9jzScRyi3
                                                                                                                                                                    MD5:F690B27F754546C9D7B70AF12807636D
                                                                                                                                                                    SHA1:E0482CFC88081249F422D66DD4FDD4838F137A79
                                                                                                                                                                    SHA-256:4392AEBAD33096CA3618AB31E9BBA1FE01B20018CBEB455ABC978203C0B7E85F
                                                                                                                                                                    SHA-512:089755672F6FA26EB54269DC3BE1782DBAE2420DF3CB70D2B5BA00A31088F75D414E94B73FF90EC604D9B56BAB1A0C790A61B5B1D5B7842E8DB43E6401F11E34
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ..k.......k|f......$8\....k|f......$8\....k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................2@..>....|c.....N...^...............]..F...E....Y=.........f...................................$....I.qk..B.....LZ................2@..>....|c.............2@..>....|c............k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........k.......k....#..k............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11043
                                                                                                                                                                    Entropy (8bit):7.96811228801767
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                    MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                    SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                    SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                    SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.339647753739301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:IsXupAZX/Put3+b/XEQLWX239D0o1rdqrfgcUxRXPaOSL9vBzYOSglVyA:IshV/PuG/EQyXI9D0URy5UxH03l
                                                                                                                                                                    MD5:50E827D56D2B1C5505DF1AB1210DDAF8
                                                                                                                                                                    SHA1:75C27DD4C81F4E6ABDF2DFCCA6814CF36C4FDA56
                                                                                                                                                                    SHA-256:2298B3BEC047E6A74A0D1C22752387043489CEDDECD0C078DE3AE5A308011824
                                                                                                                                                                    SHA-512:974640E7649539C924C1310B0941BCC9CC694B8428183459B3EEB54918C7CAC71EF6FBE303321022A2964FF9B4311E965B9CF5C3D5DE2C527C72DD5B3BAA964A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............h)..='.x........h)..='.x.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............c}V..'../..|.iG....N...^.................M....N.a8V...M........f........................................I.qk..B.....LZ.............c}V..'../..|.iG.........c}V..'../..|.iG........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                    Entropy (8bit):6.854433034679255
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                    MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                    SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                    SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                    SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.262150743442131
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:us/wSfiT371EjFzXqI9j8DNSRyKbiQSLfDNq8:usoTuxzXV9j4NSRyKbi
                                                                                                                                                                    MD5:ABBD728073B16E36B4C42770E943A634
                                                                                                                                                                    SHA1:05E568017A5061569679E2424F2CA082C07E2F91
                                                                                                                                                                    SHA-256:D49D8069F0DF0D9CFC7B77A9C3816C0ECE8443D4ECF9D91A1ABC4BBE7203D0A0
                                                                                                                                                                    SHA-512:AA0C469C0383C9DD715083FEBEA28AB94B2488A0E48B108FE427AB9E411C0DACB99D5C1627C8C045B5DB0858158E296A4A08F0CA17CC6E78E76551161E469061
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|...........................G.......G...L-..3....W..I.......I.qk..B.....LZG...L-..3....W.G....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e....M..,.........N...^................b...B.@|.c.o^........f........................................I.qk..B.....LZ............e....M..,.............e....M..,..............G.......G.......G...........................................G..j....G..T.]..G.......G....B..G..H....G....B..G....>.)G....J...................;........4...4...4.."..............G...G...G....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........G.......G......#G..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52912
                                                                                                                                                                    Entropy (8bit):7.679147474806877
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                    MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                    SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                    SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                    SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.337395862369932
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:GsDo+rPwVgEkyXf9HjgcRyu0ocKovo34oYocKooJo2o:Gs8+rYkyXf9DgcRyu3cBQ3zTcBZl
                                                                                                                                                                    MD5:24D193033189156A4E35A2262AFD3BD7
                                                                                                                                                                    SHA1:504248B9C90888084B80337E0B6442EB38DA64E1
                                                                                                                                                                    SHA-256:CA11278B24487D1D92D84852F1D053A22FA5B7AE10C13185DFD4439E36398911
                                                                                                                                                                    SHA-512:B48AF84999B48E9103E5BDD6AEEB4372165FCCCD6986F9A851F705DD734DCE2AA4FC27C31060593F7CB39B0C32CEE2FD3A158AB6FE67FC4A6190C461DEF4F654
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZo......o....S....>..}.o....S....>..}.o...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............=..:.%...E...`G....N...^...............w.....H..Ip.ky.........f........................................I.qk..B.....LZ............=..:.%...E...`G........=..:.%...E...`G.........o......o......o..........................................o.j....o.T.]..o......o..B..o.H....o...B..o...>.)o...J...................;........4...4...4.."..............o..o..o...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........o......o.....#o.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.508593859740421
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pYsXYRS8Xq2a9TwMt3jAehE5zpuXVp9/90oSsrdqr/BRXkCCNn8sWOfbuUxl:usGq2a9tJjbE5VuXj9/90XsRyp5e
                                                                                                                                                                    MD5:79AF23725176D74CF795F1E4F0F5E602
                                                                                                                                                                    SHA1:228A80599F584530CFFC1F27A7A1D51F05DBD4FA
                                                                                                                                                                    SHA-256:6E7541DA6662551C02A96EACC23F431A670291B0773FA0B5702B002B7B4BDBA3
                                                                                                                                                                    SHA-512:3A6FBE051FFD30B0EB964D00218AF73769FC92064C5C84A6F152E5FBB4C4F5E4D0C2736C826719824164AA018E76A1C7A69512CE4C824D6C06B858D2CEDF15D8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ%.t.....%.t..3.1..5.fC^%.t..3.1..5.fC^%.t..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................b...#....p....N...^..................`...K...Yqb.<........f..................................."....I.qk..B.....LZ.................b...#....p.............b...#....p.........%.t.....%.t.....%.t.........................................%.tj....%.tT.]..%.t.....%.t..B..%.tH....%.t..B..%.t..>.)%.t..J...................;........4...4...4.."..............%.t.%.t.%.t..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........%.t.....%.t....#%.t............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                    Entropy (8bit):7.231269197132181
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                    MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                    SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                    SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                    SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344082757377689
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:csdLGkAXaJRXE3ToXA9LC0ERyZwvkjFH/t6:cs8af0joXA9LC0ERyZwM
                                                                                                                                                                    MD5:705774C75D03850D4CB7AE8699FC84F5
                                                                                                                                                                    SHA1:E2C02664F2F2EDB2C1F0BA0A5496EBEAE1185B53
                                                                                                                                                                    SHA-256:5FC39D30B26A8E98619E604BA7615090CBB405B5F255CC6507BE161CB4892BF0
                                                                                                                                                                    SHA-512:2D5447676AD235317C759F8EFD052083DED3FE937C403ECF21B3BBE85982134E66D53DA40BA18C7F3DF8AD4C482189EF5CF4862AE47621134000DC546186854A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..<.......<e.F...H.Hy.Y...<e.F...H.Hy.Y...<..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............# .v......B........N...^................A.u6..C................f........................................I.qk..B.....LZ............# .v......B............# .v......B...............<.......<.......<...........................................<j......<T.]....<.......<..B....<H......<..B....<..>.)..<..J...................;........4...4...4.."................<...<...<..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........<.......<....#..<............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):34299
                                                                                                                                                                    Entropy (8bit):7.247541176493898
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                    MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                    SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                    SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                    SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.342684302183552
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:fc1s+PDlqtHVZEHSFLCXsI9HcxoHBrdqrSQRXF4GiVAoa/82:+sKlqREyF+XT9HiQRyPYB3q8
                                                                                                                                                                    MD5:44E1D9C11B989AEF1E6864E9B9577652
                                                                                                                                                                    SHA1:FB7BA073376C1C436DC733099CC01A4C9922C1BC
                                                                                                                                                                    SHA-256:99A3F57B066B049DD871F1555F6D87E64EF1812A8ACDEDB72551127E0EFAE935
                                                                                                                                                                    SHA-512:E322E53B0E5D9633DFF935CC39B4936B9B280D73CF4AFC48CD9395863E359794C980E15B5B5E896D7DFB6E60E2010823B9E56899E5E7B0A154FC6F23D4E2325F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ-,......-,.N.{..>..,.G.-,.N.{..>..,.G.-,...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................J....6.F.>......N...^................u].J=.L....r.[.........f........................................I.qk..B.....LZ...............J....6.F.>.............J....6.F.>...........-,......-,......-,..........................................-,.j....-,.T.]..-,......-,..B..-,.H....-,...B..-,...>.)-,...J...................;........4...4...4.."..............-,..-,..-,...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........-,......-,.....#-,.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):10056
                                                                                                                                                                    Entropy (8bit):7.956064700093514
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                    MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                    SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                    SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                    SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.360275503632467
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:SshcCcaclOYK3EfWXXF19/1kRyQ99AcaciKcVcVwacx:SsuOBUfWXXr9/1kRy2z
                                                                                                                                                                    MD5:2B2723872E7441E310F8007DA70A4EE1
                                                                                                                                                                    SHA1:EFB7C22B6A92FCA90C9B2CFEC01A10C656630872
                                                                                                                                                                    SHA-256:3999E1A796CA4A2D80660DAA7967D023D219A6D83A0241B048FBF6F097B7B3D9
                                                                                                                                                                    SHA-512:5696C9E782E3DCFFFDC6E909A0E911B434E3E4E1D250A7E77B8BB45ACF4C80EF543431025C4AA6D4A1B55DA59C1CC1A3464BF88AAC52336CF46C3233A10ADF40
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.j......j..`..(.L)_..".j..`..(.L)_..".j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............n{.k..).`U.AS.....N...^.................%...A..[............f........................................I.qk..B.....LZ..............n{.k..).`U.AS...........n{.k..).`U.AS...........j......j......j..........................................jj.....jT.]...j......j..B...jH.....j..B...j..>.).j..J...................;........4...4...4.."...............j..j..j..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........j......j....#.j............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84097
                                                                                                                                                                    Entropy (8bit):7.78862495530604
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                    MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                    SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                    SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                    SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.345295396738291
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:kUzsKw6XSHhrgWxtvlPcEMxyjXygzj9jJoESrdqrBv7RXkmBS88hrODr3ZS+zMe/:kUzsSWxPcEZjXy8j9jJMRyV77
                                                                                                                                                                    MD5:D06C251CE35AEA9358CD9CF4C6CFD2E9
                                                                                                                                                                    SHA1:B8C96F210ED8B40DAD2DC00D3D4EE0DF6FA07D54
                                                                                                                                                                    SHA-256:85738BE61C468E8FECF4DD0AA0E7AC28BD98ED1F4864F64E46741B6B23210E56
                                                                                                                                                                    SHA-512:E409578E4A54B637F84380AB21DB90535B76B5B0BCEB01D35C70E607EF6337362E9328A51F35948B46F21FEF280FC3181803B561648F2CD42D0D377205C646C2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ9.......9..(..[.......]9..(..[.......]9....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............(......."........N...^................ZJ.E<PC.)...C..........f........................................I.qk..B.....LZ.............(.......".............(.......".............9.......9.......9...........................................9..j....9..T.]..9.......9....B..9..H....9....B..9....>.)9....J...................;........4...4...4.."..............9...9...9....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........9.......9......#9..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):64118
                                                                                                                                                                    Entropy (8bit):7.742974333356952
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                    MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                    SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                    SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                    SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.332244479498462
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:ecD0sScDglCJOZFtmsImeEpFOXlOA9jToblrdqrvC9ciRXu9pBmMVMupjk89:ecD0sSVCJsF7IdE2XIA9jTwRyv1iW7
                                                                                                                                                                    MD5:8FCF9E228A5B49A15B681741CAF77B89
                                                                                                                                                                    SHA1:41BFC505BB5A643528B8F37A9754EB6205C5070C
                                                                                                                                                                    SHA-256:F323D129372FE27CC2B51A924E84ECE5E5998C55F481DE41BB658F0BE34DF081
                                                                                                                                                                    SHA-512:A44645EF01D893B0258B4A430A0BA2D72CF95087C011E94449FDFAD65AE9D3E22A97F488929987D5B6A59E6F30D01770804BA62C97D05BD0FBE1549F04C11504
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........v.......C.TA..v.......C.TA....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Q/mp(.;..Ae.!m....N...^...............f....'.H................f........................................I.qk..B.....LZ.............Q/mp(.;..Ae.!m.........Q/mp(.;..Ae.!m........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65998
                                                                                                                                                                    Entropy (8bit):7.671031449942883
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                    MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                    SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                    SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                    SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.2617129017330293
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:2sYVTytUHt65UlZ/r2+F+tUEF2oeGq3XzCW9rS0qNV7oYmrdnkrgWvqjdMURXGIk:2sSHNll0s+WEcsq3X2W9rzqPAR0Tqnw
                                                                                                                                                                    MD5:1E27C8BC7EC16DB725067ADAD91913F7
                                                                                                                                                                    SHA1:63208C321B23A6968AD3EB17B719CFE3FD8ECE9E
                                                                                                                                                                    SHA-256:34D136331527101B8FCCBFF527EE5350850AFD105A1A70D9021D83E4F535569D
                                                                                                                                                                    SHA-512:0BD64BA1109E964FAC9E7E4E455FB64D4D105507FE9A74239484A377B029D20BD6D435AE71204D5344ACC44E9DE77A149B3FEFC125A720D2B0709FBCCEDEA787
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ..3.......3./.....6DC.....3./.....6DC.....3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................J....%.E[......N...^...............m....-CO.j.~...........&...................................>....I.qk..B.....LZ...............J....%.E[.............J....%.E[.............3.......3.......3...........................................3j......3T.a....3.......3..D....3H......3..N....3..?.#..3..9...................;........4...4...4.."................3...3...3..z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4...........3.......3....#..3............................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.318022734866037
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:YRsJ8QuBTFxcpEyajXJ9TzDRboo34HWuTW1/AYl34HeKh:CsJfu5F6Wy6XJ9TzDRbZo2uTc/AY+
                                                                                                                                                                    MD5:4BCEAE84351909D2E197A016FA1883F8
                                                                                                                                                                    SHA1:A418E422E0B78B0B8856265D7BA583A0F24EA177
                                                                                                                                                                    SHA-256:34A87CDB8F69C1DBE34A60C84C33BE5972D094BDD5FBF2514894E935AD43DE08
                                                                                                                                                                    SHA-512:7ABEACFB18DF287CADAEC87364F6C6B28DBF9451FF257A1B418AB757F48FDF19D50FFE6E2F215027FA4D001641A251A7F992BB98D904AC2A4BBA21113C0692BE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x...........................K.......K..6....T-|-.&j.I.......I.qk..B.....LZK..6....T-|-.&jK....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............y.........F..]....N...^...............lG[..W.O...z...........f........................................I.qk..B.....LZ.............y.........F..].........y.........F..].........K.......K.......K...........................................K..j....K..T.]..K.......K....B..K..H....K....B..K....>.)K....J...................;........4...4...4.."..............K...K...K....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........K.......K......#K..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.426014223754907
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:9sFu/BsjwGEByVXE90EDwRbaZuTSqFOSoOSqcqX:9sFu/BscjBMXE90AwRbaZueqFxoxqLX
                                                                                                                                                                    MD5:13E3A7611579AF8680686F217FFAA6EB
                                                                                                                                                                    SHA1:AAF8991212F6C08179FA9CE145F5312FA209EECB
                                                                                                                                                                    SHA-256:1B77C1519140B514DEEECDE0855CFB81055429B86515526FA740590695A48320
                                                                                                                                                                    SHA-512:369E5011F80EAAEFD2EF01F0B0573E4200AA4434A9CE948BF8A41C4C1ACEDB6D0D25D010E5934F496E981752DF897DB219DE8E754EC9898B0C997A5E80CD9CCA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..................U...y..........U...y.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............sS.ox.*&.Q.. .....N...^..................u..eD.=.E.a.S........f........................................I.qk..B.....LZ.............sS.ox.*&.Q.. ..........sS.ox.*&.Q.. .........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.293410999125245
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu5141JsgNoRU3xF+tG7dEHGKkXkd99UJdb/j4Nrd3rU4xWIdX8SZLMilJ:Y0WLs/OhF+g5EmfX+99CdbQRbKIag
                                                                                                                                                                    MD5:3BCBF376E1112DA7C77D31044D014EE0
                                                                                                                                                                    SHA1:08FE15C151A6986FE2CCF627821057A545171690
                                                                                                                                                                    SHA-256:2FDD94F3A43CACC7E109C6A2CEF3C6425A6340986B0FB5951A38A9A1AF4ED116
                                                                                                                                                                    SHA-512:41B778441B0FDCC4696D8B16B4439620CF23DD24A37458207CFA37A58627202B70604F3A08D22C60BB2214C484329FCB40D02CCA2C70EFC944F8244FB51602FD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..!.......!t........U:A...!t........U:A...!..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............'..).....U.......N...^...................b)[C...U............f........................................I.qk..B.....LZ..............'..).....U.............'..).....U..............!.......!.......!...........................................!j......!T.]....!.......!..B....!H......!..B....!..>.)..!..J...................;........4...4...4.."................!...!...!..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4...........!.......!....#..!............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2033
                                                                                                                                                                    Entropy (8bit):6.8741208714657
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                    MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                    SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                    SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                    SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3615899570851715
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:x8WCs+W2e5QhtvJKEkJLtXt59Iij4lrd3rkx3GdX50BA0ZlJ:GWCsH5Qh1cE8pXT9IiwRb5Nql
                                                                                                                                                                    MD5:A0F512D7A179DD896F8291885BFFA794
                                                                                                                                                                    SHA1:03CABC019ED3B40FAD7E0EFDA1A6EE851D06B99A
                                                                                                                                                                    SHA-256:5E0A5AA98FCDDB4555F49348FAA66CE0045E7929BA8720E3F896492AC65C1B79
                                                                                                                                                                    SHA-512:F9014692831F4B0CB7A53B3B4DCF426CA3608A92EA3827170E4ABEE703000F6891671A0E0C9656DB03E8151492FF1E8D7FD7223616A5B98A1274F372B5607C87
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.......... e...\....... e...\........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............yR.6.......M/.....N...^.................$.F}#C.....s..........f........................................I.qk..B.....LZ.............yR.6.......M/..........yR.6.......M/.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.486362193023978
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:YZVsKIlX33sJEDKaE6XD9YkIRMdQzZfl+6g/:0sDnsma6XD9YkIRMSz
                                                                                                                                                                    MD5:45F653960CC3882B09EE1DB8D5298E05
                                                                                                                                                                    SHA1:7DE7568B5635578B6EB4D0719DFC53587ADD2A67
                                                                                                                                                                    SHA-256:73772A1125DFD0DD273EF9E652B07900AF5EF0068F83FCC6F021D5F2666F99E4
                                                                                                                                                                    SHA-512:F8CFEC7BD04F7423A6D7A160D15B6D074DCB03A0A91B27D7977EFA46CA69B523F7762E849F387D34DD1EB5E311E80B2A559D4C3389A1032A3338350F1372E2B2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZN.'.....N.'1>+...3..K.w.N.'1>+...3..K.w.N.'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............],....,2...3i"....N...^...............H_.|.f.F.t..~H..........f........................................I.qk..B.....LZ.............],....,2...3i".........],....,2...3i".........N.'.....N.'.....N.'.........................................N.'j....N.'T.]..N.'.....N.'..B..N.'H....N.'..B..N.'..>.)N.'..J...................;........4...4...4.."..............N.'.N.'.N.'..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........N.'.....N.'....#N.'............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.340843270082495
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:bsMd4DLLylVSJNt9tUEQ2IBXtcuB9caIPj4drdMrecNdXNhy4UaHywg:bsiIJT9WE6Xtcm9wPARM/NpSw
                                                                                                                                                                    MD5:D507BAD05D754C322FC7414C0F433EDD
                                                                                                                                                                    SHA1:48082D3D1DCC206482A00C11DC58C6551A5BD38E
                                                                                                                                                                    SHA-256:27866301CAD6E2DE2439AEB2C13C6DA15E7639FBB2D0E08E5054FD1EFDD98BF0
                                                                                                                                                                    SHA-512:49B831AC6F5D7B878922F6F3F9BA6C298CE3FA67C59309C11A2DDAF73E2C95C14319BE3128F4FA770E6C5DB410C211D072DED4D52F951CCD0AD809AD78593888
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.2......2?jH...Ozrl...2?jH...Ozrl...2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............>..`r.$..........N...^................7...t.@...YE..........H........................................I.qk..B.....LZ..............>..`r.$................>..`r.$................2......2......2..........................................2j.....2T.^...2......2..B...2..C...2..>...2..|...2 .3...................;........4...4...4.."...............2..2..2..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........2......2....#.2............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):33032
                                                                                                                                                                    Entropy (8bit):2.941351060644542
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                    MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                    SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                    SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                    SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12180
                                                                                                                                                                    Entropy (8bit):5.318266117301791
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                    MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                    SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                    SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                    SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.34124259494776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:y/BszjAkU7tofNZEPEczowLXrXFe9ssBp5FrdMrval2RQXpQ9wCB:y/BsoV7sEsAowPXM9skVRMvYOZ
                                                                                                                                                                    MD5:5DC255DAF23688175A74C501301DD41F
                                                                                                                                                                    SHA1:2D9AC9C3F47F18BB6F3AFCD55B8720B504959EEE
                                                                                                                                                                    SHA-256:FA24AC61B002D8E68FBC35B75A9D1FC964F64436CF508BF4A4D4C251C19C6D6F
                                                                                                                                                                    SHA-512:5AB6AE19E732513C47D0BF959D8D8D2675B8D008FE282A10AB99884B260753DDACA761396C98D83017B98EF5A73CD6A565AD48FDFE4F283C6D5EDEC9275114D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZo.......o..H.8...q..r.o..H.8...q..r.o....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................B&.."...........N...^................._N}x.B.oW...........f........................................I.qk..B.....LZ................B&.."...................B&.."................o.......o.......o...........................................o..j....o..T.]..o.......o....B..o..H....o....B..o....>.)o....J...................;........4...4...4.."..............o...o...o....z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........o.......o......#o..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2104
                                                                                                                                                                    Entropy (8bit):7.252780160030615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                    MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                    SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                    SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                    SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.35369482763946
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:as3Uo3bZfE22X19JCURMhCDbH1ibtSoK:asZ39M7X19JCURMhC
                                                                                                                                                                    MD5:D9CE81ABF57A74D4F73D7999B57D3588
                                                                                                                                                                    SHA1:468325A3F1F2EC07BB0F09E01A9BC10419F825C9
                                                                                                                                                                    SHA-256:0C1C6D9E518E31815B17A6E367DF7F34461AD5989712849CF5E57728EF78DE59
                                                                                                                                                                    SHA-512:B5E8F8BCBF466B3DABCC93A091571C98F3F9F27880F4D6F88AE8BE54AFF10B20E6C2AFB061947A55889D1EC453E31E40745D7247A6B004FDF4C18304B8E1B53B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.5.......5.wX3...".!4w2..5.wX3...".!4w2..5...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............U......l..i./....N...^................ .\Z.E...-.l~.........f........................................I.qk..B.....LZ..............U......l..i./..........U......l..i./..........5.......5.......5...........................................5.j.....5.T.]...5.......5...B...5.H.....5...B...5...>.).5...J...................;........4...4...4.."...............5...5...5...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........5.......5.....#.5.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.358903234583222
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Is5s+KievVyEQWXE9J6IRMkDsWvRK+93F+:Is6jvRQWXE9J6IRMk4Wv
                                                                                                                                                                    MD5:3D5E8CD61096746B4DDE73A332EA2CFF
                                                                                                                                                                    SHA1:596DB23222BEC676F47F4784F3A5B006394DFB40
                                                                                                                                                                    SHA-256:7D0D967B68A831505DC39FD1763BF994ABF28C7CAC83BE26C524869EC4F138FF
                                                                                                                                                                    SHA-512:B9DEF6F67D598BB71B6CE7872706176682EFEBCC670B76AFEAC41EEF488CD572BFA8B1C0246E6675DAA21140F000D0D6161BD7C851A5617B46BA7CA21D2D49DD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.jU......jU.....4..8..b.jU.....4..8..b.jU..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............1 E4....8.MD.......N...^................x.&K..I...r..Xk........f........................................I.qk..B.....LZ.............1 E4....8.MD............1 E4....8.MD.............jU......jU......jU..........................................jUj.....jUT.]...jU......jU..B...jUH.....jU..B...jU..>.).jU..J...................;........4...4...4.."...............jU..jU..jU..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........jU......jU....#.jU............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):36740
                                                                                                                                                                    Entropy (8bit):7.48266872907324
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                    MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                    SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                    SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                    SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.4543774617925695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5sYsDW6rlMtpXELLJNXLX92Ssfpy5rdMrrDgFXhxlkyE3wg:5sg6ruvEL3XLX92SOsRMrcDgw
                                                                                                                                                                    MD5:67510DDE92FA685E1C8B3FCFFE9716A4
                                                                                                                                                                    SHA1:F30CAD140A78AE4EE38C8F22FBDEBA26E35E3A56
                                                                                                                                                                    SHA-256:0897F7035F1BB337D7A25C717AE4F283BDED5B0FD2001C7FCBD3B9C6D11C246F
                                                                                                                                                                    SHA-512:63356677260DDD6E8326FE74D68B2AFEBE4B3DBDB986B18FD71F50B463B01581B35DD24943D339C1D5FFF75E5767B3E2CC96C1242D275AD19B6E257239F5B604
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I...2..1......m.I.......I.qk..B.....LZ.I...2..1......m.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................Q...P.r~5wS....N...^.................^...F..$> .1.........f........................................I.qk..B.....LZ.................Q...P.r~5wS.............Q...P.r~5wS..........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.304110985643156
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:/lJ6s/FtiBMxfGI6ntUo/4EXDJyyXRv8e9tsOpyuSrdMr5nZFX40KDBe0HCGzcSt:/lJ6sXfr6n4EXLXhj9t3oRM9ZtuoS
                                                                                                                                                                    MD5:D2DAAB4D79B9B9598A2302224297316D
                                                                                                                                                                    SHA1:E6AD12AF181AB209F1121F19C90AC51452339A73
                                                                                                                                                                    SHA-256:9C574122A197B2B224058B360B24CE8D1E5B3C2EBCFDA57FBD58566ECD1B0665
                                                                                                                                                                    SHA-512:AC9657DE06DB759ADFEF2F32D9A2B4848A5AC8199FC5A009AF715D572CC5C58D2DDF223DE44FF849B85F67E691D527AE535A61D02DFBE927C75511867F9390A8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..I.......I..........'.J..I..........'.J..I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............(b....c.4'$..i......N...^.................*>\v:I...u.V.0........f........................................I.qk..B.....LZ............(b....c.4'$..i..........(b....c.4'$..i.............I.......I.......I...........................................Ij......IT.]....I.......I..B....IH......I..B....I..>.)..I..J...................;........4...4...4.."................I...I...I..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........I.......I....#..I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60924
                                                                                                                                                                    Entropy (8bit):7.758472758205366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                    MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                    SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                    SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                    SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.367916489812563
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:OJs7tQ04zhY5ENtFw0gsxEJtbXAXeNGwB9tsKpyHlrdMrPwOlFXEU9yIrBV:Is2zW5ENEyEoXIB9tjmlRM4OlJ
                                                                                                                                                                    MD5:159FC211547D2EF0CF5FD2D65EC4B564
                                                                                                                                                                    SHA1:977193324CB47680E3FDC972F0031C7DD850355C
                                                                                                                                                                    SHA-256:DC4CC18B226F81D50B11A39895D6BAE52233E6080EC1FACAB90BBD06E11DDB30
                                                                                                                                                                    SHA-512:8471B3FCADF2A6A4687781E54E30A3122914101520D6977A9B0A314761E519FADB2F69BFA7F293DFFD3C3FF08BB62F0DD644DCA3CF245CBC42D26BC69E1ED261
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..'.......'.t...;..w.c..'.t...;..w.c..'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................&...,5...3......N...^.................K1_..N.R..}...........f........................................I.qk..B.....LZ...............&...,5...3.............&...,5...3.............'.......'.......'...........................................'j......'T.]....'.......'..B....'H......'..B....'..>.)..'..J...................;........4...4...4.."................'...'...'..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........'.......'....#..'............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):515
                                                                                                                                                                    Entropy (8bit):6.740133870626016
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                    MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                    SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                    SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                    SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3632614768606715
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:OW2sMuRcv7ZUStxxEEPA82PtXht399dsKpy9rdMrppr/VxFXsIUjwkg:OW2sxyZUSr2EPylXH99dTARMbjDyck
                                                                                                                                                                    MD5:96961442033E4409CE034100BD1D3F2B
                                                                                                                                                                    SHA1:4B4A00BBF272B583213872EC93680BB3F37601A1
                                                                                                                                                                    SHA-256:8F74E8B489770E5FEE1756653A1EA3C2681BBA60A402819947B20B75660C5A2B
                                                                                                                                                                    SHA-512:1F46472AAB72DBF85C461F6F9F32357F2C1FC6B1D7EFF010E230052FDE85472337D3723BC92CCFDA9E8228FE42D629D283AFC14830FD88D380696051D1FDB620
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZt.......t...B9H.$...v1K4t...B9H.$...v1K4t....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>9z....3...G&.d....N...^.................zXM..N....N.E........f........................................I.qk..B.....LZ............>9z....3...G&.d........>9z....3...G&.d.........t.......t.......t...........................................t..j....t..T.]..t.......t...B..t..H....t....B..t....>.)t....J...................;........4...4...4.."..............t...t...t....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........t.......t......#t..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1547
                                                                                                                                                                    Entropy (8bit):6.4194805172468286
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                    MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                    SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                    SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                    SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.332450249710907
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:TaNsJQTriotWcFLE05WjOXw2R9hUNpyZrdMrPYLFXLlItMlL:TaNsIrioN5EGXw2R9iNERMQLOM
                                                                                                                                                                    MD5:113E76E04C1CF9689CEE7343BCD34FBD
                                                                                                                                                                    SHA1:AACB2B3699F2A5EF83DFBE2D9C3B6A5FD0DD9BDA
                                                                                                                                                                    SHA-256:66D45482F4B946F12D6B7D71A10C3805C9ACD87A0784D3A8108B4CBD26AC67AD
                                                                                                                                                                    SHA-512:79B7F7992BFACC4863703DCC8993D7CA2CA8F27F0A5F4705FF8CB83156F4EEA522DB104D12DB0305CC7A62FF1AA0673DA803C773312E77462F170B195C235E90
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.@`......@`...)..U$ .R...@`...)..U$ .R...@`..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j......c..z.......N...^......................F..3%............f........................................I.qk..B.....LZ.............j......c..z............j......c..z.............@`......@`......@`..........................................@`j.....@`T.]...@`......@`..B...@`H.....@`..B...@`..>.).@`..J...................;........4...4...4.."...............@`..@`..@`..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........@`......@`....#.@`............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):95763
                                                                                                                                                                    Entropy (8bit):7.931689087616878
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                    MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                    SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                    SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                    SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.318318323063125
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:h8sl+t85Y9zIPtOW6EyLgpnXUfHm99UXOpyd/rdMrSDXFX2JqJWZ:aszCZIPWEy0ZXUvm9+eARMsX9W
                                                                                                                                                                    MD5:0F106007D24083CBA47936C6D322DF29
                                                                                                                                                                    SHA1:FCA5786419265D4EC070CD0170CAF23EC7F89D23
                                                                                                                                                                    SHA-256:B072BF5326C9F85CF35B02D404A83EDC5C7800C515FFA35D43AB35E414E82028
                                                                                                                                                                    SHA-512:3B2F5596E36E2F62351FCC5801DC7A0097463AFD9671E930BAB16C6144ED71F9812A9D377AFFCAAF9FDCBDAB754B6014EB4EA9CB26C123BFB228A99913FEC0BB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.zb......zb..q5...L...*.zb..q5...L...*.zb..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................$9..4.Ds..G....N...^...............r..7...N..K.C...........f........................................I.qk..B.....LZ................$9..4.Ds..G............$9..4.Ds..G..........zb......zb......zb..........................................zbj.....zbT.]...zb......zb..B...zbH.....zb..B...zb..>.).zb..J...................;........4...4...4.."...............zb..zb..zb..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........zb......zb....#.zb............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):67991
                                                                                                                                                                    Entropy (8bit):7.870481231782746
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                    MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                    SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                    SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                    SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.349483318353951
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Ysm6udl7fycytNEPEvlLH3XHA9BUP1pydrdMr7k/zFXGFXjw9uGPFx:YsgdJfycyTOEdjXHA9CP1QRM7EEE
                                                                                                                                                                    MD5:010CB144929340377B093F31E4E0F681
                                                                                                                                                                    SHA1:DDE500F308A9AAF2B584C9B5E909170676AB0696
                                                                                                                                                                    SHA-256:76C2DF21C2813F84A2F2629120F33874CD11873671592A05FCE123A58F9628A8
                                                                                                                                                                    SHA-512:219E263E7622B6D59A3E9D85F916662062DB529DAC1F91351DDFBA8D94A725F0C92B3997D7E4A5A12D06889B719709D9A4A52AC6CDD0D096ACB3E0064DE2F97C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.s.......s.......p.<F...s.......p.<F...s...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............L.4........#?..F....N...^....................L.A.W...........f........................................I.qk..B.....LZ............L.4........#?..F........L.4........#?..F..........s.......s.......s...........................................s.j.....s.T.]...s.......s...B...s.H.....s...B...s...>.).s...J...................;........4...4...4.."...............s...s...s...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........s.......s.....#.s.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3100453251466275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:tsX04pIV/nNKMREDvXmxK9G7URM4E69dtpaWjOwda9+XY9j:tskpV/nNGDvXz9AURMd69dtXa9gYh
                                                                                                                                                                    MD5:D7D8D4E002FAE6315F44E02542D76B72
                                                                                                                                                                    SHA1:03E778607F56F14C2A9F2E191D63F326F4DBB828
                                                                                                                                                                    SHA-256:6926786AD1A0098A9B790CBA3DAD93549FD0A58B49E293C924670C00980EDCD4
                                                                                                                                                                    SHA-512:CA9AC676C583467BD7618B4C9B3AA880C1F37E794CE50E4B2619398B30BBF0FAEBFBDD8F5638C729F0C1EBB00B0EA97DD0D1685214D91F66A076E9EF8D914F5C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZa.......a...._...Gd!..f.a...._...Gd!..f.a....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............w..Ma...V7X.z3z....N...^.................t...K."6#q...........f........................................I.qk..B.....LZ.............w..Ma...V7X.z3z.........w..Ma...V7X.z3z.........a.......a.......a...........................................a..j....a..T.]..a.......a....B..a..H....a....B..a....>.)a....J...................;........4...4...4.."..............a...a...a....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........a.......a......#a..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327188416723624
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:e1sscoQ+O+7t0EiEAkLEEjDXb/9tUipyrlrdMrEkK55FXKljrBbx1:e1sGQ+O+7aXEjxDXb/9ui6lRMEkG5Ud
                                                                                                                                                                    MD5:471EFBD6D947F90B54F745096B79A603
                                                                                                                                                                    SHA1:E0DB2FC3F5CA1D35D86E2ECAFAC054F5EBBE2481
                                                                                                                                                                    SHA-256:219C35F1B0D3F8C179308889D291D12B432A999DD960FEE6D56B7D7E49C7867D
                                                                                                                                                                    SHA-512:33ABC0621DB8CA5C2DDD81508CA31BD904D7ED6D3EBA7699434D7C680430857F03C8415F635F499FC1ED0767F1D2B97917A2622C32877692ED24BF286907817B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..].......].....$^.k...G..].....$^.k...G..]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................!......)n../....N...^..................:7..D.. ...k.........f........................................I.qk..B.....LZ...............!......)n../...........!......)n../...........].......].......]...........................................]j......]T.]....].......]..B....]H......]..B....]..>.)..]..J...................;........4...4...4.."................]...]...]..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........].......]....#..]............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):86187
                                                                                                                                                                    Entropy (8bit):7.951356272886186
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                    MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                    SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                    SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                    SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.692272147564914
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:J+smD7xcluQWPxEtU2JlX/Vi9mCYRMzcDnQvx2pBakGi0nOh66:4smD7xclulPOK+lX/Vi9BYRMzcDnQvxK
                                                                                                                                                                    MD5:E60B992182C41C9810F7CE5898E68021
                                                                                                                                                                    SHA1:3057EA470657A62B1AEB0A8B5338174067EAFFCF
                                                                                                                                                                    SHA-256:25A279454CD9F606D1AF1180973E07081D8421EB9178B9282AEA61122F2BD5B1
                                                                                                                                                                    SHA-512:FB40144C5033D91D065F51CE8B0D9A3132258BA8B25866AE989FDBD6969B4FE7EEEDD29315CF0230D5EE6BEED6056227FB04A639B88CAF3AF3F35A5F718D3668
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZA.......A.......7$....RA.......7$....RA....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................A..:...]!o.....N...^...................!N...dh.r.........f...................................H....I.qk..B.....LZ.................A..:...]!o..............A..:...]!o..........A.......A.......A...........................................A..j....A..T.]..A.......A....B..A..H....A....B..A....>.)A....J...................;........4...4...4.."..............A...A...A....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........A.......A......#A..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11197
                                                                                                                                                                    Entropy (8bit):7.975073010774664
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                    MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                    SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                    SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                    SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.319496181267312
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:6s+iSJIDyElTXT9ip8VsBRM+2Qv7TNuG7GZY:6s+iSJIjlTXT9Z8RMvQv7TNuG7QY
                                                                                                                                                                    MD5:FC6ADA7126C06DF56D03A935F023DCA1
                                                                                                                                                                    SHA1:EFC481AABF7D6D84A92E07491416C392AF66EF2A
                                                                                                                                                                    SHA-256:3F26587D0CC89F05747C51719651983A01F7913D28F4B1341672408CB43EF4A2
                                                                                                                                                                    SHA-512:F6A17467FC417A4A5B7A800D75459A1E725103B35D440A5A59C99E48EE801CC2A5F9057AD510BD1478A85178F6BF81A54540D5B5E4ECB1312C950938B7BD5A61
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZs.......s..r..j.6.0~.j?.s..r..j.6.0~.j?.s....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............xN.p...6...l..H....N...^.................M.XA.B.0..].,........f........................................I.qk..B.....LZ.............xN.p...6...l..H.........xN.p...6...l..H.........s.......s.......s...........................................s..j....s..T.]..s.......s....B..s..H....s....B..s....>.)s....J...................;........4...4...4.."..............s...s...s....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........s.......s......#s..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):19920
                                                                                                                                                                    Entropy (8bit):7.987696084459766
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                    MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                    SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                    SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                    SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.9181371423212665
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:hsT8vhNqWFwpE1XN0fAXoCq9tt6kRMHcsrh8UEp8m:hsovh4WF11XN04XM9tEkRM8srh8UE6
                                                                                                                                                                    MD5:82066E83A8D4C1A68293710FE3039B77
                                                                                                                                                                    SHA1:1E6E1B715E044691412CC255CA89166345B162BF
                                                                                                                                                                    SHA-256:1DCAF1CE162A0AC6061E4DB8034D6888C690385ED00DA7E8C0DF498332E59E9A
                                                                                                                                                                    SHA-512:6D24922B2E2B4EC59F9067BC3CDFA5C5B3C70B150493C303ED9C887840326940F4F1DB97F0C2FFAD98FC9BCD740534B37F0341EADF5649B97A30D4940C2A46B7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ..Z.......Z.Qz..3..0.S{}..Z.Qz..3..0.S{}..Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g.#......bL..S....N...^.....................K.....n.........f........................................I.qk..B.....LZ.............g.#......bL..S.........g.#......bL..S...........Z.......Z.......Z...........................................Zj......ZT.]....Z.......Z..B....ZH......Z..B....Z..>.)..Z..J...................;........4...4...4.."................Z...Z...Z..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........Z.......Z....#..Z............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):179460
                                                                                                                                                                    Entropy (8bit):7.979020171518325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                    MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                    SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                    SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                    SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3348997114498635
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:dNms5VmtFC5gtEuUE4ugLX7GDML9tsLupyVrdMrr1ktEFXEgsAUg:dNms0C5gSEkX99tD4RMxzzU
                                                                                                                                                                    MD5:302888E535058779FEFA26F6AC55B850
                                                                                                                                                                    SHA1:34190674E6C2FD8D6A009BBD84A70C6EC079AC9C
                                                                                                                                                                    SHA-256:8EED9C28EAD82B682819F54EEC984C2A03D7C8C27F4E43FB883B2741660F715B
                                                                                                                                                                    SHA-512:2FBBA20B0BD193ED8C2C336A0F0DCA0804BA6381420B6AB2ABA0E57E9D5BAE7D4210EAA4A98E461EFC1CFA6E3EC8329614CEBE7C793054248119B5FD65189CAD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.a.......a...,..6byt#.`.a...,..6byt#.`.a...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............~.._.............N...^................d2.1p.E.Y.W.U..........f........................................I.qk..B.....LZ..............~.._...................~.._...................a.......a.......a...........................................a.j.....a.T.]...a.......a..B...a.H.....a...B...a...>.).a...J...................;........4...4...4.."...............a...a...a...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........a.......a.....#.a.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):109698
                                                                                                                                                                    Entropy (8bit):7.954100577911302
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                    MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                    SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                    SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                    SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.339056441395682
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Gs4Q0wGhU6rDoEIXgXu9drIRMxVdR3wdqW1EU52Rshs:Gs4rwGhUYVIX4u9drIRMxV7wd71EU
                                                                                                                                                                    MD5:0677F692C005E397E3C2B2BD81A05EB8
                                                                                                                                                                    SHA1:2632E994F4B477E8D18FA7617716D3F8CE09EB7A
                                                                                                                                                                    SHA-256:06DC0D817ACF2B8378BB90CCAAA782858EEADA6BE913D6DD4B33F2FA02712385
                                                                                                                                                                    SHA-512:9A03164B949FDAD433E3C19FA9DD23024D777A2E45720854EC9445893338DE0E232132521EB42F9D1811702949F1B5877702EABE5C6D415E4D542EBECB7BD48D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.u.......u.......G.efcs..u.......G.efcs..u...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............H..b[.....e.NV.S....N...^...............eh..q..O...y.C.........f........................................I.qk..B.....LZ............H..b[.....e.NV.S........H..b[.....e.NV.S..........u.......u.......u...........................................u.j.....u.T.]...u.......u...B...u.H.....u...B...u...>.).u...J...................;........4...4...4.."...............u...u...u...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........u.......u.....#.u.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):2.5681517629668167
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:ZweTWl5PygdCoDlx1ovpljRlqxBlHoRl0y:bTkr+A
                                                                                                                                                                    MD5:C1E40A9716AC103AE3D9C332C590508E
                                                                                                                                                                    SHA1:3A51C42D2CEFE71C9D5B5160936260A1F28D8238
                                                                                                                                                                    SHA-256:AD43AF3D111BB2C366764A4EC0FD5CD753AFEF91FBA6A0B4E23C44FD1AF3604D
                                                                                                                                                                    SHA-512:69C7B2E1F326E78944075A06F7C49AAED116038B3D31CA9256FA81AD2B5A293A0465EDC09FA00E50586366AB49246A626F74046608432B8BD73167176CB3F715
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.........................................................................................................................................................................................................d.......d.n..5.9.`.g...?.......?..8"..+./......d.n..5.9.`.g...d...?..8"..+./....}.?..S.&0l2.M...(.>.S.&..........S.&.....S.&.................................................S.&..n..S.&`....S.&..1..S.&..A..S.&..Z..S.&..a..S.&..r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................?...c..,...................S.&..1... ..$....S.t.a.t.i.o.n.e.r.y.................?...c..,0............?...B....feR............?.......?..6...9.d...W.?.......?..8"..+./.....2...........T....................d...?..S.&...8...........................d...c..,...................S.&.S.&..1.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):3.353125008884108
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:6BF5xfsCpIvnWPL3Hy8joBoDbPUErl7GQ/S3aabSaS/tre43:S5VYvK1/Db8EEQ63
                                                                                                                                                                    MD5:1A12BCE84CF8319A7A102FACF06516F1
                                                                                                                                                                    SHA1:128A9C2871C88F3435BDE5E27F1660156D572436
                                                                                                                                                                    SHA-256:31A625CD9D6D8E01D391505DEF14B3EFF1EAE2339E6B9D3D2E6E9109402AC82C
                                                                                                                                                                    SHA-512:50B22D17EFD662E866AEAD6F2193CEE679B53CE941CE894ED5AE3BEC68B9842A88E80414C7B59FC4AF31E8D8AFA512F5D5BB47CD63A9EF3C5513093BD4EC95C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........0.......................................................?...............................................................................................h.......................................$l).....$l).....9.ZF......~.......~..90L..].&...t.9.....4=.R.%,~t.9.i.."N.D..$..o.R.i....i.........*.....i...........$l).....$l).................................................$l)..w..$l)X....$l)..4..$l).....$l)..$..X?{T(P....~T.9..E~.T&d................4..(.....x.(.....t.9.....t.9.....4=.R.%,~..~.......~..90L..].&...2...v...4.......................$l).t.9...~.E~.........................~......i...c..,0...e...B4.$........[.-...I.......9......................E~......E~.:..V@.)..+....i.......i.........*....E~.:..V@.)..+...E~..X?{.N..D.0NJ..giX?{...~..90L..].&..l..~.....>...............i.."N.D..$..o.R..i.........*.........................E~......t.9..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.900735299316878
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:CksZ8c0ZHwLS/XA0TgtcRzeDScjLqNFG72TB/9O4jtr7:uotFrRze7sh5
                                                                                                                                                                    MD5:F67444ECA5EB5D3DF44E01746161D43B
                                                                                                                                                                    SHA1:29323141715AB1E49A517A131654621F2C9D1829
                                                                                                                                                                    SHA-256:D5789625220DA421074AA1E4FA1F5E2A59C861591DD01B8AA1788FF8B7F9E689
                                                                                                                                                                    SHA-512:E529F884DEB07FDFC029A32E7E4C784E7BD3AB779E278AB0C068E99DEF539E2B1694F49196F6EE34628F1C842CCB1C72DC0BFA52C589019F00552FA6B498255C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ....;......+.:.(qq.|.....+.:.(qq.|.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............8.S...88...B.....N...^...................o.L.=.._...........h...L...............................D....I.qk..B.....LZ.............8.S...88...B.................................................................................................j.......T&n.....................H.........K.............$...........-...J.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(...#...8.....z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):4.081458970842574
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:lryLjDOEwhR/VsAxAQJClDFw/T446pQheyLY7TE7SXi6hOoA/RJhnSa4PgfF9YMJ:xyTAyw/Th+E7s2RJeCn6R
                                                                                                                                                                    MD5:5850FC70FFDFCBF74B4A9DB82DCBB829
                                                                                                                                                                    SHA1:8AD4121D70D8E2C3ABDC1C3DD5C7D1725C1E4981
                                                                                                                                                                    SHA-256:D8B4B76DB2D6E8AC954A001458C73A40F0663E71F6487DC01907D2ADCD501909
                                                                                                                                                                    SHA-512:630C86BEB66BD11035D61F55508D8CC1493D1D207F7D4BDAE5137A1F755FA66A103F50D0B38FFF7E36CA12D6B16AF5C3ED453AA97CC0F3B58B27F4C61C592711
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ.P..1....P../...2.....:.<...9&{.).5.c=.l<....P../...2.....:..P...I.qk..B.....LZ.I............P.......P.......P..........................................<..$....<.. ....<..$....<....)..<.. .....P. .N.&.P.....'.P...@.....'.P.2.P...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................P.:.P...P...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........<....z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.P.%.P...P...z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........P.*.....P.....%.P.#...'.P.&...9.P.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):3.243864595389437
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:XYtxVXewD35GHhQrW0YrnDrRJ2z/NUPtkxK:XYtxVXeQJGHhQrWdvrRIz/iPtk
                                                                                                                                                                    MD5:89AC093495AD8657EB27359B1191C632
                                                                                                                                                                    SHA1:FA2FF59AF5521AE56A010B5F45629EC71969C79B
                                                                                                                                                                    SHA-256:FCCE9C2D9C109C645A207AA993FA1D1D5FC45D814FFB5221CB39DAADFB0A71E7
                                                                                                                                                                    SHA-512:6B115E2E36F7273231EEADFB40AC7FD39FAEC656CE9F2D29D11C088F35CA479CD49D2031E1A3F064BF6EE9B49B01468FC21D4455460B58CCFD9EA2E41567472D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ.9..P....9.9C...F..8%..9.9C...F..8%..9...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............VhJ...A.;..........N...^...............,..LM..O.d..b.V.............................,..LM..O.d..b.V.........,..LM..O.d..b.V.........VhJ...A.;........................................9.......9.......9...........................................9.j.^...9.T'....9.......9.....9...-...9.......9.......9. .L.......9.3.9.I.9...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6..............9.3.9.9.9...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                    Entropy (8bit):2.174652332145903
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:bil9aaHtwaGHRtl:bGXHtwNxX
                                                                                                                                                                    MD5:2FD446F9355DB5EB59C83D2A263377B7
                                                                                                                                                                    SHA1:3C950EEEE222D1230717C0184D7AB8D5C107A3A4
                                                                                                                                                                    SHA-256:54143BCC08DA70BAF3E121F521AE1D4631D56B54C81F4F2A63ABD5EBFCFBFF03
                                                                                                                                                                    SHA-512:F1DD8463133FAAEEBCE84B4641FA583ECE486DFE7EA890F0529BA683AEC01F83832CF919BA24489E06254FD0CC22C35BC01A8404C3BA4CEBC75C81E941C9CEE8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...... :.......................................@........................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):0.04401584019170665
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:RRk//:Lk
                                                                                                                                                                    MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                    SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                    SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                    SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):0.49435191318762917
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:NTcUvBnHLcBBpAul/GwJBm1jBX1Mxlcw1EV5fKBX1M/lK:Vc8UAV+mEcQETfp0
                                                                                                                                                                    MD5:88C8E1EDE05F696A5454B7D9FEB35164
                                                                                                                                                                    SHA1:B57634DD795C9C45F4CE7F3BA7BE0271A12D1F2A
                                                                                                                                                                    SHA-256:8DB48C4AAA37F069C1F9420E7BDD8B0060F427B235CAA6AEF114BCB945DC8007
                                                                                                                                                                    SHA-512:69FD9F64FD075CC89C28AEA50DB1FC147586CCD9146FBBA81D4117E55C77E8DC2603D0390AF42A385BA9C92C3C6578C1D9EB05D126F94D009CFC3D8A3E2F7D2E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........~.......................................................................................................................................................................................[.e.....[.e....M....I.cp........................[.e....M....I.cp[.e..................................................[.e.........................................................[.eP..............................................................................5........m;.H....7.5N........7.P.............D&...M....`..'....N...^.............................................................................................................D&...M....`..'............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.859548322456929
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:c9qidq5v+OVHfxz3LPExyw0LaEsrBlkw0LJQNw7asECLeNi8hwEwLwzjul6u:g94NHfxjzExyLigL+NwasECGiFEwoA6
                                                                                                                                                                    MD5:9B1A6F36E1F59FFD37AB00DDCAF7717C
                                                                                                                                                                    SHA1:900F8F571240BAE292D4A99CB3B86AC238CF4A10
                                                                                                                                                                    SHA-256:6BE9B895E05FC6836D1095437881E2E94A7F46A61D202E2B7927CFDF9F28B5B7
                                                                                                                                                                    SHA-512:68DDED662698E690E3A960DDB48741FD93E10915141FBC3142A65D887C72A81EDD469562EBE8979022E8688844C154E6C8F7B2883EC30A1A4160B4D6AD8A3FD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:`... ...................................................................................................................................................`... ...........................................LK......LK.^.....`....N.v;......v;...g....j...........$m....T........2......Y.?.[....LK.^.....`....N.LK...........v;......v;..................................................k6......k6...n@..+.5...v;......v;...g....j...2...^...........................LK...k6..M:.:.R.m.[.....}.........k6T%p...M:T.N..:.RT&...m.[T$...}..T.:..v;...5..v;..."..v;...k......}.......LK...c..,0...e...B4.$..........C@RQ.H..B......Y.....................M:......M:...%B.y}W.,a............2......Y.?......-..?....#.....m.[Vb.V@.I?p.G..m.[..M:...%B.y}W.,a.M:.....>.......(..........2......Y.?.[m.[Vb.V@.I?p.G..M:...%B.y}W.,a.}.......}..|..4O.t#.*6{Gv;......v;...g....j.........k6..........c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):4.7563983328261
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:XsTalUMBQ8EMXgj7gcRiwcfkLmbgLtFM9oO0Eq:c4e8EOgj0cRix0tFQoO0E
                                                                                                                                                                    MD5:2C624E70AB815A29E8B6743FB5F2F8FD
                                                                                                                                                                    SHA1:D7A83E3CD5FF4FD4E2980D418D6EFD90F26797FA
                                                                                                                                                                    SHA-256:6EFBC3920B17E4CB73AFE4A5B6867987758466E869C726C25CCE9AF32C95B55E
                                                                                                                                                                    SHA-512:C72A7BE8501B7E627DAA322A65B15BC589B15358579036A848147869CAA087E180F37AC4900625CAAEE42CDAE442A25D478A0A9D85FF2520659FDD9F1D3C1E4E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ..a.4.....a.+...;.S....]..a.+...;.S....]..a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A...p....N.......N...^...............{j}.y%,M......i............>...............................$....I.qk..B.....LZ............A...p....N...........A...p....N..............a.......a.......a...........................................aj......aT%;....a.......a..W....aH......a..+....a..S....a..........Z4...........................................4../4......p...............C.a.l.i.b.r.i....................a:..ak..a..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.414832959313762
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:PsFy95+wVYlCcNj8LWcl8c/8gPNrKR1/GZmXxAPrRkjBeGKNOG+m9DkTGMq:EEBV1ct4WclHfPNI1/1xATRkjYGKjR1
                                                                                                                                                                    MD5:CEC57335C1C6B0A9F6FBA4B4646A7AEC
                                                                                                                                                                    SHA1:EC23F40B45D200437B48D466E281C753AD47B577
                                                                                                                                                                    SHA-256:E44E4D5697C700DE0821271D22BEB6B733E99DB74700DCA9B96A1164402B3AB1
                                                                                                                                                                    SHA-512:80EA4376BC33EC1E2ACA13BFBE3CDC1D48D162E7D463D93828E9F1FFE0D1AF5FFDD744118FE76EAF3B406710FF1C4D085DC653163E9ADBEEB26C5B55F780623F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZZ.j.H...Z.jS.%...R..../Z.jS.%...R..../Z.j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................F1.....N..L.....N...^.................R..o.C..m.,..............................................."....I.qk..B.....LZ...............F1.....N..L..................................Z.j.....Z.j.....Z.j.........................................Z.jj."..Z.jT....Z.j.....Z.j..T..Z.j.....Z.j .A..Z.j.....Z.j ........Z.j3Z.j:Z.j8Z.j..z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.6667550912905815
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:DU2s5QIjCeZUxBi9Ko2EOhjPiIOWkJ1/gJrT+g3SNOX9XNVRpzRUEWmlViDBM05w:DUTeiCeZ+zEMj6I47/zBg9XDRpu6VA6H
                                                                                                                                                                    MD5:D0A86E466D598074317F025CF512E326
                                                                                                                                                                    SHA1:E664C3323C7D74004B20E0B3FC443608D22FB3A8
                                                                                                                                                                    SHA-256:957296758BC1006E9F3E5E953E8302E6798F2CD5523716078449FB620ABDBB5D
                                                                                                                                                                    SHA-512:5B6DF6EC1F41A9A84EDE913F1B7852C941A6265F50FFD9AB83A590B47143C3C03B9B70DA0497DE004FE5CAE25E52298BB8683CD706DE610C740B67AAD92221A0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................I.......I.qk..B.....LZE&..N...E&..W....!P....E&..W....!P....E&...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................[@.1..{.......N...^................&.,S..O..................P....................................I.qk..B.....LZ.................[@.1..{....................................E&......E&......E&..........................................E&.j.9..E&.T....E&......E&..s..E&.H....E&...0..E&...`.&E&.........E&.3E&.:E&.AE&.8E&...z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.916520457794656
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:zjsyIkw9L169cCi6WSq46HqSReYLcs60R6fdxzkBcWq83wt/cj6ozcYncmB6Mqpn:zYyIksLbC0j2SReRvkWvWwtkFQf1O4
                                                                                                                                                                    MD5:24E64819F816C0CC739CC951290083A2
                                                                                                                                                                    SHA1:D8AEFA9F8B81173AD9FA97E157843A5BF797F0E9
                                                                                                                                                                    SHA-256:B40B236344F04B0D7D59EBBC4A908E115104BD83CB13ACDC61ABF91C26B498B8
                                                                                                                                                                    SHA-512:FD2C7FE2C755FAC534195F2238FDE2042116B91D8A98F9D97A88B0796C5034D8EA5DD863B7754A0C397C3F08B267FDB44CC38F3CFF8D521E4FBA9FC2800965AA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>......."...v.......8 ..."......>.......r...v...>...@....!...........................................................................................................................................I.......I.qk..B.....LZM.......M...D7..(^..qd...6)..c...../..x..6).M...D7..(^..qd..M....I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............5....@.?..u_.H.....N...^.................../..A...({8L.............(...............................z....I.qk..B.....LZ............5....@.?..u_.H..................................M.......M.......M...........................................6).8....6)..c...../..x.M.......M...D7..(^..qd..2................................I................................6)H.....6)......6)..d...6)......6) .....6)$.7...6)......6) .........6)!.6)..z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59707
                                                                                                                                                                    Entropy (8bit):7.858445368171059
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                    MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                    SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                    SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                    SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.859691557142926
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:4s5OWiHtxzwOao1eXFtRl0gXCKBy3W9feMBk38:tIDvao1QFtRlvChGfJ
                                                                                                                                                                    MD5:CEA1D6167EEE508BB892FC5852985714
                                                                                                                                                                    SHA1:270A6EB287148D91B06465950D86B88ABBBD26D5
                                                                                                                                                                    SHA-256:76413C0D38C946C394C3F3F6425AC13072420E5A518781530EC2CAC96989D694
                                                                                                                                                                    SHA-512:4B968E0CCC7F0F32AB2CA6AC1766635CEE2C314877CDDC211AED9B18EAD6BB25482BC1B300638170056ACC572238AA987B1ABAA3D1F30A6E6D40FD02385AE54F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZD)..<...D).....0'.8...!D).....0'.8...!D)...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................`....?.-.&.....N...^...............+.^Z.M.C....s.r............................................D....I.qk..B.....LZ.................`....?.-.&..................................D)......D)......D)..........................................D).j....D).T.T..D)......D).|..D)...;..D)...h..D)......D). .W.....'D).2D)...z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y........................D).3D).8D)...z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9.............D).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):5.3676101163451975
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:vGKT99L2bzvfgYB8xUBxIkn7fCAQsbeAifYkQGlkjP5g8izDHTZdo4UyEDGF/DXS:v/PtY6YIczXRuJ7C
                                                                                                                                                                    MD5:EB44AE95E880F1FAEEE1F6F587292B81
                                                                                                                                                                    SHA1:E55EBB1386EDDBAFF245D21AC4F7DB782EE3D059
                                                                                                                                                                    SHA-256:964B7DE2EC6E9BAD38A12E5547E571CA645D383E4F91B60A8083BB657B90D26E
                                                                                                                                                                    SHA-512:B7256B838A23063BD80FAC4596D89F0A945B6D168C0DE7D4A3B42E835F731D8809AA568D6D169E092C1BEC8F6E89329541612B8C294CA27F60781D4CD7BDC473
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:4..@n..@p...............(@..8 ..@M......4..@n..@ ................K..8 ...L..............................................................................4..@n..@8................K..8 ..`L...............t.......t.p#.3C..7...a............7..!.S.....RJ......(.....W.RJ.......ca...J...qd.......R#........T.......................................................................t.T.i..L}.T.............X...............~.........................0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....~.......~..d[.M...2<...0.......0..3S..K.Oe.$.\.2...............P...........T....t......~..KC.....0.....................0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.064674492062062
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:MskGqGGGGHcF/sEau2X+9caTPRLAOGGGssGJGrGG:MsUHcZJau2X+9trRLA
                                                                                                                                                                    MD5:B706A3C6D0ADEDF38F19DE364C7BDA2A
                                                                                                                                                                    SHA1:66E47E1A6CAF529DD39751702899599A4748B8EF
                                                                                                                                                                    SHA-256:37A4F51893CFD0AC7843C3D63F9467F80DA458E3466A6056939CF3ACAA7A7FF1
                                                                                                                                                                    SHA-512:4FAB7333515E33ACD4B1D3B8B0FB2969A1FE90E40572138B888ADECE04E8EA5173A4E9B834938F41A3CA8AD3BEB75D2751466087C6625D8FCDEC012AD6FD915E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ ...... ...8..3.s..=j ...8..3.s..=j ...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............R;/....9.X.Z.f.....N...^...............h>:.a..M..E.............f........................................I.qk..B.....LZ.............R;/....9.X.Z.f..........R;/....9.X.Z.f.......... ...... ...... .......................................... .j.... .T.].. ...... ..B.. .H.... ...B.. ...>.) ...J...................;........4...4...4..".............. .. .. ...z...y.. x.. ...........$........4......7...7........................;........4...4...4......... ...... .....# .............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.120455743378255
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:FsUBt6/A+kEEIX89HaVTxRya6rBABt0BMMBbBABo0B5B1:Fsct6/uRIX896VVRya61YmMUFYHj1
                                                                                                                                                                    MD5:9B8E1C66561A336E2AD7BBB4D86C1B52
                                                                                                                                                                    SHA1:A3617966FF9FCF138526310520E127519C5D66BD
                                                                                                                                                                    SHA-256:665B16E6CE6BD18247E01EEC3699EE24BE11409931EF9BFD8DD4E1532B7B4812
                                                                                                                                                                    SHA-512:6D1FA0CD3CA09AA6C1E459B177F0A20A8F3DF651C3DBD56F8501D877FDB35DDA8DF474A5A0FE163D3C2078ECB0FFEB26DFD5A18D4E2810AAD5C4A40AA45AC822
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.._......._W.(.....4...I.._W.(.....4...I.._..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................T....;.K.M7.....N...^..................`++rL..ubE.K.........f........................................I.qk..B.....LZ...............T....;.K.M7............T....;.K.M7............_......._......._..........................................._j......_T.]...._......._..B...._H......_..B...._..>.).._..J...................;........4...4...4.."................_..._..._..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........._......._....#.._............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.074697881619742
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:9sri4Jankt/Ja+7E3pDqX5q9dyDtToErd6r7IBdXvXLpIg:9synkZx7E3ZqX5q9wDtTVRiCPI
                                                                                                                                                                    MD5:F5B6E145B1F0A2641155D09DB7A7EA38
                                                                                                                                                                    SHA1:F0E0BA84C34D860B0685E2BEF954F15DF8E24F66
                                                                                                                                                                    SHA-256:86A026DA8F99391AF62CE18F24F019FBFBF8DA5D5DC1CB3648D601C9E6E68839
                                                                                                                                                                    SHA-512:FCE2A426202589358B7076C7D4E399FCCAD560F1E1CF29021C760B7A441F5B2498ABFD29804C7C43D7127C9F8BF91F5511A8FCE8084BDEE29D53A31D9735C399
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ.........;.....c.jP-'m..;.....c.jP-'m....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................<./.R.23:.....N...^...............-...x./B.T.+$...........f........................................I.qk..B.....LZ..................<./.R.23:...............<./.R.23:.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.0770943919494265
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:3c2s5avG9xxUTtdE30ElXBXWnjB93etnTo89rdnrQIzdXN2qPJkT3FqrvPog:3c2svxxUTXfEFBXoB9UnTLRrd1I
                                                                                                                                                                    MD5:71502013889D323B3D75E05C6894AE76
                                                                                                                                                                    SHA1:F90FA8F03D427D8FB7AE680A3F272C0AB2D23D84
                                                                                                                                                                    SHA-256:41F4E64411CC9E5A3F0B7E9EA3F2C7937CA998FC9D41C236E6A73647B4EB92B9
                                                                                                                                                                    SHA-512:1DF45DA3F2150A446AF6D5E0E434C32C51921D035F19AB8FDEC72EE85F4C5D10E8BE117AB1D1054C2B8F83C99FA2114F0DA122A14C22303CEF75B39F940BD01D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ...........D.Dm..[4..{C...D.Dm..[4..{C.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............u.0.8S(.?..[B.......N...^...............h... .I................f........................................I.qk..B.....LZ............u.0.8S(.?..[B...........u.0.8S(.?..[B...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.074789627853398
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:ts53dhwoTEHOXo9a72TMRy34G2dEtjcaWRGYlKP7:ts53dhw/HOXo9a72oRy30dEpca
                                                                                                                                                                    MD5:C953BAA3802218BC0DA48804FADBADF3
                                                                                                                                                                    SHA1:D42BBC329EFCE3A1EA7876E5CE7B0D684993EBF0
                                                                                                                                                                    SHA-256:FD3A66B107654B963A1EDFC7206DCCAED72045C52F8A6818DFCFC55CDFAD1F39
                                                                                                                                                                    SHA-512:C1AD6F7D5BB3A2C3CC9ADC83117CC731506B3178AD58CC94ED13D9666A12EF0C9EB915A3F1DA478957CF614877016D0D5344CFEEAED2BD2598E0CDC9D6A6D241
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..U.......U.9(...........U.9(...........U..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............._MM$sD......`.Y.....N...^...............!8%...&N.L...:o}........f........................................I.qk..B.....LZ............_MM$sD......`.Y........._MM$sD......`.Y............U.......U.......U...........................................Uj......UT.]....U.......U..B....UH......U..B....U..>.)..U..J...................;........4...4...4.."................U...U...U..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........U.......U....#..U............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.066210469216517
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:esAAji3CyEGXk9lqX6QT50RP0J0UCS90FVj:esAAjiSfGXk9w6QSRP0J0UCS90Tj
                                                                                                                                                                    MD5:3718A9DF1685B0B3F46CFF9F8900742B
                                                                                                                                                                    SHA1:F997118C65209B677305B58B0ED99EDA4714FE56
                                                                                                                                                                    SHA-256:074005B6B64AC6DE45F757A4DA01013BD7C92DC88C7DEE78EC81857BB60B21B9
                                                                                                                                                                    SHA-512:1FEFFC3DA7EE2224C87FEB8EFBC1B1CD9250A9ACECA96C1FA4DF592215ED741751C8F3274B8A123EAD2B178DE216F7BCED4A6142CB32509ED31EB161FD91E853
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ..a.......a.$.Z.%........a.$.Z.%........a..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............n(.........h)......N...^...............z......K...]RG..........f........................................I.qk..B.....LZ............n(.........h)..........n(.........h).............a.......a.......a...........................................aj......aT.]....a.......a..B....aH......a..B....a..>.)..a..J...................;........4...4...4.."................a...a...a..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........a.......a....#..a............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.054646094305616
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:22WsdGCgvZOQLEYXXM9/pZTFR2aHCtaVzt:ysSvQQIYXXM9/pZJR2a
                                                                                                                                                                    MD5:589A7B5D9DD5F8BFBE9C6EAA8BAD5608
                                                                                                                                                                    SHA1:56AB145A6717D827B0AB568B5F7770848A9ACE7A
                                                                                                                                                                    SHA-256:FED6586FA9F174BF5A488B511002608CA266BF3335AF4F11E04A5FD620A7A21B
                                                                                                                                                                    SHA-512:218EF51EEBF988198CB3ED236CFFEA8533853286888093B2424095657537C45D710D404CDB98E6389076FC71EA071A87EBB77762F973E7BCAA57789CBB1AF2C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZHq......Hq.R..7...MF...DHq.R..7...MF...DHq...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e.g..W.-:.e.1......N...^................V6...J......;.........f........................................I.qk..B.....LZ.............e.g..W.-:.e.1...........e.g..W.-:.e.1...........Hq......Hq......Hq..........................................Hq.j....Hq.T.]..Hq......Hq...B..Hq.H....Hq...B..Hq...>.)Hq...J...................;........4...4...4.."..............Hq..Hq..Hq...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........Hq......Hq.....#Hq.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.07774828303831
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YJsiTJdIK6rtsGyCEn6rdXA9WqV4cpVMToTrdvlxrIIodXABS2R19ZdJSO47S:KsIJ96rjEIXA9L4mMT6RHqYSS5JSO47
                                                                                                                                                                    MD5:E0D3BE5FFB51E4E3509AE8EDEA8C5AD0
                                                                                                                                                                    SHA1:6C5CAD2C51E533299007AED32CD680CEEA27553A
                                                                                                                                                                    SHA-256:FB3CD01E958E5BD3D36EA45A1D4B857CEE0C70E9F60B09DC2ED987C47E5FE45E
                                                                                                                                                                    SHA-512:3EAB231E8148B6E54638C316EAD3C6B8ECDC52AF20A50AC74A384B17A21680F8E03359E25CBDB113A3D63F2850E5A8CC56BA8599776AA4B3A05CC67597D800A7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ|.......|...R.....k.ZkcL|...R.....k.ZkcL|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............*.&....Sr1...D....N...^...............Oa./f#.@..I...&.........f........................................I.qk..B.....LZ.............*.&....Sr1...D.........*.&....Sr1...D.........|.......|.......|...........................................|..j....|..T.]..|.......|....B..|..H....|....B..|....>.)|....J...................;........4...4...4.."..............|...|...|....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........|.......|......#|..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.033151640858347
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YZsTRVx+NxmKtwHZxUEXgZTIXHI9hMJTo3rdProXeIcdXM5lRRTN+hkLCEKSlrc6:KscmKqHYEXg6Xo9hgTeRjoXM0
                                                                                                                                                                    MD5:642F63C5C90955CD89F9D84BC21DC1E0
                                                                                                                                                                    SHA1:0B70589867E4781A1A9F32095D4F330A1AA7EB61
                                                                                                                                                                    SHA-256:E850FB6E8FBBA60104FA683F66ABCC8E0E7E9549E3EEC508079A745EA1EF3CAD
                                                                                                                                                                    SHA-512:8DB5E7F69544E824081095B760B0A28C8A674E0D96FA6655A7BF3B153987FF6EF3DBABC73BFD9E8C814BCC8B9837C316D45E366184D7091D77C7DED3E8BC2F42
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.K.......K.^...."uJxa....K.^...."uJxa....K...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................E...v.."..@....N...^...............OE.....K.w..HJ.m........f........................................I.qk..B.....LZ.................E...v.."..@.............E...v.."..@..........K.......K.......K...........................................K.j.....K.T.]...K.......K...B...K.H.....K...B...K...>.).K...J...................;........4...4...4.."...............K...K...K...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........K.......K.....#.K.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.0925928001243905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YBsL36gej47UqtA4QWE86Xkz922YHToTJrdQr6IWdXWDn+nWR7sb4j+nuKly:6sxej4wqqmEzXc956TyJRISWXP
                                                                                                                                                                    MD5:6DEC6CDF6342EB7FA017C99A1EBD92A9
                                                                                                                                                                    SHA1:8379E8EE9EFCA84CB4C2A8D80C79083EF79A0860
                                                                                                                                                                    SHA-256:ADDAEE1C527AE9C5D4877D2E7B76AC042432699D50B40A0447B47DBDA4FC173E
                                                                                                                                                                    SHA-512:550C697DD90199CA45D55168B7B4DC7B7EC9FEAC4D5320BD58EED39F18E07525BB4838275281FBF8953E1342FC0CFC5124B5574836716BE27BA57FD41725C46A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZp.......p../.E....'..F].p../.E....'..F].p....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3u......;U...S....N...^................!.n..fD...N{}.]........f........................................I.qk..B.....LZ.............3u......;U...S.........3u......;U...S.........p.......p.......p...........................................p..j....p..T.]..p.......p....B..p..H....p....B..p....>.)p....J...................;........4...4...4.."..............p...p...p....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........p.......p......#p..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.088641297176611
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:ysyfc3+8LqEfVXY91CToRfsM4VMV/4VMyV:ysScBbtXY91C0Rfs
                                                                                                                                                                    MD5:0BCD6EA5F2420EAC7BFA5CC90C57502D
                                                                                                                                                                    SHA1:A4663C9E5010E3D2FC3FCB86DBEED4DC3EAC75B6
                                                                                                                                                                    SHA-256:A99B44A3F6A4B034EB31EB1F1C5112D01368F04A7716F5C4AC144A400FD971E8
                                                                                                                                                                    SHA-512:F56C0D6DE8AE0A8128D92DFC637252AAE87486AF34BA1E0303CE0A6ADA04DF7936BAD2196922C9020C3514ECF93D0CA414ED5ADB67DBCFD4DB7D7EE9E15B8183
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.;c......;c.].i....L_....;c.].i....L_....;c..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............f'.\..............N...^..................O.@fO....s...........f........................................I.qk..B.....LZ.............f'.\...................f'.\....................;c......;c......;c..........................................;cj.....;cT.]...;c......;c..B...;cH.....;c..B...;c..>.).;c..J...................;........4...4...4.."...............;c..;c..;c..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........;c......;c....#.;c............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.098295649149276
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:esiFQREP5JEFEX09VENy0T/GReGkUzdozazYvQ:esieREx2SX09VEE0DGReGkUzdYaz8Q
                                                                                                                                                                    MD5:C4E7C0472D17D08C492BD7BDE524A073
                                                                                                                                                                    SHA1:56E50F9EB4D5AEC47CA59369E7234F02B1B16C04
                                                                                                                                                                    SHA-256:C3A9F273962F1CE470C7F13622FDE14E629296355268479F7108444A3B5D761E
                                                                                                                                                                    SHA-512:CE4408E0DBF063AD33712F6F2DC97985F95B833A9C8CCD39511D60FDBBE42E5DAE85598F16F06FD760DCB3747EF34DD6A6D30FB7D0B17184CD768D84A9D4BEC5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ].......]..E....%.^5.j]..E....%.^5.j]....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G.}r.<....f.^%......N...^...............g.8...H..)o"W.........f........................................I.qk..B.....LZ............G.}r.<....f.^%..........G.}r.<....f.^%...........].......].......]...........................................]..j....]..T.]..].......]...B..]..H....]....B..]....>.)]....J...................;........4...4...4.."..............]...]...]....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........].......]......#]..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.078898610711362
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:lsWr1ErtRDt8Et9Xc9+STo1rdfokrBIGdXyqkslZv+/ka:lsUEr/p8EXXc9+STMRfHjnG/k
                                                                                                                                                                    MD5:71539A30B51FEFD858BBF9B9FF85BED3
                                                                                                                                                                    SHA1:E38DB2A7795D5E8057AF173A293DBAC2747FB649
                                                                                                                                                                    SHA-256:C390942C468EF0C91EFFB3FE6899ED658C5A2BBFE0193F30A08FF5BBF09024EA
                                                                                                                                                                    SHA-512:6743514A13A9F1C1896259CA428541DA53F0232B2EFC4634FFB6A9BC941356E67B5F46A25FA004A6929BAAFD65FF7A81D297632C0920869978011EBE8C33D522
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........Tl...%..a......Tl...%..a........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................#{...:..=}A......N...^...................:..F..v.. .z........f........................................I.qk..B.....LZ...............#{...:..=}A.............#{...:..=}A..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.081781970362134
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:J8osWk12ifSapgEVXM9lIbThxRpW/2uuI:J8osWkIifSM9VXM9lIbVxRpTk
                                                                                                                                                                    MD5:23782192B25E989FBE8DC23E93D20E59
                                                                                                                                                                    SHA1:A698E2CAD3C39F2C3356238A9393698F5625F7F7
                                                                                                                                                                    SHA-256:CEEFDA7A1167D9229F1F20E1CC3D1F80E79A595B218EAA38172DED387EA02C07
                                                                                                                                                                    SHA-512:9A5DD9BDE0E9920C2E54F5030F40EE902AE0F1B1AA938B2E0F84BEE9F9D9DFDF65AF02A5ABC374E0D02611F0F75A377FCBEEA5869CF2C159451A64F9626F0C45
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ. ...... T..r.$;D..w.S. T..r.$;D..w.S. ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............31^...............N...^.................,E...E.J............f........................................I.qk..B.....LZ..............31^.....................31^..................... ...... ...... .......................................... j..... T.]... ...... ..B... H..... ..B... ..>.). ..J...................;........4...4...4.."............... .. .. ..z...y.. x.. ...........$........4......7...7........................;........4...4...4.......... ...... ....#. ............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.077880375969858
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xsb5wl3G26mtsl4CytIEdjXw92vNoTofrddr3I0dXEzDOknv/8a:xseU26m6l4CQIEBXw92FoT2RRvIOK/8
                                                                                                                                                                    MD5:F22F456C5FE83E96327B9F752DCFDB2A
                                                                                                                                                                    SHA1:367596CB773F5E3D7D1DD3AEAF7B6602A5A52001
                                                                                                                                                                    SHA-256:2F88CBA27DC4580105864954F86007A1742DA67A454D30825195348539BBC2B1
                                                                                                                                                                    SHA-512:5C5B681125AB743DA798C9D43ADBF8CDF01D32DFC9DF5EE831CC50C1711235D697E9016EBBEA70BE229085BAA772BCE135A490A2A3D0AC20786A68FE9CB33447
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ.S4......S4..........&.".S4..........&.".S4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............0.CP..r*?.......N...^......................O...R............f........................................I.qk..B.....LZ..............0.CP..r*?.............0.CP..r*?.............S4......S4......S4..........................................S4j.....S4T.]...S4......S4..B...S4H.....S4..B...S4..>.).S4..J...................;........4...4...4.."...............S4..S4..S4..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........S4......S4....#.S4............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.154221193204216
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:as23kRRxiR+0tphIEtgX89x7HToSrdjrGIDdXdDeO9ig:as3sR+0bCEaX895HT/RvbB
                                                                                                                                                                    MD5:004AD45C18C28CED53D47C7BF369B6BE
                                                                                                                                                                    SHA1:D479594E0EDE5FFBF7F5245B9EF4EDFD48FAFF8E
                                                                                                                                                                    SHA-256:17C7478A43B9C900887D596835FDD5028C2304E2ED7FF758F851DAACD3F640FB
                                                                                                                                                                    SHA-512:173BB3563588E7889D7B86060166D06674B9EF2F9687DF8E3502F63D6A5EEB8E6CB26E76D41A332F960C6B86337AB77DC055B2193EBC208C8278C3CE02D0E04C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ6]:.....6]:Z.......}.S.6]:Z.......}.S.6]:..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............DZcv.....(...y.....N...^...............s..+M.E.ju.uiH.........f........................................I.qk..B.....LZ.............DZcv.....(...y..........DZcv.....(...y..........6]:.....6]:.....6]:.........................................6]:j....6]:T.]..6]:.....6]:..B..6]:H....6]:..B..6]:..>.)6]:..J...................;........4...4...4.."..............6]:.6]:.6]:..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........6]:.....6]:....#6]:............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.1625276006763094
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:p0slty+HgbQBM7butiAtcEPlOMcX//c9TrToJrdQrShIVdXDI8/HCFtGwFS/Big:Ws8m6buUScEPvcXXc93TYRI7q1i
                                                                                                                                                                    MD5:3839F7E39E2DCBA23459AB99EF324F84
                                                                                                                                                                    SHA1:22AC6A68DFF1FDF0A400483CCC0E58B094116EC5
                                                                                                                                                                    SHA-256:EFECBAC55A109E12194C6831DAD2D80AEBF80FBBA1C93070AC53DF8FC1E7C971
                                                                                                                                                                    SHA-512:54A71A94D1F1BF3B6BB4A189AD47A1804AE9FC3C32B9F765236213C18150607A366FF9FF95D7EB04BF58C1B356ED8FFE2E28126330B2D7CD71976C3F6C563F1F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ.#m......#m...%..^..n..#m...%..^..n..#m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............c.[?....... ).8....N...^.................J.P..N.{.j...........f........................................I.qk..B.....LZ............c.[?....... ).8........c.[?....... ).8..........#m......#m......#m..........................................#mj.....#mT.]...#m......#m..B...#mH.....#m..B...#m..>.).#m..J...................;........4...4...4.."...............#m..#m..#m..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........#m......#m....#.#m............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.158629761593572
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:PVsXab1u739EBA7rWXpW9+T2RKu7b0Wc+v:PVsUuWArWXpW9+CRKu
                                                                                                                                                                    MD5:EE50ADCE28A19DA806EA8AD22F99AC5C
                                                                                                                                                                    SHA1:363E68154087F916B11D6F687DCB75D40BE27611
                                                                                                                                                                    SHA-256:15CD39491D4B98F713DDCF2E34F25CDAEB0C259D4FE7E750FC073E1E391E49B7
                                                                                                                                                                    SHA-512:52D1EF478CDCB8A90884FCB2240E7B1E9C9C0431ED4F732C0ABE7B49A6EC21635CEB8390C7769ED41E16A29B5B333A064DA8EB81B98C9FDEFDED0912E7556544
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZD.h.....D.h.x....mb.C3D.h.x....mb.C3D.h..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............N..........".>.....N...^..................5.t.G.....r.........f........................................I.qk..B.....LZ............N..........".>.........N..........".>..........D.h.....D.h.....D.h.........................................D.hj....D.hT.]..D.h.....D.h..B..D.hH....D.h..B..D.h..>.)D.h..J...................;........4...4...4.."..............D.h.D.h.D.h..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........D.h.....D.h....#D.h............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.1568626297842135
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xxZs+oQwEeXzGtk+E7CWHXU9c+LToErdSrOIxTdXr0hzUJ0mh4dUo:xxZs5XzGBE7tXU9cUTlRKxTC
                                                                                                                                                                    MD5:413050419719E8D4FE57256B5DFFA8C7
                                                                                                                                                                    SHA1:8066AF7440FA9F41F4365282D090D84AB786360F
                                                                                                                                                                    SHA-256:8D34934D0566F38311E0D5A423E864B567D77AB08AA8673E19FEA2E4A44AE64A
                                                                                                                                                                    SHA-512:190150221F3350241F579848F4F9BEBB3675D519CC7F43A62934E466C2C6ED5532D58BEFA7A7E8D65E4381A138194A0ED9E537672A8865D85886DD9B77DBAEEE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R........................................K+.0E..H....I.......I.qk..B.....LZ.....K+.0E..H.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............E1_.T.3d..|A....N...^...............6....QTF.....;.a........f........................................I.qk..B.....LZ..............E1_.T.3d..|A..........E1_.T.3d..|A........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.14298507374875
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pQhl0s15IpZGtlvFgtoaEEC/7xXex97fNToCrdSryeITdX9kLaYp:e0sTvhFgpEECxXex9pT7RKME
                                                                                                                                                                    MD5:E04E7F242DF01B3F0AAABEDDF483287B
                                                                                                                                                                    SHA1:178AF39CD348D81174B7F0567F3C71D2FC7CE909
                                                                                                                                                                    SHA-256:3B263D1A562539C57F8B23DF801C721B90A2021552B6DFDF9145E2C742E3F1D3
                                                                                                                                                                    SHA-512:7BBEC2FB928FE3ED0D6F2315BC37CCE4DA868EA7BD8FB03D2BA4075DC24DF541A8BA8E472A8E1875612D05335CC0D61CE44E58B2C867F66DEDAFFA2C55D7AE3A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........X-....|.....T...X-....|.....T.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................3h....6.>.p.....N...^...............I"D.:..K....d.t.........f........................................I.qk..B.....LZ...............3h....6.>.p............3h....6.>.p.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.13037128255259
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:K1712sbWUQMpEt4+E2CHcXs9koFTo+rdSrCIrdXo0qouN:K1712sAMpEVE25Xs9JTbRKXw
                                                                                                                                                                    MD5:A7C876718990D6BB39F1C30A13BF688E
                                                                                                                                                                    SHA1:3875FD3BE65D0011AD6894C03C2735A9501093E8
                                                                                                                                                                    SHA-256:8DBFFF09BBE8850CFCC66E7DBC968BC3CE7AD7E3A91B22DC7DB3018D948248C7
                                                                                                                                                                    SHA-512:485430C223A1FD46C82D0D3A7B5B72381A9E73C294BB0A7B2E0A39E33277816691F367269733D1A307C18179AB98BD2E336DA8C75E58A02815E0F173F10F58F2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ@.......@......-.}.O...@......-.}.O...@....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o..w(..=..!.t.....N...^...............Xl.Z.#I.-.............f........................................I.qk..B.....LZ.............o..w(..=..!.t..........o..w(..=..!.t..........@.......@.......@...........................................@..j....@..T.]..@.......@...B..@..H....@....B..@....>.)@....J...................;........4...4...4.."..............@...@...@....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........@.......@......#@..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.133361693778262
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:fxsNrsTKVtpzB7nftAyBm+EG9CCZXX6t79PfToIrdSrtIRdXnYOgVVguOVoKlpOX:fxsHpJnfqEEiHX6t79nTZRKwK
                                                                                                                                                                    MD5:CBEF644E74D1F1CCF1C3ACF9BA26A770
                                                                                                                                                                    SHA1:21212E9813E71EB56CF9E0D070DADAE0D795B0A4
                                                                                                                                                                    SHA-256:24AD29A83E1E475271E6D49279E42032CA4DCB7785D369404643D7A03EDDE1D7
                                                                                                                                                                    SHA-512:683FAE0D7A21532F0D4FA0EB3A44F5009658BBCC30F1DA65552364AD978EE05069CD4C8D32375C5D1EF0ACC6BD45EEA5126C47DCC52CAFC49917C66684C01042
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZpOH.....pOH.B...$:.EfN.pOH.B...$:.EfN.pOH..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............a.b.Q.4..gc......N...^...................6..B..S.@.........f........................................I.qk..B.....LZ..............a.b.Q.4..gc............a.b.Q.4..gc...........pOH.....pOH.....pOH.........................................pOHj....pOHT.]..pOH.....pOH..B..pOHH....pOH..B..pOH..>.)pOH..J...................;........4...4...4.."..............pOH.pOH.pOH..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........pOH.....pOH....#pOH............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.111683042798435
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:tsMccXE2gK2cW5tE7GEnpDCZPeXw9THvUToprdSrp/ImdX6wW0V6rltWNdLj:tsMOhrcW5xE1VXw9THMTwRKpRF
                                                                                                                                                                    MD5:7C28E9FFBEC9F0F03D2E9221484F935E
                                                                                                                                                                    SHA1:B1EC923DF3F8DDE164118469E5447C3D516CFE5D
                                                                                                                                                                    SHA-256:FC7FFA18D3A03FFF4C8D568FFAB56F2675D145FB710BD6CCFD5CBA62E5BA218E
                                                                                                                                                                    SHA-512:057613592B58735851F41F715107B3ACB2C2C2537D2DE925357B7678CD74D6128C31E55664C8A33B610C82FBE78BA1EA28142BE67F5F1ACDA9FBD5406A2D0DA8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..0.......0..r1.?.G.jU...0..r1.?.G.jU...0..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g.....(.a...E.....N...^................{.....K.nnpe..........f........................................I.qk..B.....LZ.............g.....(.a...E..........g.....(.a...E............0.......0.......0...........................................0j......0T.]....0.......0..B....0H......0..B....0..>.)..0..J...................;........4...4...4.."................0...0...0..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........0.......0....#..0............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.12944607347251
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Nso0kRmgzEmXXs9gTTURKzn02ZCwCZPQc:Nso0kjgIXs9gT4RKzn0
                                                                                                                                                                    MD5:D380105BD8BD0CFCB1B3C89C339652FB
                                                                                                                                                                    SHA1:A5E73A36FA78154FA72E8A6B29EF8987ADDD15DA
                                                                                                                                                                    SHA-256:FC87793A9771C5491F7A1454464A3AE8CDA60129ED95CF661BD75C2E6B1DA438
                                                                                                                                                                    SHA-512:7FB576449C5DE33885068A76BFDF100950525F4DB9AA3A58C9DFDCFA0E0C3A6BF808464E2217DCEFA504DCB24CD54338F0A5F789D0E21315CB6BBFCA9537E050
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........B.\..,.Y_^....B.\..,.Y_^......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................]Oe.....$........N...^.............../...1..L..j..C.:........f........................................I.qk..B.....LZ...............]Oe.....$...............]Oe.....$............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.089510148748566
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:KksIeehcVy8ElCPX492TLRKLhKLP3KomB:LsuhcsOX492HRKL
                                                                                                                                                                    MD5:5B15E053570C0B0B889C55E4AEC429A9
                                                                                                                                                                    SHA1:34AFB6381C21642020AC508CB1C39F0B51729BF3
                                                                                                                                                                    SHA-256:46DC27BE7C741FCCFB385FFCD531E69535A593DC28782BC5CF18786948DDEA1C
                                                                                                                                                                    SHA-512:4DDCD9F275F9B77502FA17B21DE0F9830C6C4F9092A0FA8033C21826A1069A255222BD1337721895483818AAF8900E805471E6F1F23A396D6E0B90D8C13B2368
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZlf......lf....../..C1Z..lf....../..C1Z..lf...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................4.!..B.R......N...^................590G.nG....Lx..........f........................................I.qk..B.....LZ.................4.!..B.R...............4.!..B.R...........lf......lf......lf..........................................lf.j....lf.T.]..lf......lf..B..lf.H....lf...B..lf...>.)lf...J...................;........4...4...4.."..............lf..lf..lf...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........lf......lf.....#lf.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.143691754198923
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Kks3/YW7H/xqGzFtOMSbtFQ0E6tiC+GLXw9KYToVrdSr97hIbzF0dX+F0Qq7wpvm:KkspqkFtobFE6c7EXw9bTURK90F0Ph
                                                                                                                                                                    MD5:386C8D165738556860B95BC074819473
                                                                                                                                                                    SHA1:684B4F0B024CB3B98EEB18F7A8AED1281ACF7942
                                                                                                                                                                    SHA-256:645135734E81D02A1B7CAD5D89B71A187A27D3B31CFC20B9798FCF2D48F82781
                                                                                                                                                                    SHA-512:61838BFFDDE9AEA4437FF42166988025B05AFD42C0DE1245F3E014CD124E04F461E20BF37D972D4048C70A9EB5D4DC3CB68FED55252E61ED676DEA597914FB8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ....................).Q.............).Q......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............B.+...0..e>/......N...^...............&.Sa..M...rS.}.........f........................................I.qk..B.....LZ..............B.+...0..e>/............B.+...0..e>/..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.105891197732592
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:QPqes/LKmbDVJstz15V/kEIWCCYaX8B9kSoLTocrdSr4hIRdXPZhPRnZh:QPTsOIDVJsX78EPBX8B9k3TdRKNLJhZ
                                                                                                                                                                    MD5:A10BE82775DA68821422579387349E70
                                                                                                                                                                    SHA1:53E169DCFB2B7D27AE35D9E36BACE622BD0AC7FA
                                                                                                                                                                    SHA-256:E9F500154499FF499114B4A3813FEDA9AA5CB6516ABD0ECE7A08A916D7089F7C
                                                                                                                                                                    SHA-512:E0E60E95560B7EB495F342747B5680E8694335C1D579E659C5668BE92F9A529746C17CA5B3E639E42298723A5596928114E093CA2A266A6690BE0E2A582D9554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ.@Z......@Z./...1.os.3...@Z./...1.os.3...@Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W..Hu..'.e.&S......N...^...............@;.5...O.,..,..l........f........................................I.qk..B.....LZ............W..Hu..'.e.&S..........W..Hu..'.e.&S............@Z......@Z......@Z..........................................@Zj.....@ZT.]...@Z......@Z..B...@ZH.....@Z..B...@Z..>.).@Z..J...................;........4...4...4.."...............@Z..@Z..@Z..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........@Z......@Z....#.@Z............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.129931906486086
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:VsfojWv5nL6TJtYzWEVC/pXo9byToLrdSreIgdX0Cbi99hsR:Vslh6TJ5EVEXo9WT+RKQbe/s
                                                                                                                                                                    MD5:77AEB0E2FD031370A29275D015B765F9
                                                                                                                                                                    SHA1:DC3569A825E207026F0187205CC5A8A3FB43D908
                                                                                                                                                                    SHA-256:F88BDF6EC3D982A00934711F9F2B5693B36929C7E1E417165DA0C1FBCDF1F7E8
                                                                                                                                                                    SHA-512:3F5DC6FD9E1D01BF0CFE86DC60DEF7996D6B1BDA01D365C692F5DC553DF61B1649D9B5EFD7CDCD14DF17D04BF22CD6467D49C31A2AC3EE821756740571442088
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ6.......6....a....5..7.6....a....5..7.6....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............W&..&...*.....W.....N...^.................ZS...E.d.o.*.S........f........................................I.qk..B.....LZ............W&..&...*.....W.........W&..&...*.....W..........6.......6.......6...........................................6..j....6..T.]..6.......6....B..6..H....6....B..6....>.)6....J...................;........4...4...4.."..............6...6...6....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........6.......6......#6..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.100118531799817
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:FsKRVQPdU5JEsWMWXg9S5TwRKr63VGxOoZ:FsHUk8WXg9S5kRKr
                                                                                                                                                                    MD5:58C74394126EAE79E2BF5E0A77A318BB
                                                                                                                                                                    SHA1:D51B18B7B83894A5E91477973C973FC0484C9541
                                                                                                                                                                    SHA-256:9381AAB082142422F3771E20155956322BA0B2218041D6F301005CA5405BFB0D
                                                                                                                                                                    SHA-512:5A27D43F567D5F0516239625E2C8C0521A7BB133E8DBC722566E89664E6F1A58352B2F8613524B068A38A5230E718EF69392CE00C286D9EBBDC4CF59A3E5104B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.7.......7....+.&.....f..7....+.&.....f..7...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............AZ|.>..5.t].@M.....N...^................H~Zcz:K..W"U.NV........f........................................I.qk..B.....LZ.............AZ|.>..5.t].@M..........AZ|.>..5.t].@M...........7.......7.......7...........................................7.j.....7.T.]...7.......7...B...7.H.....7...B...7...>.).7...J...................;........4...4...4.."...............7...7...7...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........7.......7.....#.7.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.124716052601823
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5sTzRK0EAt8uER35uCAZ0Xo9fjToErdSraIgQdXrbKdRsa5:5s00EAhER3cKXo9LTFRK0Qd2ka
                                                                                                                                                                    MD5:9D62BCE7E6D0F81A427627543B0B60ED
                                                                                                                                                                    SHA1:04526172B0EC27E5AD713E78A9F0D586710612FD
                                                                                                                                                                    SHA-256:5259E4EA0440F48C900CA620053AB5107990CE51A92686A2CEB1CE79A14C24AF
                                                                                                                                                                    SHA-512:AAF7CD1851531EEB2DCD4E9C9D6C69D43158DE4BE8446B51E19EA98F71884E1243DABD94320A4E0A2DECE464E092C4FE56CA305A032EBA2F9D2EA5B46424CA69
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ............ES.."".(..e....ES.."".(..e.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............]..B.cm....).ju.....N...^...............|....M5B.....8..........f........................................I.qk..B.....LZ............]..B.cm....).ju.........]..B.cm....).ju.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.143974573903606
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:SasPqPM900tI7SENAIWCp2h9XE9sOUehTo6rdSrscI/dXRuOWHASWrOvpd5:lsb9VtENA1s2DXE9sO7THRKsNMT
                                                                                                                                                                    MD5:269424FF26A8863F6F7E7A57EED56A0C
                                                                                                                                                                    SHA1:AB9D63D1F0B46DA188D1F421F5407AF3C2B55A5E
                                                                                                                                                                    SHA-256:B3AFF02E4987DC49D9AC29DDF4C361BF08C4B8D2A6174A798214E97352CAD8F2
                                                                                                                                                                    SHA-512:122B2B14443094408BE892CB4DA2B1B1432E45608115CCCA865DEFC783D7912A94DFCD3957A8F1AC7D7E34BC487082478815BEAFCD6E90DBFB7FD9261888C5EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ5.......5........._. x.5........._. x.5....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................N..9.d}.c......N...^................c.Tj.oD.?..>-.........f........................................I.qk..B.....LZ................N..9.d}.c..............N..9.d}.c...........5.......5.......5...........................................5..j....5..T.]..5.......5...B..5..H....5....B..5....>.)5....J...................;........4...4...4.."..............5...5...5....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........5.......5......#5..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.145786952487935
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:K8s5VaeRhEyruXI9RyTtRK05Y2KNYAM3z:TsDr0ySXI9cxRK0
                                                                                                                                                                    MD5:42087C6962E5BD9C6DDEFF81943E2E04
                                                                                                                                                                    SHA1:0F4C43F59EB7D90E30F17EBAFD6E2B26F5AE0982
                                                                                                                                                                    SHA-256:30F4FEA097C7CE30A7E17ACC198D5CBFD17F27DAFC02633C306DB805A887EA54
                                                                                                                                                                    SHA-512:B24BCDB9C8EB0550A04599977C9767A78144B037677BC5DA9EA0C7F0B5841F03C0EAE5F95E728695CC4A0421CCB45A51AE27A917AE336725746BF1D968EDE690
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZb.......b..dQsE..M>...?b..dQsE..M>...?b....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............l...%.5..rg.z.......N...^..................1..I...............f........................................I.qk..B.....LZ............l...%.5..rg.z...........l...%.5..rg.z............b.......b.......b...........................................b..j....b..T.]..b.......b....B..b..H....b....B..b....>.)b....J...................;........4...4...4.."..............b...b...b....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........b.......b......#b..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.13129543600894
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:mKXs9QHW7HQtR+K4EJlCDoXHzS9HF+J5VToYrdSrpIFdXbsmkbgtf:mKXsmSHQ+vEXJXu9leVTdRK8eVgt
                                                                                                                                                                    MD5:CF6A9F49A2F82EAD11D46ED017C4A4D8
                                                                                                                                                                    SHA1:506A369ED9B1CFD5B1ED16675F4FE3DDE0F5F1FF
                                                                                                                                                                    SHA-256:08A1EEB60A7E20EAA4F445DA7264EC1193EC7AF483C72430F0AC988B58EA3AB8
                                                                                                                                                                    SHA-512:5C8986D951C0943B9926F7F1D760468EC2278D4DB79AF1406539961C4DD48657C04502AD906C3C4D06F437B484AD7E076945D4A4C4EE2A9EF96541F91C5143DF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ..m.......m...6.?<S.o.Z...m...6.?<S.o.Z...m..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............D........&...5.....N...^...............J6..)..N.e.|OKr(........f........................................I.qk..B.....LZ............D........&...5.........D........&...5............m.......m.......m...........................................mj......mT.]....m.......m..B....mH......m..B....m..>.)..m..J...................;........4...4...4.."................m...m...m..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........m.......m....#..m............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.7065610193044685
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:0bBf47J9jr2LC7wJEqISpep5EG4IUzE5koc4IzQXLJEH4I82aYW:0bBqXjr2Sw2qIcesO7dUzQL2XuYW
                                                                                                                                                                    MD5:73455C4DC19188D14564C02A65CAA1BB
                                                                                                                                                                    SHA1:8D5F335580DAA0432E5E394085F9ACD379DFC39F
                                                                                                                                                                    SHA-256:D6C32DC436435443AED7819BC91A6C52402F9F95327ED9388E50653FF20108BA
                                                                                                                                                                    SHA-512:D6C6241FA2F68168AFD183590F3A3125B7CC7618A5368874302FBB024CB319942DB5CDAE8D249932F505834480AA26FEA8F54811C799AF674B655CCF238914A8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....................0......................................................................................?................................................................X.............................$.......$.j...#.J...<8.O......O n.gF..$.....z.....L....:^..zz.....$.j...#.J...<8..$..E..n...,..x....E...........z.......z..................................................P.[.....P.[.F.oD.k^l...^................4..Ygo/.2.......^.......,.......0.........$..O.P.[...n.....z....E........m1T./...OT....P.[T).....nT.v..+..T)...z.......z....n....T)S.......O......E...c..,0...e...B4.$...........GP..A..}.....J.....................8.........B)..&.8..a0.:F.......o:..a0..........4..Ygo/r........>...........<.....$.j...#.J...<8........4..Ygo/r.O n.gF..$...............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):4.576540836916994
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:+lAR8XTT7m0gKTm6ibuoAFRtHPHB6uNa7eV4iA8kGkI/GN+HeInNch1b+2:+lA6XTTi0gKTm6Au7FR1PHI8aSV4iA8i
                                                                                                                                                                    MD5:ECCC218249FA84840BD38E28F6F71660
                                                                                                                                                                    SHA1:1AEE0396C9D6B13E38F2CFBAA181CDA6037031D6
                                                                                                                                                                    SHA-256:65E4D74FD2615DD499BEDE663C9B26ADB00D592AFF890E999FA84A4079B6AB90
                                                                                                                                                                    SHA-512:F10006A7642E7CB0571F24CBAFF085EC5DBF37D492775C01BBCB3FEEBBC112BD09F6C616ACC5AB42554C9F4B2C99F3C97541F319A0DF0811B1042B0CFE517563
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZ............;T......=*......Bu........6#........;T......=*.......I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'..............=.....*..i..;....N...^.................#...O..}Y.A..............J...............................4....I.qk..B.....LZ.............=.....*..i..;................................................................................................(.6.....(.z..... .......$....... .......(.5..... .......$...........3...8.....z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.958850587377326
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:aopDsvAyLEByoXBZdDLoR/JDdyeySeOudWE8N9DkHGJk+yXxe:aopDsIyLE8oXBbDsR/JDl2p8N9gHGmz
                                                                                                                                                                    MD5:7ACB3BE45E14AF6883D8AAEC527E7E0A
                                                                                                                                                                    SHA1:F89E6D62DFBEBA5BF6B302346DC506511966218D
                                                                                                                                                                    SHA-256:12094E4A61BB5B124F94EFEA4303CFCDC4287E7ED1FDC51DD368E85DEAF6B1C5
                                                                                                                                                                    SHA-512:F65A06F1A22E9CD91A5594BA6C55DE9AEBFD69F14544CEB6D7D444CA9DB0EE3CA69611C17AA843FE01FA23B6FFFA4623711A4C44E54E8A247C11BB2500FDA031
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ.6O.)....6O.j2..9..O.&`@.6O.j2..9..O.&`@.6O..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e./k.t........2....N...^...............bo.z...O.Hi..oW..................................................I.qk..B.....LZ............e./k.t........2........e./k.t........2..........6O......6O......6O..........................................6Oj.h...6OT)....6O......6O..L...6OH.]...6O......6O..H...6O..}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i...................6O..6O..6O..z...y.. x.. ...........$........4...!..7!..7................6O:.6OF.6OG.6O..z...y.. x.. ...........$..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.531895520288043
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:qsHqVL1xBinHD1kX8REYuHRRtV7fTu0Lxtcx1sVZbI29c1H4Mt6J:nYcnHD1GUEPHRRtVXgx1AZbImc1H1w
                                                                                                                                                                    MD5:44D88CDE1973C75E93AB2DD28123C9DD
                                                                                                                                                                    SHA1:55DBFF8E830BDD787D3AA1C670C28436A48A60FF
                                                                                                                                                                    SHA-256:7508838DC3F7C65F98175B4683C50E016FD1649C8DFC47ADE84DF6E44A42F026
                                                                                                                                                                    SHA-512:4EDDEE162E437F50A73F5BA09DAF007EC8BA88A7BB032C855543C6397D781882260B39778800CB2008BC84CB4C53FD159EA2C111016EAE359300FBCFB10BC462
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ..1.9.....1:.j..#..".un...1:.j..#..".un...1..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............c.5.....9A.B......N...^...............<.)>...J.....X..............................................r....I.qk..B.....LZ.............c.5.....9A.B...........c.5.....9A.B.............1.......1.......1...........................................1j......1T.H....1.......1..\....1H......1..3....1..O....1..........Z4...........................................4../4......p...............C.a.l.i.b.r.i....................1...1...1..z...y.. x.. ...........$........4...!..7!..7.................1:..1F..1..z...y.. x.. ...........$......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):3.202755048126972
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:5NS8H9JU32V2BFDZ02KZeOH2QdD29LykvZaiRS22Yl8Z3ZvLuy812JZHiNCSH:5NS8H9JU32V2BFDZ02KZB2QdD29LbvZT
                                                                                                                                                                    MD5:B847A75C8308056DAD2ADE6142235979
                                                                                                                                                                    SHA1:9E62C2273E6FBB0C2AA4CD5F1A08FD587C477FA0
                                                                                                                                                                    SHA-256:4080B172EA86461A7B5852AF4391DA7EF73BFD03DCA93D2EDE59930160F2C7F1
                                                                                                                                                                    SHA-512:76D8C87B26E9F3B315695D4E2EF74B8A47CDC8B0B75717C0F9148B15EA8A6729B941373E7D6A420716D3799ACBB0365EE6BDAB925960F302890C8A76A77BBE7E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......0 .../.......o....JQ....".........o....JQ....".....I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ...T.....b..2...2d..sI..b..2...2d..sI....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o....JQ...."....N...^................doO...N.t..<.Id.........................o....JQ....".........doO...N.t..<.Id.............o....JQ...."............................................................................................j.e....T.....................a.................. .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i......................z... ..$..............
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.7883717773264047
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:dshHLabw0rqSgF8tuXsdgQwRtxmyqCX0ivE3ugW4XK999trX+MXb1+jCMQpbdh2e:ihHOM0rq3TsmQwRtEy50oruXK9/1+Eia
                                                                                                                                                                    MD5:54F222239E186A4042E0C1A49A06369F
                                                                                                                                                                    SHA1:4C71020FA19762989B48B71F3E76E900C667B3B1
                                                                                                                                                                    SHA-256:A301B24F836CE8EE46EF9FBB5AD4940CB095CF221B598E44244A2125FE97C4D1
                                                                                                                                                                    SHA-512:6BEEBF660815606DEF2D5A8E9351D5C37AA618B4F89BCE26FCAE1970AE46666C13F0D57056B04F0F0F3FE3B87EAF067BA25687BFCC80E0E120174D5E5B1035E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ....9........`......o:.......`......o:.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o........#p..k....N...^...............^....!K..;...&.................................................I.qk..B.....LZ.............o........#p..k................................................................................................j.......T.Q.............n.....H.........9.......V...............Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ...........$........4...!..7!..7..............'...%........z...,4. ...........$>........4
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.701073859086095
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:KsO5uZJqf45BfEQ4wqoSQAi7PWtH2vb/6XLgmzzYRtxcLf97FSKfc9Wbi:HO4Jqf4TfMwqoSZiTU2vLU9kRtuLV7F+
                                                                                                                                                                    MD5:CA2AF6F3F63E45A4C59C294DF8A84747
                                                                                                                                                                    SHA1:D0D185930899542582EAB7D31788A6587511FE9C
                                                                                                                                                                    SHA-256:7159273A5AB77DEB7BA0ADAE7797982ACFCC702D21256C5F295CC5ADB52B02CB
                                                                                                                                                                    SHA-512:DA30E944BF55E20FB5EC76C016E705594269E3960A0ACEF65E89789D72A91A3D4405185C19D92A52B5F8EF06ADE948B547DB6D0225C3C9CC734DD0A6C5C8B8F8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....>.......^...v...2...0 ...+......>...........v...z...@....*...........................................................................................................................................I.......I.qk..B.....LZ............x.e..C..0.......x.e..C..0........I.qk..B.....LZ.I.......oK...6.UN...............I.......I...................................................I.t.....I................................................................4..'...'..............X..A.qF...{HJ.U....N...^................mC..eI...9....................................................I.qk..B.....LZ.............X..A.qF...{HJ.U................................................................................................j.N.....T)................f............. .<............. .......'...8.....z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):4.57846078803772
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:PsjjOtAXpF9eA/OKBP3dU1NSW6BT/uJ2HqyULXSV6/IP6Rt5DdtFP5K1skkL9Ifz:EWAXpHz/O2FU1Ill/uJWq5jzDRtTtFPg
                                                                                                                                                                    MD5:7AAC3526F266BA78909E0E67BCF8D4F8
                                                                                                                                                                    SHA1:392DAAC752C62644CEDE3CE768E65BD0A286C85C
                                                                                                                                                                    SHA-256:932BEF80D25DDC3429EF4762E60D284E5838CD2E0C0B8BCF62AD377AA8C404C8
                                                                                                                                                                    SHA-512:E9827D979FE2DDFA4B59AB8DDEDEBA7B9603936A20251FA79F3A4190B7A2CE5DB3F4A758ED567F2638F95D5BC23DC92E9304F90944EA6C2181865F80774C1B92
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZ.w(.G....w(.....'K*.0.Q..w(.....'K*.0.Q..w(..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................M..,.$...j.o....N...^..................EPprN... ..1.........V...x....................................I.qk..B.....LZ...............M..,.$...j.o..................................w(......w(......w(..........................................w(j.A...w(T.....w(......w(..r...w(......w( .7...w(......w( .........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................w(..w(..w(..z...y.. x.. ...........$........4...!..7!..7................w(;.w(..w(..z...y.. x.. ...........$......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                    Entropy (8bit):4.627609622733788
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:0QRVIpkBg3sXNKuVUGVk5o/xfJmzLThsB0vP6um8pKIab/1tQ787HCvXMRd6Qzsi:0QNm8NS5F7h3jHCi/idG9YOB36eheV
                                                                                                                                                                    MD5:C6D41FCF82EC9BB15A32E65E6A7B4A15
                                                                                                                                                                    SHA1:580E8279068CC5B084C8B8479B1D72492A4C0FC3
                                                                                                                                                                    SHA-256:CBA64B77D2D375648DD5CD418CA3566A2FBE0135653571E6843154AFB33046D0
                                                                                                                                                                    SHA-512:230859357CD1EE072E19C9E1E90E663AFAA3DF4CBDD043250947E730D03E040836B5B6928EC036A6DFD7C6DA04124EFF80A54B6F525BEACBEA390C1E9A77F6ED
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.........%......F%...&......0 ...@..P`..(................%......F%...&..h...0 ...@..P`..........................................................................%......F%.........0 ...@..P`..H..................1C.%G.._u....w.......w.........RdH3.Fx.].:*........?Fx..!5.A..-.-.P..j..!5..1B..d....,..T...1B..........................................................................T.m.....T$....}.T....~..T.......T"e..Xx.T#B....&T......&T.............0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e..........M'......M'b.:.D.;.N..J...*.......*.h.fE../.F.2...............d...|...x...P...w........}..~....3......Xx.............&..........c..,0...e...B4.$........{p.....G...^...?@kO.....................*.)Y.@..9W.....*.M.~.MUo@.......M.~.G.t`.>fA...... G.t.....>.......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344377729821398
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:gxsGkDkFkezqOE88X5F9FRGRA9UBhkFkVykYkKky:AsHoSezW88X5F9DGRA9U4SVrxj
                                                                                                                                                                    MD5:DB0DF982682B97EAD4344A71294E68FB
                                                                                                                                                                    SHA1:5BD5D1F04413D77A6351DD56230242E64F1BFE6D
                                                                                                                                                                    SHA-256:1EF6EA91EEC5D097735144AFECFC8F970B396AB06055797F007E8C4453FF4F2E
                                                                                                                                                                    SHA-512:0AC44591828FD2688291278FB790CEEA0EF3477ECF763A5AAC1C5D6F25D6D420F2FC9B46370F82F2A7FE7618E844CF23F40D92D22F0DEC7966E01F26FE543D20
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..I.......I.@.{..8..l.W..I.@.{..8..l.W..I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............0.k.y..?..........N...^...................s.K.)+.............f........................................I.qk..B.....LZ.............0.k.y..?...............0.k.y..?.................I.......I.......I...........................................Ij......IT.]....I.......I..B....IH......I..B....I..>.)..I..J...................;........4...4...4.."................I...I...I..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........I.......I....#..I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12654
                                                                                                                                                                    Entropy (8bit):7.745439197485533
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                    MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                    SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                    SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                    SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327534495791936
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YsQL94sKattdmOEp83X68U9zd5csSrdhSrH38xoktXqQ9XHV:YsVs3vEpuX6Z9zd54RA4vP
                                                                                                                                                                    MD5:435AE9F3CC8B1A1FA9752AC458667D87
                                                                                                                                                                    SHA1:FBBA6C3724893CD88A9FE853D1E30443A015E424
                                                                                                                                                                    SHA-256:B100DFD25DC433D4A5562D00B80B9AFBD6296C3DB1784DFD79C38764DCBEBC42
                                                                                                                                                                    SHA-512:851D7DC45BB181879CF4D71DC7A14F45106C0592E603E0D5D777154D59875C12B7BB475EB5711CDACAB57C6AD0EA6A09382B13E6CB7817B73DFD77D51618BC2F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.........Pt4...Q.0..o..Pt4...Q.0..o....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............a7.q...;.....&.....N...^...................MN.K....R...........f........................................I.qk..B.....LZ.............a7.q...;.....&..........a7.q...;.....&.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2695
                                                                                                                                                                    Entropy (8bit):7.434963358385164
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                    MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                    SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                    SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                    SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.359088401983543
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:gsbvzsCcY7E/7+XcxB9lhURARfzsvE3xB:gsbvzsCcH/7+XAB9lhURARfzsvE3x
                                                                                                                                                                    MD5:09E25CA8E1D0AE84E08AA5709BDF8C73
                                                                                                                                                                    SHA1:9E4C04A0568FB22DB001A786281F6B6251F6E933
                                                                                                                                                                    SHA-256:175E2932B5807221730A6C986089AE2020BFBAD4D86B783C29A1462B93266DFD
                                                                                                                                                                    SHA-512:AC100D4E56DC06F89572A1B349FA8A6364A44C4AAEA7DAE90F0014FC940E2DB514E812AE69E6ECC54ABB77641DBD57EACE16D84982FFEE5E98B18802248A159B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............e.1..D4._.L.....e.1..D4._.L......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G..=...<..T..A.....N...^...............&?K<W..@..n...G.........f........................................I.qk..B.....LZ.............G..=...<..T..A..........G..=...<..T..A.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11040
                                                                                                                                                                    Entropy (8bit):7.929583162638891
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                    MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                    SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                    SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                    SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.486216847635323
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:GsBR+BuCV7a5tNxtUEP3F7fXO9ryuAccwrdHrFd9CxtX9DvYT8Jn:GsWZhaRxWEP3FLXO9ryuAeRLVCxvC8
                                                                                                                                                                    MD5:AE7666FE283C239A4A5C2E3A570522E1
                                                                                                                                                                    SHA1:9712599CDD9D064D921E4EC09CF9338FB7707B22
                                                                                                                                                                    SHA-256:3EC673D0C5C8F9294199FCB464CE6FBF0EBAE8274342524F0B21A9E02191B66F
                                                                                                                                                                    SHA-512:74C93E3B894BAEF3E707B5A1DB9184C69C2D2F52B64ABABE268D1FCC95ABA6E861F84337691D56016E8FB3C82E5B81DF61E3C5EB220A319ED21A388A0E65E7BF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ............u.......9.F....u.......9.F.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............X.QoJ..5.e-.:5$....N...^...............~.\.'.O.._FN.J.........Z................................... ....I.qk..B.....LZ.............X.QoJ..5.e-.:5$.........X.QoJ..5.e-.:5$........................................................................j.......T%c..............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2268
                                                                                                                                                                    Entropy (8bit):7.384274251000273
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                    MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                    SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                    SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                    SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):784
                                                                                                                                                                    Entropy (8bit):6.962539208465222
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                    MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                    SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                    SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                    SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.741499649342137
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:1s1ymg+9VkBuspWEVPXP9oWhRQ5mIlje:1s1W+kNdVPXP9oWhRCVj
                                                                                                                                                                    MD5:3B3F27B1EDFC578B753658350B14841F
                                                                                                                                                                    SHA1:8D93306C580548598F32F8B282D279D64FCBD3C7
                                                                                                                                                                    SHA-256:B8A30A77F07D5AFDFB53BC93B60FAD7DEE3FE3C1FF39A2F04DBD0AA2247DC025
                                                                                                                                                                    SHA-512:044718C00662C8D8B35821A1520DDDD79B9EE91AFA36D65F6AF207AB96389E97D6C739E3927EBE44CF7A84FD67E0C4A69B6CA7E0EE952E8DE838498CB4B9811A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ/.+...../.+.K...5w.|..BX/.+.K...5w.|..BX/.+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............x.]..'.n6.1I....N...^...................*.7I..SI...............................................^....I.qk..B.....LZ.............x.]..'.n6.1I.........x.]..'.n6.1I........./.+...../.+...../.+........................................./.+j..../.+T.l../.+...../.+..Q../.+..Q../.+..>../.+...../.+ .3...................;........4...4...4.."............../.+./.+./.+..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........./.+...../.+....#/.+............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3009
                                                                                                                                                                    Entropy (8bit):7.493528353751471
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                    MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                    SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                    SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                    SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2266
                                                                                                                                                                    Entropy (8bit):5.563021222358941
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                    MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                    SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                    SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                    SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.357516738627187
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu2sVBPX1nKmKtKLEgdMWXT1zW9eDoRrdQqrCBFvBXxNpgA5:YJsrlKmKqEnWXxW9eDARQygV
                                                                                                                                                                    MD5:90093FC670A8D636F47DCBD118007853
                                                                                                                                                                    SHA1:2F7C4D8CD265F93C2243C1046C934BF850E057D2
                                                                                                                                                                    SHA-256:43162BA687C89FAB55D39E2D664F775E5403FD3199F24053C9DFD1BFB43D5C15
                                                                                                                                                                    SHA-512:A101AC083CBF0B5288AA1B5CB053738756198436CD94D9319FADBEB7E8548C2F8F08C614B00B5EF1002B6B80C59EA280255538595D98A965B31D20E2B1A37A47
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.q.......q.jD..."..GM....q.jD..."..GM....q...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............2E._......}.....N...^................[..F..D..Z.6..P........f........................................I.qk..B.....LZ..............2E._......}...........2E._......}...........q.......q.......q...........................................q.j.....q.T.]...q.......q..B...q.H.....q...B...q...>.).q...J...................;........4...4...4.."...............q...q...q...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........q.......q.....#.q.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):99293
                                                                                                                                                                    Entropy (8bit):7.9690121496708555
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                    MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                    SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                    SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                    SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.37368650950026
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu4dpXsXfakQx65g2stfilxEVpygkIX1vGkI9+/oprdQqr2rBXnIsH8oB:YJDXsi5k/sOEPTX09+/QRQyoGUh
                                                                                                                                                                    MD5:A157447A0014C935474E67F48D57692A
                                                                                                                                                                    SHA1:7F69DEE0240689B870554B1C0261B1B61EB6E687
                                                                                                                                                                    SHA-256:0A277DDC778401D5328240E6921135B42160E3C538B4031B4691B38708F06B90
                                                                                                                                                                    SHA-512:7C2CBB0FE6AAD282F51A3512D617E96FA1B3B4FBAFFED2B39146010ED073ADE57BDEAF4C72FCC6CD0BF05E94AE670A486DE2E8CCC6A6B5C1DC708748D3549A72
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........Q6...;$l.)..*...Q6...;$l.)..*.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................C..^./{6.(8......N...^.................FR.OD...=...#........f........................................I.qk..B.....LZ...............C..^./{6.(8.............C..^./{6.(8..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2898
                                                                                                                                                                    Entropy (8bit):7.551512280854713
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                    MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                    SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                    SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                    SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.336928442001352
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:PfysVvykaEShMXnrt9MmMRQyRz1HM6Lg:PfysNyITXx9/MRJRJz
                                                                                                                                                                    MD5:36414FF67392344CCC64517F21561ABB
                                                                                                                                                                    SHA1:C213ED14D5A5F7B489C789C55F7325C98BABEE61
                                                                                                                                                                    SHA-256:29353355DB9BBFC671C8D03CE543E2A841B666AB2F5A29F1D78F8FB373264CA8
                                                                                                                                                                    SHA-512:274EDB893EC4AE56B221EB8B8382838BD065713AF6A471D840E7DC9061B727A9B5751507A212E1B89485D1B21DB2F10858C2C99817BF5FB1128FDECFF89FAE15
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.[.......[......#.r{.f..[......#.r{.f..[...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Y.....S.g.......N...^..................B,]rO.'.F...........f........................................I.qk..B.....LZ...............Y.....S.g..............Y.....S.g.............[.......[.......[...........................................[.j.....[.T.]...[.......[...B...[.H.....[...B...[...>.).[...J...................;........4...4...4.."...............[...[...[...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........[.......[.....#.[.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):29187
                                                                                                                                                                    Entropy (8bit):7.971308326749753
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                    MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                    SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                    SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                    SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.346631452860475
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:DL41ssbh9amy1+tWJEYYOt72NX1+92folrdQqrsVBXJU9zPf1:4s1h1+kEYY6mX1+9Q0RQyYWX
                                                                                                                                                                    MD5:9F4066587A70406EEA89328118A593AC
                                                                                                                                                                    SHA1:98B0D9C2C1E9B4C683A4EC2ACC014DBE6C19369A
                                                                                                                                                                    SHA-256:9DCC6FD99F39EE171343C8084EC9FA24521C7858C35EA650E273F225556C3278
                                                                                                                                                                    SHA-512:70256AF882EB818D4C750C858D45B8B2B901660209477B88401522DDE8C6F7D4133770ABE27631B0B1EFFE59E24FB8D272EAE18475C82847A055EC83AE195312
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.u.......u....&.<$.#..|.u....&.<$.#..|.u...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............%..#G.....Oy...6....N...^.................R.f.J....g.%.........f........................................I.qk..B.....LZ............%..#G.....Oy...6........%..#G.....Oy...6..........u.......u.......u...........................................u.j.....u.T.]...u.......u..B...u.H.....u...B...u...>.).u...J...................;........4...4...4.."...............u...u...u...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........u.......u.....#.u.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4819
                                                                                                                                                                    Entropy (8bit):7.874649683222419
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                    MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                    SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                    SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                    SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.356843353576967
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:usTFbiDS88+mt7PEnV59vpXvLp9WdoFrdQqru3E5UBXT7kHa4V:usEDS88+mpEVzvpXvLp92kRQyz5UZm
                                                                                                                                                                    MD5:6EE6B610F0DA9CD2C56E3B1F03F49316
                                                                                                                                                                    SHA1:BEB150FFA8745022F64FA5F416559167304AD5D0
                                                                                                                                                                    SHA-256:6A0BE094E307B6A4AA3D382B5DFF8E886B610DD9331913764AB00CC998283B1F
                                                                                                                                                                    SHA-512:024888DA3ACEA458F40149F1AF4D1AA260C6767C0AFAFF26B5F067741145161F5F6D495C727B9179FED3397C70B58E3505FE828E7C3B0A98FF18C04DC637408B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ_&x....._&x.KY..>4.a~L.._&x.KY..>4.a~L.._&x..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............3...D.$T..21....N...^...............m2....(F..p;~..........f........................................I.qk..B.....LZ.............3...D.$T..21.........3...D.$T..21........._&x....._&x....._&x........................................._&xj...._&xT.].._&x....._&x..B.._&xH...._&x..B.._&x..>.)_&x..J...................;........4...4...4..".............._&x._&x._&x..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........._&x....._&x....#_&x............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1717
                                                                                                                                                                    Entropy (8bit):7.154087739587035
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                    MD5:943371B39CA847674998535110462220
                                                                                                                                                                    SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                    SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                    SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.308549188122126
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:us1CsgopS9EKd5xXSI99IRQyjJi/xDV0:usosgTaK1XSI99IRJVi/xD
                                                                                                                                                                    MD5:248154952B54B65B7AA1E769A7F29FB6
                                                                                                                                                                    SHA1:301FFBA2E58239CFEBD509E55D7CD145A14D2C83
                                                                                                                                                                    SHA-256:65A98B4BB18D79A173A8004DADA1E2B91B34A4E046EFD8BE3C3BCAE0484F581D
                                                                                                                                                                    SHA-512:0E9E0E405A33B29A9C0BFEEDACBF4BD59300718BC94AD6E070BFF26A808D12A92856BD73675C20C637D1D403A487A256CDC9F6169F6AE8F381D08D349159D5A1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............dx..7?4..2/.....dx..7?4..2/......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............@..lg...#q..b......N...^.................!....E.%.e.ey.........f........................................I.qk..B.....LZ.............@..lg...#q..b...........@..lg...#q..b..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3555
                                                                                                                                                                    Entropy (8bit):7.686253071499049
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                    MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                    SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                    SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                    SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.317369559616249
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Is+Ws7Q2T0tglDEl1XDeF9WloBrdQqrbwGxel2BXzE96ox:IsW82T0aEjXw9OQRQyEN20
                                                                                                                                                                    MD5:A32FBDFDB37DF7CC938B2A4C4CDBBB63
                                                                                                                                                                    SHA1:836F6061CCF78A0D578A510F99D9EF67F97EF6A5
                                                                                                                                                                    SHA-256:B86F3856B7B0F5FF614A438FB95E987E1B4C45921BE973E6697F7655175B093F
                                                                                                                                                                    SHA-512:C9A62BF389075B8DCBEF4FC552DB5B6DAFE6A77B65B55AB00AC4B5E524233F38DDE50E5223D3202BF920BD53C6D125A84ABEF03A9478BD0CF836B1EA32DAADC1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.a.......a..J\.......lD.a..J\.......lD.a...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............|..w..##..j.F.....N...^...............Z,...iE.D..b.4........f........................................I.qk..B.....LZ..............|..w..##..j.F...........|..w..##..j.F...........a.......a.......a...........................................a.j.....a.T.]...a.......a...B...a.H.....a...B...a...>.).a...J...................;........4...4...4.."...............a...a...a...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........a.......a.....#.a.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3428
                                                                                                                                                                    Entropy (8bit):7.766473352510893
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                    MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                    SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                    SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                    SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.34779154360075
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5mBsnKEaLKMtn6LoEXNrx7dXgz9FsdeogErdQqrlUIaBXo09ghcJ:5mBsnQKMhEXNrxpXc9FdERQySXWc
                                                                                                                                                                    MD5:3246649BC5618388A38AA31497DDBEBC
                                                                                                                                                                    SHA1:0F5BE20D5CFEC88D50C12AD12CAAD2615511BE2C
                                                                                                                                                                    SHA-256:EC3933D9EEFE15B41A567A44D10AEF36A9EEC74414DB751CFDBD1CFE1233E1C5
                                                                                                                                                                    SHA-512:4F127D1C9BDEA666E8CE546ED4280835CA99CD5B62A8C0D355ACE0B9BF49C74497A90102DEC1B5C0491765DD1F51FA246433F729F3DFDE3732CBA68B0BD7069E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..k.......k!-|`.!.....9..k!-|`.!.....9..k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................0........N...^................N..?.uE....@V.........f........................................I.qk..B.....LZ......................0......................0...............k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........k.......k....#..k............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65589
                                                                                                                                                                    Entropy (8bit):7.960181939300061
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                    MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                    SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                    SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                    SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344804100228283
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:dQshQZgv7P5Emd4Xl9GARQyVqduZoSEACm:dQshQZQ7+mCXl9GARJVqduZoSEAC
                                                                                                                                                                    MD5:3335A1AD2E880E4DF4103D5C82B3E4BD
                                                                                                                                                                    SHA1:1E43668908E3CCDA25CAF08B5E13FCCFB2FEE553
                                                                                                                                                                    SHA-256:31C42A2C647E245BDB302B21557B0475035800CF01848A802CF1135CD45374CF
                                                                                                                                                                    SHA-512:87DBCC748C4DD2A529B2E1817554B277601EDB86B4F36E5E93CE6E8613B011DE566E89A60862FCB80575C51FE04E83EB63BF1E021F703CB7FB0C7D972F99F52A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~.....................................?3..>vE......I.......I.qk..B.....LZ...?3..>vE.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.....................$...K..W....N...^..................[ELA....i<^.........f........................................I.qk..B.....LZ....................$...K..W................$...K..W....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1873
                                                                                                                                                                    Entropy (8bit):7.534961703340853
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                    MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                    SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                    SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                    SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.464433240703984
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Hejs4gR6yUWEdcX1c9TIJRQ5fVo7cZ5oy23:Ws4g8yU6Xy9TuRCfVowZ5on3
                                                                                                                                                                    MD5:A9D10253E91B34290AE676843214F861
                                                                                                                                                                    SHA1:1F92B16EF79D8BCCD7F4E581ACF51B1B08BC531E
                                                                                                                                                                    SHA-256:CC32C7DAD2A7E0496813585F5FF67641FA192AFEEF992334669C311742324DCA
                                                                                                                                                                    SHA-512:D230D4F145AD66B5483E2CD0B2C47C524333B958BAF205FC1EB17185FD5CA2818DD1F21E7E0B01EBA9CE30DCEC79A9C4F86671D1F6FE85EEF75CC0CC1163A2E8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ..........C/K.!...K..|...C/K.!...K..|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............:...>...3Tz.r.....N...^..................^..O.9.n............Z........................................I.qk..B.....LZ.............:...>...3Tz.r..........:...>...3Tz.r.....................................................................j......T$c.............G......H......>........... .3...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5465
                                                                                                                                                                    Entropy (8bit):7.79401348966645
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                    MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                    SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                    SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                    SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3361
                                                                                                                                                                    Entropy (8bit):7.619405839796034
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                    MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                    SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                    SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                    SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.338776747258325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Ks1ciLYRgLdtK66Usm/ED5oCpXcw9uzoRrdQqrPCGh8+BXHhfW0tDlp:KsggLdQKE2WXJ9uzARQyPCG++vRDl
                                                                                                                                                                    MD5:272D5DCB4ECFC10F30B04BADEB573A3C
                                                                                                                                                                    SHA1:BB3E9F3503604959EA653A3B66E8A504A795AB8D
                                                                                                                                                                    SHA-256:493181A1473A0D9B013BFD1A6E0FADCC04CE2DC75C0A9F839378659660C0F430
                                                                                                                                                                    SHA-512:B5D96160482DE9A6793195217F198D63F54C9DFE78C9B15AA4BDC356C0AAB4F23326619219D3311F6F7316CA9124E7224A660F5F959CE32F44EC402D3E89E8D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..C.......C..6{."._..1..C..6{."._..1..C..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............mp..;M.$....z0.....N...^...............X....R.I..x..-3.........f........................................I.qk..B.....LZ.............mp..;M.$....z0..........mp..;M.$....z0............C.......C.......C...........................................Cj......CT.]....C.......C..B....CH......C..B....C..>.)..C..J...................;........4...4...4.."................C...C...C..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........C.......C....#..C............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):140755
                                                                                                                                                                    Entropy (8bit):7.9013245181576695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                    MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                    SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                    SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                    SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.365943170174532
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yumss1c5FikEInlN7t71ZOxEuVLmRXv89SuooysrdQqrzwJYkBXx9YZ+GG:YpsL4ClN7h1ZyEuVCXk9Suo8RQyfkf
                                                                                                                                                                    MD5:BDAC92271AB9301470C949BEB6B44EEB
                                                                                                                                                                    SHA1:A6C00F91C23E0EB92632B3D56723762488E3E9A1
                                                                                                                                                                    SHA-256:9C31BD8CAFC86DB3137F68BBCC85FE72914108E9C378FE69C56318E53D5F8079
                                                                                                                                                                    SHA-512:EB43918A8CD6286D465A5BA60BB224FFC7446B50E61CFFB2A78D44ACB6D940711679D4AD64C352F861FC0D5450668B21DF0CED64419D7FFF7C6B3273C85CC577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..T.......Tr..L.!.^...+..Tr..L.!.^...+..T..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............\M...r..`....-8....N...^...............{...W.D..{............f........................................I.qk..B.....LZ.............\M...r..`....-8.........\M...r..`....-8...........T.......T.......T...........................................Tj......TT.]....T.......T..B....TH......T..B....T..>.)..T..J...................;........4...4...4.."................T...T...T..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........T.......T....#..T............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129887
                                                                                                                                                                    Entropy (8bit):7.8877849553452695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                    MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                    SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                    SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                    SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.349998409272559
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuaVshdcig7EEbtgTXEr7LnXwF9o9pJoVrdQqrbieBXrlXGcp:Y3Vs7Dg7TbODEr7bXwF9epJkRQyeeOc
                                                                                                                                                                    MD5:268C4A7767ECAC0F6D56E08ACCFAA849
                                                                                                                                                                    SHA1:0FBE4D0DC21C0E552D339F086C3D655BFE218494
                                                                                                                                                                    SHA-256:F300B0795B5CE68CE9A487F10E18D12C3EB43D0D411935B60FA437F93D01E639
                                                                                                                                                                    SHA-512:CD26DA5CF7C77A7BF7599845D3A7942382576FAAE58DA7E5F460D7315CADDC6663EC162385469B3A51130DDB27D1C7590EDF9FA2EBDE9D3A195E1B26226F1371
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZb&I.....b&I.s.=...<..yb&I.s.=...<..yb&I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|..rDmW......2.....N...^...............M.3P..@.f.f.V.........f........................................I.qk..B.....LZ............|..rDmW......2.........|..rDmW......2..........b&I.....b&I.....b&I.........................................b&Ij....b&IT.]..b&I.....b&I..B..b&IH....b&I..B..b&I..>.)b&I..J...................;........4...4...4.."..............b&I.b&I.b&I..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........b&I.....b&I....#b&I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84941
                                                                                                                                                                    Entropy (8bit):7.966881945560921
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                    MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                    SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                    SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                    SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327824874825786
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu1cbcpesEvtFvgpt8r+fEe+hTXU9CUolrdQqrjxEccBXSZbVN:YQiXscgpnfEPxXU9CUkRQyFEly
                                                                                                                                                                    MD5:704ECCE9690E16FD190313A39A85E001
                                                                                                                                                                    SHA1:6D81AFB18EBACB30A09D751C88FD4B5A4B13893E
                                                                                                                                                                    SHA-256:C69718F039E10B3C2DA0450268F2A5D2BDF07DCFC81B7490989016C6A32B018D
                                                                                                                                                                    SHA-512:F80228840EB7642B8ECE3B054B18D953F6EB8A1EFA36C61D5BF68120130F0A34615C19F327BCE648C96D9C709C09FD366AD65753309FE9C4C4B3083E2BCCE05B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ................=.n"..\........=.n"..\.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............~.9.%..7>&.#.}+....N...^.................c8:E.A."...\t.........f........................................I.qk..B.....LZ............~.9.%..7>&.#.}+........~.9.%..7>&.#.}+........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1569
                                                                                                                                                                    Entropy (8bit):7.583832946136897
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                    MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                    SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                    SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                    SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.329641296414055
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:4sbzwwRWcAykEplEXQ79qUoRQyMS4bTwHHNTq0bOxW:4sbMwMczplEXo9qUoRJMzwnNT
                                                                                                                                                                    MD5:B7670C1C431636CDF412211E3FE0F345
                                                                                                                                                                    SHA1:0B685C2F49039A9122E0D58B516F957FD1D9815D
                                                                                                                                                                    SHA-256:EC5A663FF13EAEB7A936492ACF8FDDAD7A881F7FBD7C1AF822899C518BC603F4
                                                                                                                                                                    SHA-512:C6D413AAE040B831258EC7C124776D4D80CB19C97973818F430A3ADDBEE29AFF03FC6762F7A2FBA575D93622F05A43523280F21B639E7591558D1F6008AFF0B6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZDy......Dy.v.n..S3-c...Dy.v.n..S3-c...Dy...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............T...c...>..v.3......N...^................p.....M.Id.J..........f........................................I.qk..B.....LZ............T...c...>..v.3..........T...c...>..v.3...........Dy......Dy......Dy..........................................Dy.j....Dy.T.]..Dy......Dy..B..Dy.H....Dy...B..Dy...>.)Dy...J...................;........4...4...4.."..............Dy..Dy..Dy...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........Dy......Dy.....#Dy.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40035
                                                                                                                                                                    Entropy (8bit):7.360144465307449
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                    MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                    SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                    SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                    SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.607142099692814
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:xsSp40S09EtL9R1E3/L23IXII9ozlotrdQqrL6BXdYDd5d:xsd+9Ep1E3/xX59ozlsRQymAj
                                                                                                                                                                    MD5:ADE97B0517A7BD0ADA4C9D792058DAD3
                                                                                                                                                                    SHA1:B33C7C186782F412813694A2E28E81ABB174CE29
                                                                                                                                                                    SHA-256:A349F5A667E5CD8F01CB925AD38111DD9F5DACF52510956E55AC749981F95A05
                                                                                                                                                                    SHA-512:E43F8610A021D95CFC3D9ED3C84AF16B06F80A2FA016DEDBD3F63FC3AE88CD2C095BB04E11ACED85BA84D92F69965C231A68103FA28A6930CAB9FE635003D037
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v...~...................................................................................................................................2...>...f.......v............................................~..e......I.......I.qk..B.....LZ.....~..e..........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............h]r.%...........N...^................N.:...E.Rz.8..........f...................................:....I.qk..B.....LZ..............h]r.%.................h]r.%...............................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):242903
                                                                                                                                                                    Entropy (8bit):7.944495275553473
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                    MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                    SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                    SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                    SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.309143139623511
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuwoesVjKu6ie2cktby+EXMRLrXoB9OIoblrdQqrvV2BXO1Cux:Yj9sMuJpckh5EXMRHXoB9OIwRQygC
                                                                                                                                                                    MD5:ABD31199D3ADEC5974CE11F711357FA3
                                                                                                                                                                    SHA1:0823ADE8CF392182D255A7DF9A1AA2FA02597501
                                                                                                                                                                    SHA-256:9ADB16942EABE7A0E902454369E42C57E31B80F103370BEF749F1DE8AA160243
                                                                                                                                                                    SHA-512:C21C56B75491CC62E5E50A971FB895DAD0DC23A2D13E26186A0AF346835333983721E64DBC750C7BD166927B14AF4E8D9FDBD972F535F12973D48BDA83CDF8F5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x.......................................e.8...@.f...I.......I.qk..B.....LZ....e.8...@.f.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............3..W.H..%x4tD%.n....N...^..................86].@...............f........................................I.qk..B.....LZ............3..W.H..%x4tD%.n........3..W.H..%x4tD%.n........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):70028
                                                                                                                                                                    Entropy (8bit):7.742089280742944
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                    MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                    SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                    SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                    SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.352524411915079
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:2sJU0HxzKmwY8zdE5VpXr9C9wRQySz0Hx9sl9Vv:2stZKmlU6XpXr9C9wRJSgi
                                                                                                                                                                    MD5:42469BE86D3291DFF42C37C46049E28D
                                                                                                                                                                    SHA1:98848CE9A84A7EDD27BF918F8CA5D6DC38FB6B1A
                                                                                                                                                                    SHA-256:02BD8D1BDD9A491657CD715DF9FCDC3477EBE5116727D001DEF0497F54298A63
                                                                                                                                                                    SHA-512:175EDD25C1AEF2B2A6AEF21F45B6E69E86E3F4BDBBE73A6A6EACE60BC852D8DE61A6B4C4BCE24A6FA2C60243F118FCD5503D4AD9DA70B5B8ADAACA41D7F589A3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.,.......,..@.,. .7.8....,..@.,. .7.8....,...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............byz.K....qH..F.....N...^................x..#.K.j.=...........f........................................I.qk..B.....LZ.............byz.K....qH..F..........byz.K....qH..F...........,.......,.......,...........................................,.j.....,.T.]...,.......,...B...,.H.....,...B...,...>.).,...J...................;........4...4...4.."...............,...,...,...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........,.......,.....#.,.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.345719350019819
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:h4saadmAtdEv5dSMta+tZJQEr0AX+Q9eYoqKrdQqrDxzM1DBXWgcGd0dioPWIEC:h4sUv5dSMtjyEFX+Q9eYYRQygDl4H
                                                                                                                                                                    MD5:6128F29B46A1BDE4B52EC14F2E5C2C74
                                                                                                                                                                    SHA1:19EEB1000902D06B2B9D5F5EDB76CA2A72EDBAAC
                                                                                                                                                                    SHA-256:BB75404842E6A18F4B186569229CAE09E46B04DE2D83016EBF9EF3087E9E4CB6
                                                                                                                                                                    SHA-512:923BAD07709709FB246DA0428AA22A96E0280DFD4984290778B845D199A1F3379BADFFF2935C2B9C311C21D92E988A129A14A1DF2C4136C3D0F440ADA1BC185A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..&.......&.w %.=DN.......&.w %.=DN.......&..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............yf.../R.,..T.>.....N...^....................@D.VAJO...........f........................................I.qk..B.....LZ............yf.../R.,..T.>.........yf.../R.,..T.>............&.......&.......&...........................................&j......&T.]....&.......&..B....&H......&..B....&..>.)..&..J...................;........4...4...4.."................&...&...&..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........&.......&....#..&............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):47294
                                                                                                                                                                    Entropy (8bit):7.497888607667405
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                    MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                    SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                    SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                    SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.485483028944822
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Qsdk3ovnwmVHYtNcEwLkFLNXRFu9AtOorBrdQqrL4mMBXcGkFP1J:Qs3wC4MEw0XRFu9AtO2BRQyfMU
                                                                                                                                                                    MD5:462EEAEA5665884FEE6E6824F95B33A8
                                                                                                                                                                    SHA1:49A1CBC721AEE23AB7EF2762BDD9ED89EE8FD886
                                                                                                                                                                    SHA-256:DB5C8191C74E8768B0E569202AAB667422F116CBD14259356611CF02974798CA
                                                                                                                                                                    SHA-512:3B690CB557CF752EC79A0BFF6184306E912C1107B4E137FFBE3E033EA9A00092F56887045EC08808DBCA623B7C2BA7F339154ACC21B6483183C991C58756485C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ!.......!..f..../ab..O.x!..f..../ab..O.x!....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............GO(...i.-.X...v.....N...^................5.P6.IN....P..........f........................................I.qk..B.....LZ............GO(...i.-.X...v.........GO(...i.-.X...v..........!.......!.......!...........................................!..j....!..T.]..!.......!...B..!..H....!....B..!....>.)!....J...................;........4...4...4.."..............!...!...!....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........!.......!......#!..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):347
                                                                                                                                                                    Entropy (8bit):6.85024426015615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                    MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                    SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                    SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                    SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.231197751935102
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:os1uiDUwfEVXU9Kip0RQy8lJCY8FCpRL:os1uiYwMVXU9KK0RJw
                                                                                                                                                                    MD5:F45D285BDDBE61F35F9D95E1D05E5B3D
                                                                                                                                                                    SHA1:A95D7859BF60EE94ECAEFA1D4954B6B2A015FB9B
                                                                                                                                                                    SHA-256:247BB5CD8C577253A1E18565BC11DB83AF5032FA1473709085124557C5DDCE81
                                                                                                                                                                    SHA-512:D4DB92928B4A9C85CC560C3E8FFC1DA701AAF7D4B9CB7C38E0ECAB6D9ACAEC07B6AB050B4E7B44C4697EAD8750D3C6352FDBDF121A5893D3903FE607F429D561
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........8..........s...8..........s.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............sa..ou......7g....N...^.................Pv.#|O.b..q;..........f........................................I.qk..B.....LZ............sa..ou......7g........sa..ou......7g........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):827
                                                                                                                                                                    Entropy (8bit):7.23139555596658
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                    MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                    SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                    SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                    SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.320469541241834
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:2s7NDZGj0vgn/EXn4KXngK9GgwRQysIClDWpeEfU:2s7NDZc0YsXnXXnP9GgwRJbClDWpeEf
                                                                                                                                                                    MD5:FE5A1F8B2DD536B65626AC3C002E5A67
                                                                                                                                                                    SHA1:FE3A80EBEC35E1DAF0DE03C4C810D18F97AEDBC1
                                                                                                                                                                    SHA-256:AED3593A3635924E0E299CFDA790D33631549292AD9267E5DD11683700766C13
                                                                                                                                                                    SHA-512:14651F909B94D54C8CB1349155F2B2618BC143DF5135761ADA561941E5C22A009C9755977E9A6E9AAE0596692987135609B7BFD3E4CDB307B44DD63DCBA501D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ........... }......k....... }......k.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............jb.D.t.1....G1u....N...^.................r.&..C...............f........................................I.qk..B.....LZ.............jb.D.t.1....G1u.........jb.D.t.1....G1u........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4410
                                                                                                                                                                    Entropy (8bit):7.857636973514526
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                    MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                    SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                    SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                    SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.330306804914361
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu2sDQ6Nz6+nyGtVyhgEZUncf0LSXHh9+23otrdQqrEeKNTBXwRf3JBFp:YhszQ+nyGf1EZnf0GXB9+KkRQyEB2L
                                                                                                                                                                    MD5:C7B71E3B7B9886475B9BFE769F881F09
                                                                                                                                                                    SHA1:560CB809A14A715391C9724E1D138B07677AA69F
                                                                                                                                                                    SHA-256:70F9C35AD0E641D52C7DD0B5862A16C6A6A2EFA86F4AB7B0019396C08E31F987
                                                                                                                                                                    SHA-512:8EC1F328A3B972CCE3F990CD6199AC894ED3F8F0C00A2137E872E64FC836F0EF284F856E53D5D16A8C671439A1C55152412AB472B016637518DB3E1B3B427909
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ...........a;...;..w..0J...a;...;..w..0J.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8.v.f.....}..n......N...^................l_i.d.E..{...!........f........................................I.qk..B.....LZ............8.v.f.....}..n..........8.v.f.....}..n..........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):136726
                                                                                                                                                                    Entropy (8bit):7.973487854173386
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                    MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                    SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                    SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                    SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.333119899023718
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:qBsWo9R7Og5H6kttwEKHL35XD9muolrdQqrCEBX4t67+OqtKkhJ:qs+g5akIEKHlXD9muERQyPiJ
                                                                                                                                                                    MD5:3A412A9F0D2D74EF54041EAFC34DEAD5
                                                                                                                                                                    SHA1:A206493D10E496A834612116EF4D3C34E134AA74
                                                                                                                                                                    SHA-256:DD00A081DFB22E860FCCD84C30C6ACBF64FFB997C44D0B3BA081E0CC8C9C7B25
                                                                                                                                                                    SHA-512:3B9C03E334263F87310137DFD426D860F35F455505AB09842BA965D4B38392A8173081C1C5F06AFDC3B75AF842B2571E4251F0C9BFE8719F1DD04D790D1A30A6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZs.S.....s.S..k...&...7.2s.S..k...&...7.2s.S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............C...;..?......N...^..................cp..M......8........f........................................I.qk..B.....LZ..............C...;..?............C...;..?...........s.S.....s.S.....s.S.........................................s.Sj....s.ST.]..s.S.....s.S..B..s.SH....s.S..B..s.S..>.)s.S..J...................;........4...4...4.."..............s.S.s.S.s.S..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........s.S.....s.S....#s.S............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5136
                                                                                                                                                                    Entropy (8bit):7.622045262603241
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                    MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                    SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                    SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                    SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.341693806511469
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:zWQDsGsSXVXPm9UaatFIY/EBuKX+gK9a+W0olrdQqrecBX4A2UV+TOWgOlh:NDsMPmiaa/VE/X+P9a+BkRQyLNm
                                                                                                                                                                    MD5:39811E106EA814C9D4B6CE5FCE2A309E
                                                                                                                                                                    SHA1:8C80B0EF3454FEE23F6599472EB3B502D3BDA064
                                                                                                                                                                    SHA-256:2BEF7D93C19AF9CF1536132D82666C0BA4B7A0FDC32E01B32E2F3F0E32C61B2E
                                                                                                                                                                    SHA-512:057704D82681C59540A23B850B4CE2E3C0A026F2F2671F593B558D26E1AE90872EBF325B2B82632D8A5E4DE3B596E6D5AC2289ACD3AE32D9A924F159CD65739D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ...........q1....Z.3|..J...q1....Z.3|..J.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................F.l.#W..........N...^................-.....I.j.#[;..........f........................................I.qk..B.....LZ................F.l.#W..................F.l.#W..............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.435449486954982
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:A9CsUQTXE0UusEbJXbA09SLZRyFU+pKlvGC++sdBK8qz:JsDE0FJbJXM09SLZRyFUv
                                                                                                                                                                    MD5:4685BAE2FD3B9999E2E508E7C4B69204
                                                                                                                                                                    SHA1:7FE72476EF97E68BFB7FBE58382DC95C93DA5566
                                                                                                                                                                    SHA-256:114E619E5060DA1A6370543E07EFA0B905686FCB9631E5A6F89A7147D03C25FC
                                                                                                                                                                    SHA-512:E21C94C630A190158A0E89957C2D05D3EE399DA84D34CC93574C957B5567B898C94E208531FB259213FE9365B2FDB56978F53417F875F3C8269EB2056C4BDBD0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.Y.......Y......2..>....Y......2..>....Y...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............O....G..;.M^..f....N...^................A.i:..F..kit[.I........f........................................I.qk..B.....LZ.............O....G..;.M^..f.........O....G..;.M^..f..........Y.......Y.......Y...........................................Y.j.....Y.T.]...Y.......Y...B...Y.H.....Y...B...Y...>.).Y...J...................;........4...4...4.."...............Y...Y...Y...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........Y.......Y.....#.Y.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):79656
                                                                                                                                                                    Entropy (8bit):7.966459570826366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                    MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                    SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                    SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                    SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.432671833185752
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:S+QsXYVCX+MUEcWXMLDR97JERy21xOYaj:wsXYVCXXcWXMLDR97JERyKxOYa
                                                                                                                                                                    MD5:7E1CFB22BEFBC6BB9B56570133B7F78A
                                                                                                                                                                    SHA1:51363952B36A87758CD15D520B0C3F4F21035C60
                                                                                                                                                                    SHA-256:D229058F80DC75DFA11A3650B4F37B1DB7366AE9575CBBDF07D27A22BBF0B28E
                                                                                                                                                                    SHA-512:E486E46CE6A05AB948EEBFF2B960672CFE40427D3818EB91DA32A5223DD6FF5EF555E8256D99E94A40DE57BB3CF02C9CE36EE3B510377389CCCE2FDBC45BC168
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..4.......4.e. .4*.u..]..4.e. .4*.u..]..4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wX]..l..1$D..{.....N...^.................m....L.".n..>Q........f................................... ....I.qk..B.....LZ............wX]..l..1$D..{.........wX]..l..1$D..{............4.......4.......4...........................................4j......4T.]....4.......4..B....4H......4..B....4..>.)..4..J...................;........4...4...4.."................4...4...4..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........4.......4....#..4............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3284799323108345
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:YuSFs194N/u5QJ7+hSOt5OrTEf/+jXrZdOL9jcodrdqrHQRXmCpLbEGKKLB24L:YxsW/H+hSOjOnEX+jX/OL9jccRyw8Q
                                                                                                                                                                    MD5:7916303F09087CFEE9C88B8683F1D925
                                                                                                                                                                    SHA1:B00B40489EAE6B15199F6FE2D0ED5EBBCE4E0CCA
                                                                                                                                                                    SHA-256:5C063C84538486130BE6D531326715BB761FC0889C6BF2303D60F0B656F761F5
                                                                                                                                                                    SHA-512:A262653F9638BFE8EA74D51DBDCDE448A7F27CF74342CF0B3C9C889D9AEF412CE86F2AF07BA3112FD1DD00B6D770D58547F08197B4EF0FBE025C760AE97B89C3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..\.......\..... H.w.V...\..... H.w.V...\..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............]......X,...-....N...^...............$3H.:b.K.3...7..........f........................................I.qk..B.....LZ..............]......X,...-..........]......X,...-...........\.......\.......\...........................................\j......\T.]....\.......\..B....\H......\..B....\..>.)..\..J...................;........4...4...4.."................\...\...\..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........\.......\....#..\............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.42824347474296
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:5mBsn/YwrVZgEg3CmXpXA9jzScRySv3eXUY:5WsgwrVTg3CmXpXA9jzScRyi3
                                                                                                                                                                    MD5:F690B27F754546C9D7B70AF12807636D
                                                                                                                                                                    SHA1:E0482CFC88081249F422D66DD4FDD4838F137A79
                                                                                                                                                                    SHA-256:4392AEBAD33096CA3618AB31E9BBA1FE01B20018CBEB455ABC978203C0B7E85F
                                                                                                                                                                    SHA-512:089755672F6FA26EB54269DC3BE1782DBAE2420DF3CB70D2B5BA00A31088F75D414E94B73FF90EC604D9B56BAB1A0C790A61B5B1D5B7842E8DB43E6401F11E34
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZ..k.......k|f......$8\....k|f......$8\....k..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................2@..>....|c.....N...^...............]..F...E....Y=.........f...................................$....I.qk..B.....LZ................2@..>....|c.............2@..>....|c............k.......k.......k...........................................kj......kT.]....k.......k..B....kH......k..B....k..>.)..k..J...................;........4...4...4.."................k...k...k..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........k.......k....#..k............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11043
                                                                                                                                                                    Entropy (8bit):7.96811228801767
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                    MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                    SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                    SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                    SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.339647753739301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:IsXupAZX/Put3+b/XEQLWX239D0o1rdqrfgcUxRXPaOSL9vBzYOSglVyA:IshV/PuG/EQyXI9D0URy5UxH03l
                                                                                                                                                                    MD5:50E827D56D2B1C5505DF1AB1210DDAF8
                                                                                                                                                                    SHA1:75C27DD4C81F4E6ABDF2DFCCA6814CF36C4FDA56
                                                                                                                                                                    SHA-256:2298B3BEC047E6A74A0D1C22752387043489CEDDECD0C078DE3AE5A308011824
                                                                                                                                                                    SHA-512:974640E7649539C924C1310B0941BCC9CC694B8428183459B3EEB54918C7CAC71EF6FBE303321022A2964FF9B4311E965B9CF5C3D5DE2C527C72DD5B3BAA964A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ............h)..='.x........h)..='.x.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............c}V..'../..|.iG....N...^.................M....N.a8V...M........f........................................I.qk..B.....LZ.............c}V..'../..|.iG.........c}V..'../..|.iG........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                    Entropy (8bit):6.854433034679255
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                    MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                    SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                    SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                    SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.262150743442131
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:us/wSfiT371EjFzXqI9j8DNSRyKbiQSLfDNq8:usoTuxzXV9j4NSRyKbi
                                                                                                                                                                    MD5:ABBD728073B16E36B4C42770E943A634
                                                                                                                                                                    SHA1:05E568017A5061569679E2424F2CA082C07E2F91
                                                                                                                                                                    SHA-256:D49D8069F0DF0D9CFC7B77A9C3816C0ECE8443D4ECF9D91A1ABC4BBE7203D0A0
                                                                                                                                                                    SHA-512:AA0C469C0383C9DD715083FEBEA28AB94B2488A0E48B108FE427AB9E411C0DACB99D5C1627C8C045B5DB0858158E296A4A08F0CA17CC6E78E76551161E469061
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|...........................G.......G...L-..3....W..I.......I.qk..B.....LZG...L-..3....W.G....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............e....M..,.........N...^................b...B.@|.c.o^........f........................................I.qk..B.....LZ............e....M..,.............e....M..,..............G.......G.......G...........................................G..j....G..T.]..G.......G....B..G..H....G....B..G....>.)G....J...................;........4...4...4.."..............G...G...G....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........G.......G......#G..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52912
                                                                                                                                                                    Entropy (8bit):7.679147474806877
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                    MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                    SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                    SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                    SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.337395862369932
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:GsDo+rPwVgEkyXf9HjgcRyu0ocKovo34oYocKooJo2o:Gs8+rYkyXf9DgcRyu3cBQ3zTcBZl
                                                                                                                                                                    MD5:24D193033189156A4E35A2262AFD3BD7
                                                                                                                                                                    SHA1:504248B9C90888084B80337E0B6442EB38DA64E1
                                                                                                                                                                    SHA-256:CA11278B24487D1D92D84852F1D053A22FA5B7AE10C13185DFD4439E36398911
                                                                                                                                                                    SHA-512:B48AF84999B48E9103E5BDD6AEEB4372165FCCCD6986F9A851F705DD734DCE2AA4FC27C31060593F7CB39B0C32CEE2FD3A158AB6FE67FC4A6190C461DEF4F654
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZo......o....S....>..}.o....S....>..}.o...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............=..:.%...E...`G....N...^...............w.....H..Ip.ky.........f........................................I.qk..B.....LZ............=..:.%...E...`G........=..:.%...E...`G.........o......o......o..........................................o.j....o.T.]..o......o..B..o.H....o...B..o...>.)o...J...................;........4...4...4.."..............o..o..o...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........o......o.....#o.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.508593859740421
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:pYsXYRS8Xq2a9TwMt3jAehE5zpuXVp9/90oSsrdqr/BRXkCCNn8sWOfbuUxl:usGq2a9tJjbE5VuXj9/90XsRyp5e
                                                                                                                                                                    MD5:79AF23725176D74CF795F1E4F0F5E602
                                                                                                                                                                    SHA1:228A80599F584530CFFC1F27A7A1D51F05DBD4FA
                                                                                                                                                                    SHA-256:6E7541DA6662551C02A96EACC23F431A670291B0773FA0B5702B002B7B4BDBA3
                                                                                                                                                                    SHA-512:3A6FBE051FFD30B0EB964D00218AF73769FC92064C5C84A6F152E5FBB4C4F5E4D0C2736C826719824164AA018E76A1C7A69512CE4C824D6C06B858D2CEDF15D8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ%.t.....%.t..3.1..5.fC^%.t..3.1..5.fC^%.t..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................b...#....p....N...^..................`...K...Yqb.<........f..................................."....I.qk..B.....LZ.................b...#....p.............b...#....p.........%.t.....%.t.....%.t.........................................%.tj....%.tT.]..%.t.....%.t..B..%.tH....%.t..B..%.t..>.)%.t..J...................;........4...4...4.."..............%.t.%.t.%.t..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........%.t.....%.t....#%.t............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                    Entropy (8bit):7.231269197132181
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                    MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                    SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                    SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                    SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.344082757377689
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:csdLGkAXaJRXE3ToXA9LC0ERyZwvkjFH/t6:cs8af0joXA9LC0ERyZwM
                                                                                                                                                                    MD5:705774C75D03850D4CB7AE8699FC84F5
                                                                                                                                                                    SHA1:E2C02664F2F2EDB2C1F0BA0A5496EBEAE1185B53
                                                                                                                                                                    SHA-256:5FC39D30B26A8E98619E604BA7615090CBB405B5F255CC6507BE161CB4892BF0
                                                                                                                                                                    SHA-512:2D5447676AD235317C759F8EFD052083DED3FE937C403ECF21B3BBE85982134E66D53DA40BA18C7F3DF8AD4C482189EF5CF4862AE47621134000DC546186854A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..<.......<e.F...H.Hy.Y...<e.F...H.Hy.Y...<..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............# .v......B........N...^................A.u6..C................f........................................I.qk..B.....LZ............# .v......B............# .v......B...............<.......<.......<...........................................<j......<T.]....<.......<..B....<H......<..B....<..>.)..<..J...................;........4...4...4.."................<...<...<..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........<.......<....#..<............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):34299
                                                                                                                                                                    Entropy (8bit):7.247541176493898
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                    MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                    SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                    SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                    SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.342684302183552
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:fc1s+PDlqtHVZEHSFLCXsI9HcxoHBrdqrSQRXF4GiVAoa/82:+sKlqREyF+XT9HiQRyPYB3q8
                                                                                                                                                                    MD5:44E1D9C11B989AEF1E6864E9B9577652
                                                                                                                                                                    SHA1:FB7BA073376C1C436DC733099CC01A4C9922C1BC
                                                                                                                                                                    SHA-256:99A3F57B066B049DD871F1555F6D87E64EF1812A8ACDEDB72551127E0EFAE935
                                                                                                                                                                    SHA-512:E322E53B0E5D9633DFF935CC39B4936B9B280D73CF4AFC48CD9395863E359794C980E15B5B5E896D7DFB6E60E2010823B9E56899E5E7B0A154FC6F23D4E2325F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ-,......-,.N.{..>..,.G.-,.N.{..>..,.G.-,...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................J....6.F.>......N...^................u].J=.L....r.[.........f........................................I.qk..B.....LZ...............J....6.F.>.............J....6.F.>...........-,......-,......-,..........................................-,.j....-,.T.]..-,......-,..B..-,.H....-,...B..-,...>.)-,...J...................;........4...4...4.."..............-,..-,..-,...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........-,......-,.....#-,.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):10056
                                                                                                                                                                    Entropy (8bit):7.956064700093514
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                    MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                    SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                    SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                    SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.360275503632467
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:SshcCcaclOYK3EfWXXF19/1kRyQ99AcaciKcVcVwacx:SsuOBUfWXXr9/1kRy2z
                                                                                                                                                                    MD5:2B2723872E7441E310F8007DA70A4EE1
                                                                                                                                                                    SHA1:EFB7C22B6A92FCA90C9B2CFEC01A10C656630872
                                                                                                                                                                    SHA-256:3999E1A796CA4A2D80660DAA7967D023D219A6D83A0241B048FBF6F097B7B3D9
                                                                                                                                                                    SHA-512:5696C9E782E3DCFFFDC6E909A0E911B434E3E4E1D250A7E77B8BB45ACF4C80EF543431025C4AA6D4A1B55DA59C1CC1A3464BF88AAC52336CF46C3233A10ADF40
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.j......j..`..(.L)_..".j..`..(.L)_..".j..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............n{.k..).`U.AS.....N...^.................%...A..[............f........................................I.qk..B.....LZ..............n{.k..).`U.AS...........n{.k..).`U.AS...........j......j......j..........................................jj.....jT.]...j......j..B...jH.....j..B...j..>.).j..J...................;........4...4...4.."...............j..j..j..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........j......j....#.j............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84097
                                                                                                                                                                    Entropy (8bit):7.78862495530604
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                    MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                    SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                    SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                    SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.345295396738291
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:kUzsKw6XSHhrgWxtvlPcEMxyjXygzj9jJoESrdqrBv7RXkmBS88hrODr3ZS+zMe/:kUzsSWxPcEZjXy8j9jJMRyV77
                                                                                                                                                                    MD5:D06C251CE35AEA9358CD9CF4C6CFD2E9
                                                                                                                                                                    SHA1:B8C96F210ED8B40DAD2DC00D3D4EE0DF6FA07D54
                                                                                                                                                                    SHA-256:85738BE61C468E8FECF4DD0AA0E7AC28BD98ED1F4864F64E46741B6B23210E56
                                                                                                                                                                    SHA-512:E409578E4A54B637F84380AB21DB90535B76B5B0BCEB01D35C70E607EF6337362E9328A51F35948B46F21FEF280FC3181803B561648F2CD42D0D377205C646C2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ9.......9..(..[.......]9..(..[.......]9....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............(......."........N...^................ZJ.E<PC.)...C..........f........................................I.qk..B.....LZ.............(.......".............(.......".............9.......9.......9...........................................9..j....9..T.]..9.......9....B..9..H....9....B..9....>.)9....J...................;........4...4...4.."..............9...9...9....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........9.......9......#9..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):64118
                                                                                                                                                                    Entropy (8bit):7.742974333356952
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                    MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                    SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                    SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                    SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.332244479498462
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:ecD0sScDglCJOZFtmsImeEpFOXlOA9jToblrdqrvC9ciRXu9pBmMVMupjk89:ecD0sSVCJsF7IdE2XIA9jTwRyv1iW7
                                                                                                                                                                    MD5:8FCF9E228A5B49A15B681741CAF77B89
                                                                                                                                                                    SHA1:41BFC505BB5A643528B8F37A9754EB6205C5070C
                                                                                                                                                                    SHA-256:F323D129372FE27CC2B51A924E84ECE5E5998C55F481DE41BB658F0BE34DF081
                                                                                                                                                                    SHA-512:A44645EF01D893B0258B4A430A0BA2D72CF95087C011E94449FDFAD65AE9D3E22A97F488929987D5B6A59E6F30D01770804BA62C97D05BD0FBE1549F04C11504
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........v.......C.TA..v.......C.TA....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Q/mp(.;..Ae.!m....N...^...............f....'.H................f........................................I.qk..B.....LZ.............Q/mp(.;..Ae.!m.........Q/mp(.;..Ae.!m........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65998
                                                                                                                                                                    Entropy (8bit):7.671031449942883
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                    MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                    SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                    SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                    SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):3.2617129017330293
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:2sYVTytUHt65UlZ/r2+F+tUEF2oeGq3XzCW9rS0qNV7oYmrdnkrgWvqjdMURXGIk:2sSHNll0s+WEcsq3X2W9rzqPAR0Tqnw
                                                                                                                                                                    MD5:1E27C8BC7EC16DB725067ADAD91913F7
                                                                                                                                                                    SHA1:63208C321B23A6968AD3EB17B719CFE3FD8ECE9E
                                                                                                                                                                    SHA-256:34D136331527101B8FCCBFF527EE5350850AFD105A1A70D9021D83E4F535569D
                                                                                                                                                                    SHA-512:0BD64BA1109E964FAC9E7E4E455FB64D4D105507FE9A74239484A377B029D20BD6D435AE71204D5344ACC44E9DE77A149B3FEFC125A720D2B0709FBCCEDEA787
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ..3.......3./.....6DC.....3./.....6DC.....3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................J....%.E[......N...^...............m....-CO.j.~...........&...................................>....I.qk..B.....LZ...............J....%.E[.............J....%.E[.............3.......3.......3...........................................3j......3T.a....3.......3..D....3H......3..N....3..?.#..3..9...................;........4...4...4.."................3...3...3..z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4...........3.......3....#..3............................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.318022734866037
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:YRsJ8QuBTFxcpEyajXJ9TzDRboo34HWuTW1/AYl34HeKh:CsJfu5F6Wy6XJ9TzDRbZo2uTc/AY+
                                                                                                                                                                    MD5:4BCEAE84351909D2E197A016FA1883F8
                                                                                                                                                                    SHA1:A418E422E0B78B0B8856265D7BA583A0F24EA177
                                                                                                                                                                    SHA-256:34A87CDB8F69C1DBE34A60C84C33BE5972D094BDD5FBF2514894E935AD43DE08
                                                                                                                                                                    SHA-512:7ABEACFB18DF287CADAEC87364F6C6B28DBF9451FF257A1B418AB757F48FDF19D50FFE6E2F215027FA4D001641A251A7F992BB98D904AC2A4BBA21113C0692BE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x...........................K.......K..6....T-|-.&j.I.......I.qk..B.....LZK..6....T-|-.&jK....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............y.........F..]....N...^...............lG[..W.O...z...........f........................................I.qk..B.....LZ.............y.........F..].........y.........F..].........K.......K.......K...........................................K..j....K..T.]..K.......K....B..K..H....K....B..K....>.)K....J...................;........4...4...4.."..............K...K...K....z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........K.......K......#K..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.426014223754907
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:9sFu/BsjwGEByVXE90EDwRbaZuTSqFOSoOSqcqX:9sFu/BscjBMXE90AwRbaZueqFxoxqLX
                                                                                                                                                                    MD5:13E3A7611579AF8680686F217FFAA6EB
                                                                                                                                                                    SHA1:AAF8991212F6C08179FA9CE145F5312FA209EECB
                                                                                                                                                                    SHA-256:1B77C1519140B514DEEECDE0855CFB81055429B86515526FA740590695A48320
                                                                                                                                                                    SHA-512:369E5011F80EAAEFD2EF01F0B0573E4200AA4434A9CE948BF8A41C4C1ACEDB6D0D25D010E5934F496E981752DF897DB219DE8E754EC9898B0C997A5E80CD9CCA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ..................U...y..........U...y.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............sS.ox.*&.Q.. .....N...^..................u..eD.=.E.a.S........f........................................I.qk..B.....LZ.............sS.ox.*&.Q.. ..........sS.ox.*&.Q.. .........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4........................#...............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.293410999125245
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Yu5141JsgNoRU3xF+tG7dEHGKkXkd99UJdb/j4Nrd3rU4xWIdX8SZLMilJ:Y0WLs/OhF+g5EmfX+99CdbQRbKIag
                                                                                                                                                                    MD5:3BCBF376E1112DA7C77D31044D014EE0
                                                                                                                                                                    SHA1:08FE15C151A6986FE2CCF627821057A545171690
                                                                                                                                                                    SHA-256:2FDD94F3A43CACC7E109C6A2CEF3C6425A6340986B0FB5951A38A9A1AF4ED116
                                                                                                                                                                    SHA-512:41B778441B0FDCC4696D8B16B4439620CF23DD24A37458207CFA37A58627202B70604F3A08D22C60BB2214C484329FCB40D02CCA2C70EFC944F8244FB51602FD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..!.......!t........U:A...!t........U:A...!..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............'..).....U.......N...^...................b)[C...U............f........................................I.qk..B.....LZ..............'..).....U.............'..).....U..............!.......!.......!...........................................!j......!T.]....!.......!..B....!H......!..B....!..>.)..!..J...................;........4...4...4.."................!...!...!..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4...........!.......!....#..!............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2033
                                                                                                                                                                    Entropy (8bit):6.8741208714657
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                    MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                    SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                    SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                    SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3615899570851715
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:x8WCs+W2e5QhtvJKEkJLtXt59Iij4lrd3rkx3GdX50BA0ZlJ:GWCsH5Qh1cE8pXT9IiwRb5Nql
                                                                                                                                                                    MD5:A0F512D7A179DD896F8291885BFFA794
                                                                                                                                                                    SHA1:03CABC019ED3B40FAD7E0EFDA1A6EE851D06B99A
                                                                                                                                                                    SHA-256:5E0A5AA98FCDDB4555F49348FAA66CE0045E7929BA8720E3F896492AC65C1B79
                                                                                                                                                                    SHA-512:F9014692831F4B0CB7A53B3B4DCF426CA3608A92EA3827170E4ABEE703000F6891671A0E0C9656DB03E8151492FF1E8D7FD7223616A5B98A1274F372B5607C87
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.......... e...\....... e...\........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............yR.6.......M/.....N...^.................$.F}#C.....s..........f........................................I.qk..B.....LZ.............yR.6.......M/..........yR.6.......M/.....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4......................#..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.486362193023978
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:YZVsKIlX33sJEDKaE6XD9YkIRMdQzZfl+6g/:0sDnsma6XD9YkIRMSz
                                                                                                                                                                    MD5:45F653960CC3882B09EE1DB8D5298E05
                                                                                                                                                                    SHA1:7DE7568B5635578B6EB4D0719DFC53587ADD2A67
                                                                                                                                                                    SHA-256:73772A1125DFD0DD273EF9E652B07900AF5EF0068F83FCC6F021D5F2666F99E4
                                                                                                                                                                    SHA-512:F8CFEC7BD04F7423A6D7A160D15B6D074DCB03A0A91B27D7977EFA46CA69B523F7762E849F387D34DD1EB5E311E80B2A559D4C3389A1032A3338350F1372E2B2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZN.'.....N.'1>+...3..K.w.N.'1>+...3..K.w.N.'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............],....,2...3i"....N...^...............H_.|.f.F.t..~H..........f........................................I.qk..B.....LZ.............],....,2...3i".........],....,2...3i".........N.'.....N.'.....N.'.........................................N.'j....N.'T.]..N.'.....N.'..B..N.'H....N.'..B..N.'..>.)N.'..J...................;........4...4...4.."..............N.'.N.'.N.'..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........N.'.....N.'....#N.'............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.340843270082495
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:bsMd4DLLylVSJNt9tUEQ2IBXtcuB9caIPj4drdMrecNdXNhy4UaHywg:bsiIJT9WE6Xtcm9wPARM/NpSw
                                                                                                                                                                    MD5:D507BAD05D754C322FC7414C0F433EDD
                                                                                                                                                                    SHA1:48082D3D1DCC206482A00C11DC58C6551A5BD38E
                                                                                                                                                                    SHA-256:27866301CAD6E2DE2439AEB2C13C6DA15E7639FBB2D0E08E5054FD1EFDD98BF0
                                                                                                                                                                    SHA-512:49B831AC6F5D7B878922F6F3F9BA6C298CE3FA67C59309C11A2DDAF73E2C95C14319BE3128F4FA770E6C5DB410C211D072DED4D52F951CCD0AD809AD78593888
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.2......2?jH...Ozrl...2?jH...Ozrl...2..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............>..`r.$..........N...^................7...t.@...YE..........H........................................I.qk..B.....LZ..............>..`r.$................>..`r.$................2......2......2..........................................2j.....2T.^...2......2..B...2..C...2..>...2..|...2 .3...................;........4...4...4.."...............2..2..2..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........2......2....#.2............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):33032
                                                                                                                                                                    Entropy (8bit):2.941351060644542
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                    MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                    SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                    SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                    SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12180
                                                                                                                                                                    Entropy (8bit):5.318266117301791
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                    MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                    SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                    SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                    SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.34124259494776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:y/BszjAkU7tofNZEPEczowLXrXFe9ssBp5FrdMrval2RQXpQ9wCB:y/BsoV7sEsAowPXM9skVRMvYOZ
                                                                                                                                                                    MD5:5DC255DAF23688175A74C501301DD41F
                                                                                                                                                                    SHA1:2D9AC9C3F47F18BB6F3AFCD55B8720B504959EEE
                                                                                                                                                                    SHA-256:FA24AC61B002D8E68FBC35B75A9D1FC964F64436CF508BF4A4D4C251C19C6D6F
                                                                                                                                                                    SHA-512:5AB6AE19E732513C47D0BF959D8D8D2675B8D008FE282A10AB99884B260753DDACA761396C98D83017B98EF5A73CD6A565AD48FDFE4F283C6D5EDEC9275114D4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZo.......o..H.8...q..r.o..H.8...q..r.o....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................B&.."...........N...^................._N}x.B.oW...........f........................................I.qk..B.....LZ................B&.."...................B&.."................o.......o.......o...........................................o..j....o..T.]..o.......o....B..o..H....o....B..o....>.)o....J...................;........4...4...4.."..............o...o...o....z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........o.......o......#o..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2104
                                                                                                                                                                    Entropy (8bit):7.252780160030615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                    MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                    SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                    SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                    SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.35369482763946
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:as3Uo3bZfE22X19JCURMhCDbH1ibtSoK:asZ39M7X19JCURMhC
                                                                                                                                                                    MD5:D9CE81ABF57A74D4F73D7999B57D3588
                                                                                                                                                                    SHA1:468325A3F1F2EC07BB0F09E01A9BC10419F825C9
                                                                                                                                                                    SHA-256:0C1C6D9E518E31815B17A6E367DF7F34461AD5989712849CF5E57728EF78DE59
                                                                                                                                                                    SHA-512:B5E8F8BCBF466B3DABCC93A091571C98F3F9F27880F4D6F88AE8BE54AFF10B20E6C2AFB061947A55889D1EC453E31E40745D7247A6B004FDF4C18304B8E1B53B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.5.......5.wX3...".!4w2..5.wX3...".!4w2..5...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............U......l..i./....N...^................ .\Z.E...-.l~.........f........................................I.qk..B.....LZ..............U......l..i./..........U......l..i./..........5.......5.......5...........................................5.j.....5.T.]...5.......5...B...5.H.....5...B...5...>.).5...J...................;........4...4...4.."...............5...5...5...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........5.......5.....#.5.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.358903234583222
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Is5s+KievVyEQWXE9J6IRMkDsWvRK+93F+:Is6jvRQWXE9J6IRMk4Wv
                                                                                                                                                                    MD5:3D5E8CD61096746B4DDE73A332EA2CFF
                                                                                                                                                                    SHA1:596DB23222BEC676F47F4784F3A5B006394DFB40
                                                                                                                                                                    SHA-256:7D0D967B68A831505DC39FD1763BF994ABF28C7CAC83BE26C524869EC4F138FF
                                                                                                                                                                    SHA-512:B9DEF6F67D598BB71B6CE7872706176682EFEBCC670B76AFEAC41EEF488CD572BFA8B1C0246E6675DAA21140F000D0D6161BD7C851A5617B46BA7CA21D2D49DD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.jU......jU.....4..8..b.jU.....4..8..b.jU..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............1 E4....8.MD.......N...^................x.&K..I...r..Xk........f........................................I.qk..B.....LZ.............1 E4....8.MD............1 E4....8.MD.............jU......jU......jU..........................................jUj.....jUT.]...jU......jU..B...jUH.....jU..B...jU..>.).jU..J...................;........4...4...4.."...............jU..jU..jU..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........jU......jU....#.jU............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):36740
                                                                                                                                                                    Entropy (8bit):7.48266872907324
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                    MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                    SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                    SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                    SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.4543774617925695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:5sYsDW6rlMtpXELLJNXLX92Ssfpy5rdMrrDgFXhxlkyE3wg:5sg6ruvEL3XLX92SOsRMrcDgw
                                                                                                                                                                    MD5:67510DDE92FA685E1C8B3FCFFE9716A4
                                                                                                                                                                    SHA1:F30CAD140A78AE4EE38C8F22FBDEBA26E35E3A56
                                                                                                                                                                    SHA-256:0897F7035F1BB337D7A25C717AE4F283BDED5B0FD2001C7FCBD3B9C6D11C246F
                                                                                                                                                                    SHA-512:63356677260DDD6E8326FE74D68B2AFEBE4B3DBDB986B18FD71F50B463B01581B35DD24943D339C1D5FFF75E5767B3E2CC96C1242D275AD19B6E257239F5B604
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I...2..1......m.I.......I.qk..B.....LZ.I...2..1......m.I...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................Q...P.r~5wS....N...^.................^...F..$> .1.........f........................................I.qk..B.....LZ.................Q...P.r~5wS.............Q...P.r~5wS..........I.......I.......I...........................................I.j.....I.T.]...I.......I...B...I.H.....I...B...I...>.).I...J...................;........4...4...4.."...............I...I...I...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........I.......I.....#.I.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.304110985643156
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:/lJ6s/FtiBMxfGI6ntUo/4EXDJyyXRv8e9tsOpyuSrdMr5nZFX40KDBe0HCGzcSt:/lJ6sXfr6n4EXLXhj9t3oRM9ZtuoS
                                                                                                                                                                    MD5:D2DAAB4D79B9B9598A2302224297316D
                                                                                                                                                                    SHA1:E6AD12AF181AB209F1121F19C90AC51452339A73
                                                                                                                                                                    SHA-256:9C574122A197B2B224058B360B24CE8D1E5B3C2EBCFDA57FBD58566ECD1B0665
                                                                                                                                                                    SHA-512:AC9657DE06DB759ADFEF2F32D9A2B4848A5AC8199FC5A009AF715D572CC5C58D2DDF223DE44FF849B85F67E691D527AE535A61D02DFBE927C75511867F9390A8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..I.......I..........'.J..I..........'.J..I..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............(b....c.4'$..i......N...^.................*>\v:I...u.V.0........f........................................I.qk..B.....LZ............(b....c.4'$..i..........(b....c.4'$..i.............I.......I.......I...........................................Ij......IT.]....I.......I..B....IH......I..B....I..>.)..I..J...................;........4...4...4.."................I...I...I..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........I.......I....#..I............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60924
                                                                                                                                                                    Entropy (8bit):7.758472758205366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                    MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                    SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                    SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                    SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.367916489812563
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:OJs7tQ04zhY5ENtFw0gsxEJtbXAXeNGwB9tsKpyHlrdMrPwOlFXEU9yIrBV:Is2zW5ENEyEoXIB9tjmlRM4OlJ
                                                                                                                                                                    MD5:159FC211547D2EF0CF5FD2D65EC4B564
                                                                                                                                                                    SHA1:977193324CB47680E3FDC972F0031C7DD850355C
                                                                                                                                                                    SHA-256:DC4CC18B226F81D50B11A39895D6BAE52233E6080EC1FACAB90BBD06E11DDB30
                                                                                                                                                                    SHA-512:8471B3FCADF2A6A4687781E54E30A3122914101520D6977A9B0A314761E519FADB2F69BFA7F293DFFD3C3FF08BB62F0DD644DCA3CF245CBC42D26BC69E1ED261
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ..'.......'.t...;..w.c..'.t...;..w.c..'..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................&...,5...3......N...^.................K1_..N.R..}...........f........................................I.qk..B.....LZ...............&...,5...3.............&...,5...3.............'.......'.......'...........................................'j......'T.]....'.......'..B....'H......'..B....'..>.)..'..J...................;........4...4...4.."................'...'...'..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........'.......'....#..'............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):515
                                                                                                                                                                    Entropy (8bit):6.740133870626016
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                    MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                    SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                    SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                    SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3632614768606715
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:OW2sMuRcv7ZUStxxEEPA82PtXht399dsKpy9rdMrppr/VxFXsIUjwkg:OW2sxyZUSr2EPylXH99dTARMbjDyck
                                                                                                                                                                    MD5:96961442033E4409CE034100BD1D3F2B
                                                                                                                                                                    SHA1:4B4A00BBF272B583213872EC93680BB3F37601A1
                                                                                                                                                                    SHA-256:8F74E8B489770E5FEE1756653A1EA3C2681BBA60A402819947B20B75660C5A2B
                                                                                                                                                                    SHA-512:1F46472AAB72DBF85C461F6F9F32357F2C1FC6B1D7EFF010E230052FDE85472337D3723BC92CCFDA9E8228FE42D629D283AFC14830FD88D380696051D1FDB620
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZt.......t...B9H.$...v1K4t...B9H.$...v1K4t....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............>9z....3...G&.d....N...^.................zXM..N....N.E........f........................................I.qk..B.....LZ............>9z....3...G&.d........>9z....3...G&.d.........t.......t.......t...........................................t..j....t..T.]..t.......t...B..t..H....t....B..t....>.)t....J...................;........4...4...4.."..............t...t...t....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........t.......t......#t..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1547
                                                                                                                                                                    Entropy (8bit):6.4194805172468286
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                    MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                    SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                    SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                    SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.332450249710907
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:TaNsJQTriotWcFLE05WjOXw2R9hUNpyZrdMrPYLFXLlItMlL:TaNsIrioN5EGXw2R9iNERMQLOM
                                                                                                                                                                    MD5:113E76E04C1CF9689CEE7343BCD34FBD
                                                                                                                                                                    SHA1:AACB2B3699F2A5EF83DFBE2D9C3B6A5FD0DD9BDA
                                                                                                                                                                    SHA-256:66D45482F4B946F12D6B7D71A10C3805C9ACD87A0784D3A8108B4CBD26AC67AD
                                                                                                                                                                    SHA-512:79B7F7992BFACC4863703DCC8993D7CA2CA8F27F0A5F4705FF8CB83156F4EEA522DB104D12DB0305CC7A62FF1AA0673DA803C773312E77462F170B195C235E90
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.@`......@`...)..U$ .R...@`...)..U$ .R...@`..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............j......c..z.......N...^......................F..3%............f........................................I.qk..B.....LZ.............j......c..z............j......c..z.............@`......@`......@`..........................................@`j.....@`T.]...@`......@`..B...@`H.....@`..B...@`..>.).@`..J...................;........4...4...4.."...............@`..@`..@`..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........@`......@`....#.@`............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):95763
                                                                                                                                                                    Entropy (8bit):7.931689087616878
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                    MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                    SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                    SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                    SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.318318323063125
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:h8sl+t85Y9zIPtOW6EyLgpnXUfHm99UXOpyd/rdMrSDXFX2JqJWZ:aszCZIPWEy0ZXUvm9+eARMsX9W
                                                                                                                                                                    MD5:0F106007D24083CBA47936C6D322DF29
                                                                                                                                                                    SHA1:FCA5786419265D4EC070CD0170CAF23EC7F89D23
                                                                                                                                                                    SHA-256:B072BF5326C9F85CF35B02D404A83EDC5C7800C515FFA35D43AB35E414E82028
                                                                                                                                                                    SHA-512:3B2F5596E36E2F62351FCC5801DC7A0097463AFD9671E930BAB16C6144ED71F9812A9D377AFFCAAF9FDCBDAB754B6014EB4EA9CB26C123BFB228A99913FEC0BB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.zb......zb..q5...L...*.zb..q5...L...*.zb..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................$9..4.Ds..G....N...^...............r..7...N..K.C...........f........................................I.qk..B.....LZ................$9..4.Ds..G............$9..4.Ds..G..........zb......zb......zb..........................................zbj.....zbT.]...zb......zb..B...zbH.....zb..B...zb..>.).zb..J...................;........4...4...4.."...............zb..zb..zb..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........zb......zb....#.zb............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):67991
                                                                                                                                                                    Entropy (8bit):7.870481231782746
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                    MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                    SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                    SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                    SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.349483318353951
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:Ysm6udl7fycytNEPEvlLH3XHA9BUP1pydrdMr7k/zFXGFXjw9uGPFx:YsgdJfycyTOEdjXHA9CP1QRM7EEE
                                                                                                                                                                    MD5:010CB144929340377B093F31E4E0F681
                                                                                                                                                                    SHA1:DDE500F308A9AAF2B584C9B5E909170676AB0696
                                                                                                                                                                    SHA-256:76C2DF21C2813F84A2F2629120F33874CD11873671592A05FCE123A58F9628A8
                                                                                                                                                                    SHA-512:219E263E7622B6D59A3E9D85F916662062DB529DAC1F91351DDFBA8D94A725F0C92B3997D7E4A5A12D06889B719709D9A4A52AC6CDD0D096ACB3E0064DE2F97C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.s.......s.......p.<F...s.......p.<F...s...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............L.4........#?..F....N...^....................L.A.W...........f........................................I.qk..B.....LZ............L.4........#?..F........L.4........#?..F..........s.......s.......s...........................................s.j.....s.T.]...s.......s...B...s.H.....s...B...s...>.).s...J...................;........4...4...4.."...............s...s...s...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........s.......s.....#.s.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3100453251466275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:tsX04pIV/nNKMREDvXmxK9G7URM4E69dtpaWjOwda9+XY9j:tskpV/nNGDvXz9AURMd69dtXa9gYh
                                                                                                                                                                    MD5:D7D8D4E002FAE6315F44E02542D76B72
                                                                                                                                                                    SHA1:03E778607F56F14C2A9F2E191D63F326F4DBB828
                                                                                                                                                                    SHA-256:6926786AD1A0098A9B790CBA3DAD93549FD0A58B49E293C924670C00980EDCD4
                                                                                                                                                                    SHA-512:CA9AC676C583467BD7618B4C9B3AA880C1F37E794CE50E4B2619398B30BBF0FAEBFBDD8F5638C729F0C1EBB00B0EA97DD0D1685214D91F66A076E9EF8D914F5C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZa.......a...._...Gd!..f.a...._...Gd!..f.a....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............w..Ma...V7X.z3z....N...^.................t...K."6#q...........f........................................I.qk..B.....LZ.............w..Ma...V7X.z3z.........w..Ma...V7X.z3z.........a.......a.......a...........................................a..j....a..T.]..a.......a....B..a..H....a....B..a....>.)a....J...................;........4...4...4.."..............a...a...a....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........a.......a......#a..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.327188416723624
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:e1sscoQ+O+7t0EiEAkLEEjDXb/9tUipyrlrdMrEkK55FXKljrBbx1:e1sGQ+O+7aXEjxDXb/9ui6lRMEkG5Ud
                                                                                                                                                                    MD5:471EFBD6D947F90B54F745096B79A603
                                                                                                                                                                    SHA1:E0DB2FC3F5CA1D35D86E2ECAFAC054F5EBBE2481
                                                                                                                                                                    SHA-256:219C35F1B0D3F8C179308889D291D12B432A999DD960FEE6D56B7D7E49C7867D
                                                                                                                                                                    SHA-512:33ABC0621DB8CA5C2DDD81508CA31BD904D7ED6D3EBA7699434D7C680430857F03C8415F635F499FC1ED0767F1D2B97917A2622C32877692ED24BF286907817B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..].......].....$^.k...G..].....$^.k...G..]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................!......)n../....N...^..................:7..D.. ...k.........f........................................I.qk..B.....LZ...............!......)n../...........!......)n../...........].......].......]...........................................]j......]T.]....].......]..B....]H......]..B....]..>.)..]..J...................;........4...4...4.."................]...]...]..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........].......]....#..]............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):86187
                                                                                                                                                                    Entropy (8bit):7.951356272886186
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                    MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                    SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                    SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                    SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.692272147564914
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:J+smD7xcluQWPxEtU2JlX/Vi9mCYRMzcDnQvx2pBakGi0nOh66:4smD7xclulPOK+lX/Vi9BYRMzcDnQvxK
                                                                                                                                                                    MD5:E60B992182C41C9810F7CE5898E68021
                                                                                                                                                                    SHA1:3057EA470657A62B1AEB0A8B5338174067EAFFCF
                                                                                                                                                                    SHA-256:25A279454CD9F606D1AF1180973E07081D8421EB9178B9282AEA61122F2BD5B1
                                                                                                                                                                    SHA-512:FB40144C5033D91D065F51CE8B0D9A3132258BA8B25866AE989FDBD6969B4FE7EEEDD29315CF0230D5EE6BEED6056227FB04A639B88CAF3AF3F35A5F718D3668
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZA.......A.......7$....RA.......7$....RA....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................A..:...]!o.....N...^...................!N...dh.r.........f...................................H....I.qk..B.....LZ.................A..:...]!o..............A..:...]!o..........A.......A.......A...........................................A..j....A..T.]..A.......A....B..A..H....A....B..A....>.)A....J...................;........4...4...4.."..............A...A...A....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........A.......A......#A..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11197
                                                                                                                                                                    Entropy (8bit):7.975073010774664
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                    MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                    SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                    SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                    SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.319496181267312
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:6s+iSJIDyElTXT9ip8VsBRM+2Qv7TNuG7GZY:6s+iSJIjlTXT9Z8RMvQv7TNuG7QY
                                                                                                                                                                    MD5:FC6ADA7126C06DF56D03A935F023DCA1
                                                                                                                                                                    SHA1:EFC481AABF7D6D84A92E07491416C392AF66EF2A
                                                                                                                                                                    SHA-256:3F26587D0CC89F05747C51719651983A01F7913D28F4B1341672408CB43EF4A2
                                                                                                                                                                    SHA-512:F6A17467FC417A4A5B7A800D75459A1E725103B35D440A5A59C99E48EE801CC2A5F9057AD510BD1478A85178F6BF81A54540D5B5E4ECB1312C950938B7BD5A61
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZs.......s..r..j.6.0~.j?.s..r..j.6.0~.j?.s....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............xN.p...6...l..H....N...^.................M.XA.B.0..].,........f........................................I.qk..B.....LZ.............xN.p...6...l..H.........xN.p...6...l..H.........s.......s.......s...........................................s..j....s..T.]..s.......s....B..s..H....s....B..s....>.)s....J...................;........4...4...4.."..............s...s...s....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........s.......s......#s..............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):19920
                                                                                                                                                                    Entropy (8bit):7.987696084459766
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                    MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                    SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                    SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                    SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                    Entropy (8bit):2.9181371423212665
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:hsT8vhNqWFwpE1XN0fAXoCq9tt6kRMHcsrh8UEp8m:hsovh4WF11XN04XM9tEkRM8srh8UE6
                                                                                                                                                                    MD5:82066E83A8D4C1A68293710FE3039B77
                                                                                                                                                                    SHA1:1E6E1B715E044691412CC255CA89166345B162BF
                                                                                                                                                                    SHA-256:1DCAF1CE162A0AC6061E4DB8034D6888C690385ED00DA7E8C0DF498332E59E9A
                                                                                                                                                                    SHA-512:6D24922B2E2B4EC59F9067BC3CDFA5C5B3C70B150493C303ED9C887840326940F4F1DB97F0C2FFAD98FC9BCD740534B37F0341EADF5649B97A30D4940C2A46B7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZ..Z.......Z.Qz..3..0.S{}..Z.Qz..3..0.S{}..Z..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g.#......bL..S....N...^.....................K.....n.........f........................................I.qk..B.....LZ.............g.#......bL..S.........g.#......bL..S...........Z.......Z.......Z...........................................Zj......ZT.]....Z.......Z..B....ZH......Z..B....Z..>.)..Z..J...................;........4...4...4.."................Z...Z...Z..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........Z.......Z....#..Z............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):179460
                                                                                                                                                                    Entropy (8bit):7.979020171518325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                    MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                    SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                    SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                    SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.3348997114498635
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:dNms5VmtFC5gtEuUE4ugLX7GDML9tsLupyVrdMrr1ktEFXEgsAUg:dNms0C5gSEkX99tD4RMxzzU
                                                                                                                                                                    MD5:302888E535058779FEFA26F6AC55B850
                                                                                                                                                                    SHA1:34190674E6C2FD8D6A009BBD84A70C6EC079AC9C
                                                                                                                                                                    SHA-256:8EED9C28EAD82B682819F54EEC984C2A03D7C8C27F4E43FB883B2741660F715B
                                                                                                                                                                    SHA-512:2FBBA20B0BD193ED8C2C336A0F0DCA0804BA6381420B6AB2ABA0E57E9D5BAE7D4210EAA4A98E461EFC1CFA6E3EC8329614CEBE7C793054248119B5FD65189CAD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.a.......a...,..6byt#.`.a...,..6byt#.`.a...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............~.._.............N...^................d2.1p.E.Y.W.U..........f........................................I.qk..B.....LZ..............~.._...................~.._...................a.......a.......a...........................................a.j.....a.T.]...a.......a..B...a.H.....a...B...a...>.).a...J...................;........4...4...4.."...............a...a...a...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........a.......a.....#.a.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):109698
                                                                                                                                                                    Entropy (8bit):7.954100577911302
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                    MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                    SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                    SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                    SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):4.339056441395682
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:Gs4Q0wGhU6rDoEIXgXu9drIRMxVdR3wdqW1EU52Rshs:Gs4rwGhUYVIX4u9drIRMxV7wd71EU
                                                                                                                                                                    MD5:0677F692C005E397E3C2B2BD81A05EB8
                                                                                                                                                                    SHA1:2632E994F4B477E8D18FA7617716D3F8CE09EB7A
                                                                                                                                                                    SHA-256:06DC0D817ACF2B8378BB90CCAAA782858EEADA6BE913D6DD4B33F2FA02712385
                                                                                                                                                                    SHA-512:9A03164B949FDAD433E3C19FA9DD23024D777A2E45720854EC9445893338DE0E232132521EB42F9D1811702949F1B5877702EABE5C6D415E4D542EBECB7BD48D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.u.......u.......G.efcs..u.......G.efcs..u...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............H..b[.....e.NV.S....N...^...............eh..q..O...y.C.........f........................................I.qk..B.....LZ............H..b[.....e.NV.S........H..b[.....e.NV.S..........u.......u.......u...........................................u.j.....u.T.]...u.......u...B...u.H.....u...B...u...>.).u...J...................;........4...4...4.."...............u...u...u...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........u.......u.....#.u.............................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):2.5681517629668167
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:ZweTWl5PygdCoDlx1ovpljRlqxBlHoRl0y:bTkr+A
                                                                                                                                                                    MD5:C1E40A9716AC103AE3D9C332C590508E
                                                                                                                                                                    SHA1:3A51C42D2CEFE71C9D5B5160936260A1F28D8238
                                                                                                                                                                    SHA-256:AD43AF3D111BB2C366764A4EC0FD5CD753AFEF91FBA6A0B4E23C44FD1AF3604D
                                                                                                                                                                    SHA-512:69C7B2E1F326E78944075A06F7C49AAED116038B3D31CA9256FA81AD2B5A293A0465EDC09FA00E50586366AB49246A626F74046608432B8BD73167176CB3F715
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.........................................................................................................................................................................................................d.......d.n..5.9.`.g...?.......?..8"..+./......d.n..5.9.`.g...d...?..8"..+./....}.?..S.&0l2.M...(.>.S.&..........S.&.....S.&.................................................S.&..n..S.&`....S.&..1..S.&..A..S.&..Z..S.&..a..S.&..r....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y.................?...c..,...................S.&..1... ..$....S.t.a.t.i.o.n.e.r.y.................?...c..,0............?...B....feR............?.......?..6...9.d...W.?.......?..8"..+./.....2...........T....................d...?..S.&...8...........................d...c..,...................S.&.S.&..1.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                    Entropy (8bit):3.353125008884108
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:6BF5xfsCpIvnWPL3Hy8joBoDbPUErl7GQ/S3aabSaS/tre43:S5VYvK1/Db8EEQ63
                                                                                                                                                                    MD5:1A12BCE84CF8319A7A102FACF06516F1
                                                                                                                                                                    SHA1:128A9C2871C88F3435BDE5E27F1660156D572436
                                                                                                                                                                    SHA-256:31A625CD9D6D8E01D391505DEF14B3EFF1EAE2339E6B9D3D2E6E9109402AC82C
                                                                                                                                                                    SHA-512:50B22D17EFD662E866AEAD6F2193CEE679B53CE941CE894ED5AE3BEC68B9842A88E80414C7B59FC4AF31E8D8AFA512F5D5BB47CD63A9EF3C5513093BD4EC95C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........0.......................................................?...............................................................................................h.......................................$l).....$l).....9.ZF......~.......~..90L..].&...t.9.....4=.R.%,~t.9.i.."N.D..$..o.R.i....i.........*.....i...........$l).....$l).................................................$l)..w..$l)X....$l)..4..$l).....$l)..$..X?{T(P....~T.9..E~.T&d................4..(.....x.(.....t.9.....t.9.....4=.R.%,~..~.......~..90L..].&...2...v...4.......................$l).t.9...~.E~.........................~......i...c..,0...e...B4.$........[.-...I.......9......................E~......E~.:..V@.)..+....i.......i.........*....E~.:..V@.)..+...E~..X?{.N..D.0NJ..giX?{...~..90L..].&..l..~.....>...............i.."N.D..$..o.R..i.........*.........................E~......t.9..c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                    Entropy (8bit):3.900735299316878
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:CksZ8c0ZHwLS/XA0TgtcRzeDScjLqNFG72TB/9O4jtr7:uotFrRze7sh5
                                                                                                                                                                    MD5:F67444ECA5EB5D3DF44E01746161D43B
                                                                                                                                                                    SHA1:29323141715AB1E49A517A131654621F2C9D1829
                                                                                                                                                                    SHA-256:D5789625220DA421074AA1E4FA1F5E2A59C861591DD01B8AA1788FF8B7F9E689
                                                                                                                                                                    SHA-512:E529F884DEB07FDFC029A32E7E4C784E7BD3AB779E278AB0C068E99DEF539E2B1694F49196F6EE34628F1C842CCB1C72DC0BFA52C589019F00552FA6B498255C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ....;......+.:.(qq.|.....+.:.(qq.|.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............8.S...88...B.....N...^...................o.L.=.._...........h...L...............................D....I.qk..B.....LZ.............8.S...88...B.................................................................................................j.......T&n.....................H.........K.............$...........-...J.....z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(...#...8.....z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):4.081458970842574
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:lryLjDOEwhR/VsAxAQJClDFw/T446pQheyLY7TE7SXi6hOoA/RJhnSa4PgfF9YMJ:xyTAyw/Th+E7s2RJeCn6R
                                                                                                                                                                    MD5:5850FC70FFDFCBF74B4A9DB82DCBB829
                                                                                                                                                                    SHA1:8AD4121D70D8E2C3ABDC1C3DD5C7D1725C1E4981
                                                                                                                                                                    SHA-256:D8B4B76DB2D6E8AC954A001458C73A40F0663E71F6487DC01907D2ADCD501909
                                                                                                                                                                    SHA-512:630C86BEB66BD11035D61F55508D8CC1493D1D207F7D4BDAE5137A1F755FA66A103F50D0B38FFF7E36CA12D6B16AF5C3ED453AA97CC0F3B58B27F4C61C592711
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:^...>.......L...d... .... ...9..^...>...........d...h...@...@;...........................................................................................................................................I.......I.qk..B.....LZ.P..1....P../...2.....:.<...9&{.).5.c=.l<....P../...2.....:..P...I.qk..B.....LZ.I............P.......P.......P..........................................<..$....<.. ....<..$....<....)..<.. .....P. .N.&.P.....'.P...@.....'.P.2.P...z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.......................P.:.P...P...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........<....z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'.P.%.P...P...z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1........P.*.....P.....%.P.#...'.P.&...9.P.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                    Entropy (8bit):3.243864595389437
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:XYtxVXewD35GHhQrW0YrnDrRJ2z/NUPtkxK:XYtxVXeQJGHhQrWdvrRIz/iPtk
                                                                                                                                                                    MD5:89AC093495AD8657EB27359B1191C632
                                                                                                                                                                    SHA1:FA2FF59AF5521AE56A010B5F45629EC71969C79B
                                                                                                                                                                    SHA-256:FCCE9C2D9C109C645A207AA993FA1D1D5FC45D814FFB5221CB39DAADFB0A71E7
                                                                                                                                                                    SHA-512:6B115E2E36F7273231EEADFB40AC7FD39FAEC656CE9F2D29D11C088F35CA479CD49D2031E1A3F064BF6EE9B49B01468FC21D4455460B58CCFD9EA2E41567472D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ.9..P....9.9C...F..8%..9.9C...F..8%..9...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............VhJ...A.;..........N...^...............,..LM..O.d..b.V.............................,..LM..O.d..b.V.........,..LM..O.d..b.V.........VhJ...A.;........................................9.......9.......9...........................................9.j.^...9.T'....9.......9.....9...-...9.......9.......9. .L.......9.3.9.I.9...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6..............9.3.9.9.9...z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                    Entropy (8bit):3.8389377382267442
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:uiTrlKxsxxLqixl9Il8ush24QOUYNQXTh9naTzd1rc:vmmYqh2dtYNQXV9aTU
                                                                                                                                                                    MD5:CCD2048D4AFDE620CC8C3EAA5778562F
                                                                                                                                                                    SHA1:93479209E67C7C1FCFD71A37DA9B26B895BE6231
                                                                                                                                                                    SHA-256:C0626235F57022104695759D2BC0C88EF15EE8781C8A25F72C88DDFCDECA53A4
                                                                                                                                                                    SHA-512:1B90803D8E01591DCA8F54026B6D385B133E17D26AC411ED130228D6652BD03D2764B3F1B73CCFFF83F38B92CC83F65273CA07892FC3BC422850457D334E8675
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.L.5.W.r.a.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.V.p./.D.i.z.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4542
                                                                                                                                                                    Entropy (8bit):3.9935567740562976
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:7YqsU0ZO43ooaDTb70EHqCEtA675Vg8GO9IxKy:7vsf53fgb70UqCEtV5Gx3
                                                                                                                                                                    MD5:F39B88884267B977D7B2215B5EDB225C
                                                                                                                                                                    SHA1:7A2CD7D7AE21B86D0493C76471294F5D04EF795C
                                                                                                                                                                    SHA-256:3496E9A6579721B5C847C35AD01970F04CC956149B8FF813AC4045D92EA4C232
                                                                                                                                                                    SHA-512:50A2B8BD3FAD6246C7D5AF1501AF15C4BE43235EC5EDB7DB9FF3AFA54FEA5676CEBD9A3A5916483E2729FDA7754F7E5FDC8DE5BA38643332CC79A12C8724EEE9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".P.7.z.A.Q.K.6.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.V.p./.D.i.z.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:ASCII text, with very long lines (1297), with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20971520
                                                                                                                                                                    Entropy (8bit):0.015978481795072233
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:GETbZy50DYQ49/AtBA4A4L4X4j424Z496bog4eKb4Of64I+I4hOT4HIr4Df:GETbZYEd49/AtBNN0I8j6+c+u1tl
                                                                                                                                                                    MD5:5D3C16EE557F6BBB83BA202B724E378B
                                                                                                                                                                    SHA1:76035724850E751096F4FFB69A3D389C3A9F64BA
                                                                                                                                                                    SHA-256:3614C52110D3D1326E8AC3657275DDCD0C319F634CBE5A4339A1E6F8B293FD40
                                                                                                                                                                    SHA-512:D16EAF6A0CA1FAF75E8C58F483977DA36AB647C5E01F7C1A4173EE2950C2B26857CB2250C8C46914A173605EE85A24E602434B9A44543BA09A388C3135EA7C8D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..05/06/2024 12:07:26.879.ONENOTE (0x8A4).0xC6C.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":21,"Time":"2024-05-06T12:07:26.879Z","Contract":"Office.System.Activity","Activity.CV":"jTTq4Zm89ECuvgtQAx/YMQ.6.1","Activity.Duration":194,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...05/06/2024 12:07:26.879.ONENOTE (0x8A4).0xC6C.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"2024-05-06T12:07:26.879Z","Contract":"Office.System.Activity","Activity.CV":"jTTq4Zm89ECuvgtQAx/YMQ.6","Activity.Duration":4075,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Failur
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):20971520
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                    Entropy (8bit):0.4294234432380865
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:grmMCApMo7ej9GU6EepOlF3S2BAOCcNafqrNsylVlsolDPZ1XKDWGou:grnpMiej4KbmckO8/SGo
                                                                                                                                                                    MD5:74318DB3581BA3CC4A5C276E8379B5C7
                                                                                                                                                                    SHA1:268E0D33A1F01C42BA190647575310533B434EEC
                                                                                                                                                                    SHA-256:940BA3CF12F23453AA05F3FB124F65AC9B510ECD4B060E2FD734DE75A2A6CD7A
                                                                                                                                                                    SHA-512:C795B674C67ACFAF1260B2A065F3963DFA147523B8D1E7706394F2A4F947E26828D539723538F38D4BAD8BA9FDA1B14E58E81A51226B0944362A141ACB7F4E51
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:................................XM...p.. EMF....p...............l.......D........... ...............?....f..P.r.i.n.t. .t.e.s.t.....%...........%...........R...p...................................C.o.n.s.o.l.a.s.........................................................................................................I......v&.t....l+.v.&.t........v...v............s.....c................)u....(......v.G......d....r.............v.v/............vx..........v..)u.......v......s...*u`...,.........v..*u......s...*udv......%.......................................................b...........d...................................................T...T..........................@?@.@'...5.......L.......................P... ...........................................................T...T..........................@?@.@............L.......................P... ...................................T.......'...5..................@?@.@'...5.......L.......................|...L.o.c.k.B.i.t. .B.l.a.c.k. .R.a.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2898
                                                                                                                                                                    Entropy (8bit):7.551512280854713
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                    MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                    SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                    SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                    SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65589
                                                                                                                                                                    Entropy (8bit):7.960181939300061
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                    MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                    SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                    SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                    SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):86187
                                                                                                                                                                    Entropy (8bit):7.951356272886186
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                    MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                    SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                    SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                    SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):65998
                                                                                                                                                                    Entropy (8bit):7.671031449942883
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                    MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                    SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                    SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                    SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1717
                                                                                                                                                                    Entropy (8bit):7.154087739587035
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                    MD5:943371B39CA847674998535110462220
                                                                                                                                                                    SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                    SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                    SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84941
                                                                                                                                                                    Entropy (8bit):7.966881945560921
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                    MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                    SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                    SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                    SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):41893
                                                                                                                                                                    Entropy (8bit):7.52654558351485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                    MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                    SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                    SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                    SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):64118
                                                                                                                                                                    Entropy (8bit):7.742974333356952
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                    MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                    SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                    SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                    SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1547
                                                                                                                                                                    Entropy (8bit):6.4194805172468286
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                    MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                    SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                    SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                    SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11043
                                                                                                                                                                    Entropy (8bit):7.96811228801767
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                    MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                    SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                    SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                    SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):60924
                                                                                                                                                                    Entropy (8bit):7.758472758205366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                    MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                    SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                    SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                    SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):70028
                                                                                                                                                                    Entropy (8bit):7.742089280742944
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                    MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                    SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                    SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                    SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):84097
                                                                                                                                                                    Entropy (8bit):7.78862495530604
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                    MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                    SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                    SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                    SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):36740
                                                                                                                                                                    Entropy (8bit):7.48266872907324
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                    MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                    SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                    SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                    SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):109698
                                                                                                                                                                    Entropy (8bit):7.954100577911302
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                    MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                    SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                    SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                    SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):242903
                                                                                                                                                                    Entropy (8bit):7.944495275553473
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                    MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                    SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                    SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                    SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):140755
                                                                                                                                                                    Entropy (8bit):7.9013245181576695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                    MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                    SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                    SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                    SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12180
                                                                                                                                                                    Entropy (8bit):5.318266117301791
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                    MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                    SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                    SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                    SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2104
                                                                                                                                                                    Entropy (8bit):7.252780160030615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                    MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                    SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                    SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                    SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):10056
                                                                                                                                                                    Entropy (8bit):7.956064700093514
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                    MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                    SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                    SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                    SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11040
                                                                                                                                                                    Entropy (8bit):7.929583162638891
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                    MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                    SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                    SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                    SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52912
                                                                                                                                                                    Entropy (8bit):7.679147474806877
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                    MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                    SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                    SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                    SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12654
                                                                                                                                                                    Entropy (8bit):7.745439197485533
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                    MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                    SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                    SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                    SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5136
                                                                                                                                                                    Entropy (8bit):7.622045262603241
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                    MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                    SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                    SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                    SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40035
                                                                                                                                                                    Entropy (8bit):7.360144465307449
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                    MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                    SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                    SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                    SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                    Entropy (8bit):7.974776104184905
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                    MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                    SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                    SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                    SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):24268
                                                                                                                                                                    Entropy (8bit):6.946124661664625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                    MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                    SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                    SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                    SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1873
                                                                                                                                                                    Entropy (8bit):7.534961703340853
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                    MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                    SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                    SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                    SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):99293
                                                                                                                                                                    Entropy (8bit):7.9690121496708555
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                    MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                    SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                    SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                    SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):33032
                                                                                                                                                                    Entropy (8bit):2.941351060644542
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                    MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                    SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                    SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                    SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):347
                                                                                                                                                                    Entropy (8bit):6.85024426015615
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                    MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                    SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                    SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                    SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):47294
                                                                                                                                                                    Entropy (8bit):7.497888607667405
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                    MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                    SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                    SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                    SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):515
                                                                                                                                                                    Entropy (8bit):6.740133870626016
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                    MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                    SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                    SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                    SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4410
                                                                                                                                                                    Entropy (8bit):7.857636973514526
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                    MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                    SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                    SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                    SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):5465
                                                                                                                                                                    Entropy (8bit):7.79401348966645
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                    MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                    SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                    SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                    SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):39010
                                                                                                                                                                    Entropy (8bit):7.362726513389497
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                    MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                    SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                    SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                    SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4819
                                                                                                                                                                    Entropy (8bit):7.874649683222419
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                    MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                    SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                    SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                    SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2266
                                                                                                                                                                    Entropy (8bit):5.563021222358941
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                    MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                    SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                    SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                    SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):129887
                                                                                                                                                                    Entropy (8bit):7.8877849553452695
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                    MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                    SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                    SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                    SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22203
                                                                                                                                                                    Entropy (8bit):6.977175130747846
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                    MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                    SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                    SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                    SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):19920
                                                                                                                                                                    Entropy (8bit):7.987696084459766
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                    MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                    SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                    SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                    SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):11197
                                                                                                                                                                    Entropy (8bit):7.975073010774664
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                    MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                    SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                    SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                    SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                    Entropy (8bit):6.854433034679255
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                    MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                    SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                    SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                    SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):827
                                                                                                                                                                    Entropy (8bit):7.23139555596658
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                    MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                    SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                    SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                    SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3361
                                                                                                                                                                    Entropy (8bit):7.619405839796034
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                    MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                    SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                    SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                    SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):179460
                                                                                                                                                                    Entropy (8bit):7.979020171518325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                    MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                    SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                    SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                    SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3555
                                                                                                                                                                    Entropy (8bit):7.686253071499049
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                    MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                    SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                    SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                    SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):29187
                                                                                                                                                                    Entropy (8bit):7.971308326749753
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                    MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                    SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                    SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                    SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):784
                                                                                                                                                                    Entropy (8bit):6.962539208465222
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                    MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                    SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                    SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                    SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2033
                                                                                                                                                                    Entropy (8bit):6.8741208714657
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                    MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                    SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                    SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                    SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1569
                                                                                                                                                                    Entropy (8bit):7.583832946136897
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                    MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                    SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                    SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                    SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):14177
                                                                                                                                                                    Entropy (8bit):5.705782002886174
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                    MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                    SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                    SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                    SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3428
                                                                                                                                                                    Entropy (8bit):7.766473352510893
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                    MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                    SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                    SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                    SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):25622
                                                                                                                                                                    Entropy (8bit):7.058784902089801
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                    MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                    SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                    SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                    SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):34299
                                                                                                                                                                    Entropy (8bit):7.247541176493898
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                    MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                    SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                    SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                    SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                    Entropy (8bit):7.231269197132181
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                    MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                    SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                    SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                    SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2695
                                                                                                                                                                    Entropy (8bit):7.434963358385164
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                    MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                    SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                    SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                    SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                    Entropy (8bit):3.9517299510231485
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                    MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                    SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                    SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                    SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):52945
                                                                                                                                                                    Entropy (8bit):7.6490972666456765
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                    MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                    SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                    SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                    SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):55804
                                                                                                                                                                    Entropy (8bit):7.433623355028275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                    MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                    SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                    SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                    SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):68633
                                                                                                                                                                    Entropy (8bit):7.709776384921022
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                    MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                    SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                    SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                    SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):67991
                                                                                                                                                                    Entropy (8bit):7.870481231782746
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                    MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                    SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                    SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                    SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):2268
                                                                                                                                                                    Entropy (8bit):7.384274251000273
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                    MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                    SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                    SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                    SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):79656
                                                                                                                                                                    Entropy (8bit):7.966459570826366
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                    MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                    SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                    SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                    SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):136726
                                                                                                                                                                    Entropy (8bit):7.973487854173386
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                    MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                    SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                    SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                    SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):53259
                                                                                                                                                                    Entropy (8bit):7.651662052139301
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                    MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                    SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                    SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                    SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):27862
                                                                                                                                                                    Entropy (8bit):7.238903610770013
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                    MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                    SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                    SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                    SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59707
                                                                                                                                                                    Entropy (8bit):7.858445368171059
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                    MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                    SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                    SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                    SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):40884
                                                                                                                                                                    Entropy (8bit):7.545929039957292
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                    MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                    SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                    SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                    SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):59832
                                                                                                                                                                    Entropy (8bit):7.308211468398169
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                    MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                    SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                    SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                    SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3009
                                                                                                                                                                    Entropy (8bit):7.493528353751471
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                    MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                    SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                    SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                    SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):15740
                                                                                                                                                                    Entropy (8bit):6.0674556182683945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                    MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                    SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                    SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                    SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):95763
                                                                                                                                                                    Entropy (8bit):7.931689087616878
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                    MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                    SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                    SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                    SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):4456
                                                                                                                                                                    Entropy (8bit):0.4414567680521761
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:zJcqDxYyfhcD1RRXUn/cXYt+0Liwq+J+/KRujslll:zJcqFYyfmJ/U/cX0+0LiwFw/6/l
                                                                                                                                                                    MD5:3AFC84F1AD8CC53E150A8FEE26A43FC4
                                                                                                                                                                    SHA1:DA2C04D1906957A2300C9DDFD17CE26851096BC9
                                                                                                                                                                    SHA-256:8351A6CC454681AAF94C8FE29077F26A9F95C11B8D766C47BDECEAC6817A3514
                                                                                                                                                                    SHA-512:56FFC8709048A56D408DDB3F94155DF966F9ED3AA68BADC8AE71D00E9582A3C2D48C51F5FE9C5D562DD2F8411A8E8EBCFEBE2BBB9A0E998C7F5C738853B7F2B8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.%c....L..=../\..Z._..K..g.....................?.....I.......*...*...*...*...........................................................................................h...........................h...................Q.S@.l..M.............RYS.iK...................................... :.. :.. :.. :................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.882824821389571
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:sPJdhRTYcq2h09gqAeHmbQ5NC1jfe3yHOdMYkRf:sjhmh3HHmyuGCudk
                                                                                                                                                                    MD5:9A87E87155EFF7BA446B02B073639C9E
                                                                                                                                                                    SHA1:DCC2B72895140F8310360DE3B19EF13BED1220B3
                                                                                                                                                                    SHA-256:BBA6924954F7F0980C95164C9B630D9B762D5BC7A0CE339E5FB65A1F14127EAA
                                                                                                                                                                    SHA-512:51B9B848F4DD4AC7D458D60E81AD888DBE6D2E16D6118594F049FD6F7047A9F7FC8875594C73FC782E00CAC38778BD4B12EF8A66E61193B1380A131EFCFCEEFD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..+.f.n..|..iQ<CKj&6=...F..O>P.........HX..}h.....Q:.....2..DI#....(.<d..d<.).%...D........I!...~..%ZDe...%.C.0Z.@N....gx.&..L....^5*...e...#Cl,h.;w^...X..~;B..%6*. ".b.L......=..YlR6A..y/.{...%.)}H...V$...+kPo..j.9#..Y..]@,..$n..?J".......-.71.c..m.2u.|".T?.c.ev.Y.O.........!..p..Wk.U4.b^G.,.Q.53G.8:....d]'R8.....|.;,.$J.M.`;....x...w0:p..U.aU&.aE.y.5;...Z..?\..4oUx.}....DpZ@!..lP............k..yF..$...Vtlv.=.T*j.....M.[hHR..p,...SM..AF...{.>...u.j..&..p...Uf}4.-.."s...X.(.qK!.;.o.1.........v.+fNO..C5.......Lq.P.A.A..e..v!.z..W..7I..|..#_6#.".;@....h.b5.C*A6.t.)..iX.F...."Ry...E.x...l...Y....j.......#(.2]..F.. .L.....c.B..s(L....%M....T.Z..1.S...xT...i....TO........!a..[?.s}.B.".>.u..=!..piw.....S'4..>...&K....$....J......eu..N.~......~.{g..y..L.../.#0.H{O.K....l..pl.ZA.........bm_...t.:7.'6..T...x.....=$...:.2N}.M#. ....k.q.w.y.....Q.............(...!.......=.@8....\....?...G/w....^c.Z..b.r...0.^n.5!..Y.]..P_...q......Y.NJ/....`..Mq.......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.839978226868043
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:OhGEhD+sRik9i7ywmiCkp4XMxNuLS4f1WAcporpj/TTbkRf:qnt8k04fcxYS4sAcpYLo
                                                                                                                                                                    MD5:A3B095D655E4325F7D188B8B9984201F
                                                                                                                                                                    SHA1:F358E02C0550CC0C5E207A976A460FCCED9CCA54
                                                                                                                                                                    SHA-256:4CE78E88F53566DC5CBB036F5C3DAC1DB851925E0F3599ED37D44106AB8FABB4
                                                                                                                                                                    SHA-512:A80C8C3F16A64748D1D8623C7713C200B37ED38619570CE935FA6A25BEB8D4CF7522E3BABB970B9D596E674DD760E60E4BA47E6EB7BA59D2AC51E9B8003AA63C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:]b.l..o.......@.[#Qp.\=..R....C... ........./L...0r...d.5.Dh!.-.Q......w..&....T..E.......R...9lF..KrK.tL..jnOC.....!.b.....:....%.f.f.._....2.....I+..&X.lv*....Nt._.."....... ....q.Q.......&}W......K........>.l]...4......~.H6...s...$.A-..f e..H...0...............w..Yd.S..r....`+_.}....>c.#....".......1F`.....E.....c../....^p2...n}.^.M.}..nJV.....5.c..d..s.#......G....inJW..(...\zWYD@.$.j.....0.$:#. ...e..egq..;...K........e....g..f...&..1.>.Y2.2.J..YZ...y.L......"..E."vL..S\C...1.....U{...9.r.q^....%`...........w.d.q)*...n.......p..%....:..G5..[.@.OL.l9...<.A0c.@3x..../.#..>$.....X.f..m...&l_...1.*..0.i.$?.3<..d..........*.V5..........>8....tQa.%.l.u~iD.x........TF.#+....93.S..s.N$H..`.........4.'.$...........U.i.J.LY./N.X.=T3......k.K%.$l....J.38....D!/.u..7.8..NL..\..LG..~...2..n..HC.+......j{V.}uE...|... x.+........j8a.7...".T#x.j..F.......$-.B.$D...._.y..$...u....j...v.H.I.C.e..m.........GI....p._.j.}..AMM.S.I.6r....fPM..W<
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.850733137477635
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:/5q+g6T+yDARe82oxlObV2es+S9BvYJqBRwynyhX8n2Kp/oSldJp8aa4HkRf:/I+g6rARnxqS9ZYJYRw4yB3a/oSldVaD
                                                                                                                                                                    MD5:FAA4AFCADD61E9F7DD9153452A7E0305
                                                                                                                                                                    SHA1:69E0ACC4EBC617C5665EF6F96AFA3524FD130634
                                                                                                                                                                    SHA-256:734A2CDA10823858F9FB9BD754143C627956D3DC582D99483A906DE93B391739
                                                                                                                                                                    SHA-512:A2B66D6DE59613D8C5B016C8F173D70EB3DCB8550B16A93F395D9985589419A44196D5BC72AD982B89370351839D74B4501A5F81DEE779C8B60AE50D4F11705D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:"_./....:.CZ~......M8.....W.....u..'eW.......i9.-n=.t#|...5.W^.~..@S.4..w......wC.O...^y..K.}F)b..f..~50;.:.....;PN..P...Z...u.,.d.wW)..j.nc.)..#...q;.i..0j|.E8...../.O.8...H...h....>Wvy..P.]2x...i.z..O.K.`..<...R..n.{C...aA..^...L.q.....~.E&..R(.(.,..{.J..1u.......J.)>..\..{.OI..6..].4.....-...?..a....`..0...d#.{....5.......T.l..#.....G.$..#x.J.J...........N7E......^...{*....X..J.hD...^4o@.I..$B..g.kM."@..!AE.)y.4%d<....`s0.)...q...l).&_Q..v.L.N....... .....3.(-..@r........9....E.^.=...V.C..>............"+...D_.W.r^..c...o.(...\..ng...U.pR=..mYv..9.%.=.c.;....V...B.PY.Ou.+..,2{.be:.....y.6nj..0<R.,..I.~j[-.GG...a...T..G.>...R=..+.......Fp..z.f..I.......w....U.....8.c+.Ve...........R.z..r...^...MK.r...P....[.$..d_NLG-@s`.j..x.N;G....l,0 ...D.....Tv.?)..I..E..1b...Vh`..O-...ZS._.c..uC.\.$..p..|_...N($.f.'.........TY..L.3/..<.....X']....G4?.X.Q...u...q...M.&.ka;.....E.\...+!."..c$..2x. .R...TA....m..{W.]..V.dSr.9..s.....x.....^`,.Y....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.8463748283025305
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:H5+PW62Q8Uhr9Y6TfZjSHTpGsXtNzi8eI0ewuD8msl36axS8v6JikRf:ZD8RRjMsG2I0t3mTaSb
                                                                                                                                                                    MD5:9AE302298C66FDE647D0E305F243AB8E
                                                                                                                                                                    SHA1:7AC459B2B776CB5651DE9D6911B66C517B71BC34
                                                                                                                                                                    SHA-256:7F1223B58CB9B652A391EFF71BEEC7CFBF77BC217BE4863F2CCA3D6BAFAD62AC
                                                                                                                                                                    SHA-512:4AAF994BFFFF0D67A95018684F56E2447A68780398C60F496175F4AD693EB2E0E943C5ABD63B3168B61217368894553169667E5393ABC134FB140D880083B85D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..aw#..3....J..'..~...<:w.?r...{..[..._Y..?....G.....y.k...sd.k2}....,el....*.$.5._.J.W.S,....f..b7..'9.U...e|..I..C...$.c{G.....h..?...M.W...]..J...Bq..S ...~+bQ.x..x."..;V%2.k.]Q.P.......5..)}R5.a..a.e.o....Z...!..k.../.8..O...Or..GV.Rg.L,.........D.=T.!...\T-{e>....'j.......E......1&.>....M...{X]7...Q...e..2.c..c..J.+.V....N.2h:'.(m..uUv.....\..[.TD..)sM..F.....f......3.K.q.........aH\... ..05\.A?G$....O,..7.%D..>..".J=:P...i..Ru...._HunE.9o...Y.'g........T;...|..T.oNQ4...Z.b3..oD_E..7...q.LY,u..3.W..C..u..)...n.>k.E~l.....=....@,....]*>9Xt...i.y.v...E..a...b...j..u..G.,...-.7I......V..{P.cO.y')...'.|....2..".....zD..I...`O.%...p.b.c.@.f..[...a..._....e..{.h.6..v.....}..^..Kr......Y...."...../m.*.f.{..../K...o5........|.I._.%...@=.k..@.,.W.H_.G..H.v,.?...k.E<x.E.Q..'V.3z..x3r..@.}#.I.".{.07.T$T...<..._.....W.jF...._...._...-..fVl..4L.2.......hx.Y_...p.)m.B.E..j......G.."}..m..../.i.....<..0< Z~Pw.F*.>.h..FY../..F..V.[.@.i-...!.....p\t
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.850279925978396
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8Sxrw/GiqEtT8M8e2s5Xnq5hyLDy7xJ68UzvJ+2Xc0/JOQJBrQUjy+YikRf:pUXT83HssAy7xVl0BrBtm++
                                                                                                                                                                    MD5:9A3425C2FB4C37ECBEB0B7379D27076A
                                                                                                                                                                    SHA1:0626311523F8CBB33E7ED65FFD836C624FC141F5
                                                                                                                                                                    SHA-256:D3189F26007BAF975F65365F7DED294A768D756ED960822A9C505C3C866A38F5
                                                                                                                                                                    SHA-512:BCECD1456EAE9527479206774D1C7AF2A3EBB1B94CEF6F5CE675493A47FF71438CC4854110B857A3AAFE7DF537F7FF46B300FEBA944A705090AA1D62C4285D1E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....2.%d^....{..../u.2.;d....L._.b.I..tLr....\_....D.[.d..Y.2.......E..M{..w...uxtF....A..U^....|.{.ZDQ..l\..."....LB.H.u.Z.~V....;.+].+#...]+..`.O.....9.f...Ue).......q..1.....L.!....b.7.&k...o..H....oW..*.z.#.,.d*....M.)F.X,....Iw.K._.....4..[L..Q.......=A.3.G..p..@`..%}.6.....p.....HGy.S....1C.k,.h.`..g.09..nNF. ...9p..I.`.=vOY....D...r=.^....k.%..]..0.*..FCW.~.t..Or...+.t..dY.\A.y.....U.8....$O.pxI.K.&.\..A xH.*..c.........yQqa.W.... #...|UTX.[=......e..P...<.?p{....-...6.x.+..bD.........x..s...V.B.....#..m....$..*`L..U.....v......D.....'...5.. U..`.....$r..R..1.....".:V....E.ZY.....nz...f.."..j.*8...S.L+...A.M.........1&]l..~.>..I......r$!....'.Q%.jw*.....k`.....#".k9.A.N.N.| ...Dt>3p...f...WVp...;)..<?....'..,..L1.`.hL..%..h.(...e.....u2.C.....pe...>..a.:0.w`.....x.}......._6..i.s..m:......sV....u..B...F......r...R8}.........&*%5e?D.LBg.Y.....JB..7c...x. J@>&.Z.v)..U6....AG..+w......Y\j..S......{si.....-U........=[......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.844685939035389
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:mPTLKCWL3R7Ezj6RvA6/wGxir8W/HoxCcKbqUk8IP9pO7kRf:mPYLeAvA6nlWPoxlKbqp8o
                                                                                                                                                                    MD5:FE9C214C9B46D54F07F5C789FC4EB183
                                                                                                                                                                    SHA1:8FF9A1BA5D5C2D9A814EAFBAA7207DAE8BCE6E31
                                                                                                                                                                    SHA-256:5EFC4BA3BABB138468780B982AF55855F81CE03DB95E90E15D9076AF7183DE72
                                                                                                                                                                    SHA-512:5377102368168D61792C727545862EE923352ABD480A550E24BF416D7BD0190751CE08C0B709A2186C37D441E74C6EB98F86F220B734FEF3ED0F7901F688BC3D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.._.J7..@Eo.......*(.5U.5m=v....9.2-bp.=...o..2...72FE..& .H..p..?%.'z...6c..y~>..n..4...P..l%.....(..('.5e.C....=...#.)_.]jN<....c .#....n^..._..>.$....}...J?E.)..k.....R5.:.o..:g.U....k....<..W.p1.....Zt......]....e..o...z...l...Rw.XA/41..@v?:.mJ.....<..hv.t...r<..?.8r6...8..1...qOP.Z.........M-.QJ#...e(.._....0.D..3Nk.\..Q..|.38.|.....o.V......U.fv..56....c.I....}.SnV.t.k.J.....G.X.x3..?(...f.....(Q....^..Fv.B.@....6.. a....;.*NC.s.&./..1..']...O0FM.tC..\.R5.&....h9ma..D...%0.v+...5....i..KR"....:..L.......h^....".H.<.-%T{...R...........-{.i$..*XZ....jE.I...k>[RP&+..3..5.O.....e'.o;$. .c5....2..*O.$.hw6.3[#..~Qm..aA.3......[{]..Wt..u......7.id.......e.,..SM..&7.3.gk..D..NZn.7...1..|..v...5.SkP..0R.V..m...B}X........h..-V.Jj.......tL..#.g..7....C!!....4....N.B...X.Q....>|...rF..=..........M.!...(....,d.Rj..3P.v/...........~%Oz......9Oc.?.. ..Cn5.6..U.Ur..]X}3..2H.......Z......4.4..C.:.w..3e'#'V.....9K)O...W.........,..*k...G.vL.D .Tv...L....\\.O...).k
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.858333121741606
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:+jfirXHBZvqVnQYWm2bqnHPjL19XuI8p4qw+fbV8bEJa4j57kRf:+Or3vqVmm8qnHPfXuI8vw+B8bcj2
                                                                                                                                                                    MD5:78B774928967A2BE1DDF804EBB4B65C7
                                                                                                                                                                    SHA1:BB7FF9B0C22EE608258B95D47B3D41186B9B87A1
                                                                                                                                                                    SHA-256:271ACDD98CFEB0ED18DCF3EB316E490EE4DA0014FBF4FC8137E47C4866B494A3
                                                                                                                                                                    SHA-512:4E8CA740E3F65999E414DFE765448FAC069C77D6344A5C55E026E5AE4ABF2D016E1475BE4BEE54805837A17D3798B099C82CED94835A93AE9F034C30A4D1A5DC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.X.c..ue.q..5..|.{v.U%.w....q.#A..$..UG^O..Sc..<+d7...z..S..Z.>...D..C..H....zv..~u^.8Ma..........3|..\ZDL..NR.K.l..7vZ..1..n.(.d.....I1.;VO,*.x......N...E.$N...f.A<N.y<p....r.J...W....Ld...yL.....c....If.+.8..i.u..U:.b.2<I..]v..(X.G.z.VNM...9r....HD$VJ....~~..;.@.{.......('.f"!mp..C|.b..1......|Q/.a.F\.&|.+..&....V({.D}.-....X.c.h.u.r.y.......`5~.....e....d./...../D]..vy...D..xR...j.G...F.xF.{....D..t....^.o..m....l.............i.b...F...]....`._..w....2..U.@.w.Q...#....C..6.uacp.t..<.r...b.....V.o....9.i...SR..)..).X..eSd.^.....S.o_.Q....j.....G..Q&....@l..9.2..N.... .'...S#.m..ed..b...*.o .Y...k..x..l.d..O.m.....tsyC..O%.>*O.....1hx.\N...X.<...*...@.....1...`.P......XK.3.i....'.(!...!....0Q.,.Yk.z9.8...*.H.1..u..8.}A1Z.LV.Z.(..e.......|!C2.....8c..}).>..T....E..."..:.H......!....'$......t.]e.m.ME..0.=.a\F...5b#....M....oK.._... . .p\.....q...1.9F2.".T...2.^.L.R.$...w.B.........."....%......^...E0._.(...o..I.Z&+.Yy^.,.].9|t..lS...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.848326797612036
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:ImVq9AnVxuODL2pl1VC4GreAfTLDn/2zhYrKWOw5SOzxf4kFcF1TF3Vd0WLPK0P0:gavX+pl1glrPfjnEhYeJw5Sq94kFuTBm
                                                                                                                                                                    MD5:E5913E4378B4A0B7CDD7F958EFBD6A52
                                                                                                                                                                    SHA1:2971C7FE609CDBFE1F66463C4E0F597381818D71
                                                                                                                                                                    SHA-256:C544C85F232C6FA356B8882EDEECC3E3F09124B3AB9B9DB747B2F10C46574050
                                                                                                                                                                    SHA-512:1E5C6ABD70EF45C50E3C4C13A739654B7DEAA2152C9C00086428AC6587178C15A0FA36CC5B0AC21D509F8FBC91ADA9B04C433546401E4B8B79E26033A29850EF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:??rW.=.}`%.k.......W.P......-q..n.D..8.Y4.s....!&Y..\#2_.S.'j.J5..U.F....8...i....8..~..B..G.e......P6...|..;......Q..M%.HP4e...R.6.c..U=.!..%......v..M..._.. y.P..|.zk....m......_m......,..`...A..z.....1..7..... .*..oW......J.....>.\(..:...ZLd..V..{SU.^...n..t8.T.]....#....*....R.A.9.~.*o....mK..!......xh.=.],.G.AP.P.z0F.3..>..HFDJ.....].XT.s..P.`.T8.ux.K...a...8.)/"...?~'..>.p....&..Q*v4..Q....w...x....<X..[...Wr.......L.g..Q...h4[..d.....H.0.w.....Gj..[.Qi%+&.....9'.Q.,LB..2.-.B.;......|..g. ...g9..S....!....c}c.W..4.>..:.%0.. %.S1..R...y..L.I...zn,.=..c.I.Q.'..R..9..f.d.O.<~....U.;...@..:V,5.+.."....VcS.Sz9. .Pw....y.]..Y$..e.^^.-yF......~..RH..[@]..?i...;..-...'........,_.j.g......k..?%&..e.%L.l+h.........g!.M..U.....Q..a...q..V.4..;..z.4..........[`N.*..v...K...e..R..:....A..E.K.T(.V8.'W.Yx......H..".q}X...}#.Om..q..4..Gh!.(.......Z_...O&..U*...\G.A.l%..h...d.y..*#.....a.lR...I.}S6..j..B.("b.wW..I.d..sq..O7......-y'..L.E.e.h..:
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.837567878297077
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:CYTmYSrDT6uWGHqMt/NAX7H1IbWATqjbgOZxOQICJHy7DwpTkRf:CqTDuW4qMPw7HmbWAT+sOFICJGwu
                                                                                                                                                                    MD5:6B23619AB152731E1190FA63CD5C0ADC
                                                                                                                                                                    SHA1:2DC903D52FB55DEF3C3A3C5BAAC17C3D1B3B0C89
                                                                                                                                                                    SHA-256:AFE1A1C793D460317EE4502EB3125BB30699D04D15ADA5E1285F62276E84AF2B
                                                                                                                                                                    SHA-512:2B509F9F3583B22B394C1D5886012ABE32C7CEAFAC6720C1A126DCEA64E67CAB2C31504B63304EFE64E1568FC892EDEEA4BC5A9660050E4C64241B78D69359F4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...d9P..C'..O.|.....*i!.[H.......a^.;ti..F(.qW.<E....+..|......(.\es.t.)!..x^..p.".........u.sY..[.zt.].n.P...}....5t....q.x....2.u\3I}......:..u.gT^g.A.u.{x..O.%...x.9J..2.......4V.......:.#..Vq?0...0.... ..-S.....5...I..../:.M..o..}....e9. .u.NQ...{s.7qf"......;{......}.....DM....coxL#.....]......E.V.X92.@J.Z..R\...Lz .T.u.....w.sS.U..MX.V.......l..b...)..$.........BQn..2..TS..m.T......A.[.=.M.1..?Dp.i.|.@.......?..... 3m.k..n1e!m..l..x.3.....-$x'..`...J...d......L.{)V.f..p.".....3.....M...wp...M....M.,.6.()..j....}.....a.).......(.m.....F/r...K]...W....SJ(.%.>$.HM.}]...v...n.'D..|....pz"...Qh.......P..s......`_.W.{n.@<....>.......vK....)....ty&1BsZmDQ.F...y.7...&h...vn....i..EY..wKG......z..e...[.......C.....?c+$>Ipeh...n...2<[.q.Z...^q..C|..(..[y.:.R....k..s>...p.j....q.F,....t..k.g..A.[~....P.....{D.l...{.u4u.B.l...n.--QD...t.9......<.6;.g..Mp$..}......t{.zn....2...}=.v.rS.=.Dj1g...H1D...f-Y..s...H..{..zuOH....k.....w=8.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.852556828880682
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:wHyL10PEGxfrZ1yuYqu5F/Yg0QYwyw6JjQAKMfgp81kRf:wSLuPHrZ1yt5n0Q3yRsAKCa
                                                                                                                                                                    MD5:C101F461828921B533E5489823D69387
                                                                                                                                                                    SHA1:8D210A04364374C86027DF65B18403EEA4275523
                                                                                                                                                                    SHA-256:C874C2A17F0E6D7EEBBAB122E4A36390924E7010FB7D5D19E8B06528A84DC0BA
                                                                                                                                                                    SHA-512:5DC06979D2B706D1953B6C67D1719619D9116D3AC48AFFA0A88BDF304C38146F9A52102BC9ECC2998A4F655CE2AF131BBC40AFD99BBF02750DE673AE31518A34
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..%...z#B..~..H.E.2n.E\........K..F.......Z.....hbrs'p.>....n.[..D.......F...U.L.y..a.../,a+.....K..[.||.8~...HrP..!.>.o0.3Q...e.g-....Y.....g...2..9:...C........oM.!^............M5....D/...]":..N.....@.5.#K.=.."q.....f.).R..'t;.?e..........$...[.....?.yq.R...........+.@.B.k.#5..k..h.....({d......<.~R..a. .SN...]=..<.......*........1...!{.*.s....:.g5...4........2....0........1"x..".IDk.h.8.O:^.p....t..h/.PN....0.G.`.....F&V..,.......6f.%.&q.y.:8.4).(LH[r...............9..ZK..u.7T"...$.-.C....e2.....N.G$."r..*.y....'........R..s..|..#uZ..^.j.....n...N..+...(..1.t..]i..!.Uh"...."..iB...j...q...S>..?..Sx..p..YX.A.Rp.K.BBH. .Asm.%v.&..Du.."U..:...}Y.....,...$U.g.qK..F.Z.J,s....7.:x..B..1>.t......b$...2.i(...Y)....5..=.uW.w{.[W....D.P..$...@..|..0....,*..T....Q.s....*g Z.e....`...#...mkt........u...S..x..3#.._..t.O,'..u;I.mJ.)...j.+.xrB..........O......./.......N..1......+#3.........o.s=\..2./.....d.e.vR...~FPS.5..B=.g.....{..^.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.812962258682539
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:u4CR3IznTUK5q0jEtQMBonipK2MswDJOhcFyV7hXsKQhy0zWnP8WN6kRf:s3IzTUKFjPwoi8seJ8ckV7hcKSlcP8WH
                                                                                                                                                                    MD5:B9BE3C0BBB436C2FF1EDE27FA5535EB9
                                                                                                                                                                    SHA1:9A3D74444D8AD7EF8141DD4BE47D8934F4C00898
                                                                                                                                                                    SHA-256:870B9300EF8BB583E2E8E30BBC4FF64BB6A0AD3AD60414B080EFCC375A9DD61D
                                                                                                                                                                    SHA-512:461CFE68B7B69B94E507BDD0626E6B6108B4EC1F5D63712C2CB4C117B683A0974E3CBA7B9D413DBF417BAFF27674E5C70C9EC17D676579AB12B8BB684B854EE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:dK..8z."m...$..;....'.zY.~:n.......T.....M..F.....+&..N.#m9.\vY_..K.gW....FU.a..6H..~b....".-bZ.|.W..IM..U...ac..8......7.k....]..:.T$../.N..^7..Z>(...p.:L...FX....y;.......1qS..x4...h..PS.H.?..}.y;.:...S#...H7...........45.R....Mj8.........?uy.L.D..s.._..q<....(\\...w.....g...].e..#K....6........?.......5un.8.....<.?......#...Yf..W6!....2_J.#+^.........I...Z.A.\...`..#..;..H.....)@..?.Zg..z.-..i..)...R.....i.$...l...$...:1.!...g..0..r..'...A.in.m....w.~../;k..jTz.S.m....q..ahe.*...rl..........3.......).x...?...?.U..F....#D '.N.....8.....p...V>.FE..~..T.=J.n...^...4$k.S.^..G.....z.ZF.\.77..I #l...2...y.JA.#..p.!..?".Avc...4a...0..u.....y......"UI{I...`..n.......v.\X..C.e2_U%.K...+.".zr]=M#WSTG.....B.!......s...p...T.Xx.1#...]......L.$.....a.s.{.G..1.....}Sv..4.|w~...`?.RN..x..4e.c...B..$.&.....PPS..Xmr....X...$.5.....WK.$......q...,....U.H...qH..LV..[a.}.z...4....L.f...._......hI.%...~....a.2$2U)B.....r.>|.......6A.B...F.TQ.j.j..Lm.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.83422926665186
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:zjqi5X4sfeuOVt+1HAPRPh+Sc9PN/ZLT4qoRS1Id6Juk7BT0Fm0AkRf:zjntGvZRPsSc91ZLgRSfwyF+
                                                                                                                                                                    MD5:985D3EA5087169230BEEAC5524C50373
                                                                                                                                                                    SHA1:959A50F6DCAA11F53D40ABCD602B2200FAFB12B9
                                                                                                                                                                    SHA-256:3B3ABD2057794EE38970711C330548CDDB5825CD89D2BD2E1E5243D5A1539E6F
                                                                                                                                                                    SHA-512:3322D138251FF03C85D7050C77453113385FEE83D4064E3414E31ABFAF43F46AD84047FD87E8B598E182DB89D90C27F1EC75D7CAE53BD71731F7C45A89EA3E62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....D...sN.....#.{..#.15a..T935e.A..y(.H9....}.....)~.i.:.kU.%...W*]1..p....!r5j..K{U..=KFT.=...,f..[L...GTU.R.(...K.H...U..P~]..3x9u,t..4.)LU..."Qn.G..E.o0.~.[.=...M.&U...fX&...j1...qi..1...r._E#.Y...7r.1D...c.....?.w....ao.p..1...ww.{........U...+...=..Te...4.w[.b.'.y.uT./B..5.V.....sK.....5 ...D.g....n..~Z..c /........w.:..+...#NB..N.....3...7......U.......w....1....Q.T....a..@.YF..."3..bkv..Fj.1..T...G..2;.j..T..L..u.U*..b....y.*.X... ..S8...&sb8..y..A..P}...C..m..m..^17G..u.r..a}h.N..s..T.........0....-..9dr...T...D.u..0 .l..[.c..l.<^`..v}.'.7..y...|.......v....7...J..V..S)._.O.J.w-s!'.W.Qu..u..o.y............S.F.s..r.r...?.v.....V*d.4.m......N%rG..D..@..u;.k&..."Q..t..%.......k-.@.r...._nN/.+..q...TM}.M...4....d.d...|............aV..S.4..Gec$.IB.6.W....LjC.m......)...(h..x^.3^.'......(_....Be.SC....?..Q.$IA.E....:.k..7...4.m..a.q......Z........n'...bD..Qzh.5......^..lu....o.{L9t.S..|..J..TCCc}.z.....+H.}^o|.r.....M.......B.h........e...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8525520039415415
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:9dbuWPbdVhANwLow61PeQ7iPgTy+x+L5UtT+Xyff5z1gCRGmA+TTCXck2DLOkRf:nbuQBA8orPz2PUy+x+L5Uh+ipz1tqhyF
                                                                                                                                                                    MD5:7221776E67FAAE011B50921E37342B5B
                                                                                                                                                                    SHA1:B9F6D0FFCFF41D522831C97DAB5CDA852467A60C
                                                                                                                                                                    SHA-256:EA7CED4EACD6A6CFC4F5F8583FFC6B416781134BA6CD09240AF6520D71BA2C6C
                                                                                                                                                                    SHA-512:66C377BBE968DFF3AFAE58C86E8D7F9A3973F946FF6D640946FE325720F58B0E82EAFE271AA5121CEA8A3D18FDF73712F5D0E3768103846E250C557ED5B1D3DD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.4.D..N........Q..]..w.BMT(=...q..p..=.;...*kO..c..8[...R.K......m^+..=.{.Q...N...:..(.A5..#/m....\...k..p..c...g....T.!Tm....:.h..W..,.z..2...._!9.`...b/...;.g..].E...5m.K.....D..%.9"!m.9.C.C2..U....xa_.m>@.1...#V.%....5|...G.R.....Q.re.......y.0......yQ6.**.r:vP.6.:..z@r...q.L.~.......P..`...OI....W.V6......y.ug..w...J.K{m..... .[..|.....~4$.......a%.g..g.q4\.n...5..4.B..V.}T..........$.W..R..!rk.[..g..n..(...rup...I\i...R.....3.D....KU<....0.5k....a]4..RF..q.......r.pT...:.ST@.\.E.o.z./.7.J.])...~.X?...a4.y......R...t.b3#.D.P.5y.2.L..~.0.....i.......;..S.HD.4.E.%..m...3.a.J..V..aX.O.2..Z....._...o.....rg.I.~U...x...N}.H...`.ev,.E.[...+q<".....D.;.V!..V....A.v..J.w.j.(.VD;vp|%d...P...`%.30Q....@hZ..h.....j.8U..t...j.....1?I2c....?...E.o...AaG@.w.-.c..n.....`....p.}).!K.nX.....X.x>...t.\.d...4%.a..E...@..9X.DZ\...iaP0...8. ..9`X*d...U..)..~.,..n.18?Q.b.a.....et...x6V...`......[ME_..[>..]......q......>..%.6f(.........l"...Ut.,...<ei
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1274
                                                                                                                                                                    Entropy (8bit):7.825254534197218
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:NB3E12GHy+fkCgIFLnolhoxA4WAwI9LQAEI6p43O8CxHnlkRf:NBz+Mqo2m4WAn9LQY6S+88y
                                                                                                                                                                    MD5:70570B84DDF7A7A4C5074445853E01AE
                                                                                                                                                                    SHA1:6F70FFB66927772C3EEBE4DE799E9DD1B26C3650
                                                                                                                                                                    SHA-256:A21E464CBADE29E36B9B6D0B60C0794A5BD9E132299AD5D807B97B30AD41338B
                                                                                                                                                                    SHA-512:763C43465F05B7DCD021A1D78513A4D164164E0F75D59BBE23F351EEFCD22190D34BDBF4AC04526285D5E941DD81132D3B3B743A9DDAF246D7D9FE47AD9B90DB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.f( =.+M.@...3a..."}v..".....?..u...TQY!.R..j0.Yv..|z....m.....2.o-..jT......v...` .....f....F...p......$IXaz..x.j..x...(..<.)..jc.P#..W..5-]`.j.}..y..\./M...{#Ct.......;U (|....D.6##.k.3{k..zqw.Y..Y.5JW.C. F..Ca..8`FL.L.i...g.g..:."....23.!........hF._..>.")+....F9..O.....z..e..4n..U..p!..sEV@xV....[...V.....=..$.....'...|......u..t...:.z.a8..T.....z.........z[..j.J&=c(...!..Q........B....<){....P$......k.....j.IxwaN....3....c......ES!.K...].&r.....4M..ix...L;.1%...DQlb=..,.........h.;p....h..u....~.....b5&Nr~.|.{.......{w....)@p.&.V.?.d["(#..7.......e.@....D..u..=w9JV..D...i.8..X.~..$>.)...7...v....22..o.k....._..P..:..}l..`.V...>...#......F..K<..W..#_.D......p....m.T.d....0G.W(........0.VaP.....|.|/.$).!....."..-....j)..]..5....}&:..n.F.zR.._........H..K....IB..v.I..nK..)%2.z..K..W..cr.........#r.......G.B.|..-@.. 1..<..<.......t.{......q.U........48.7..TID...,......]#......e.D.../.F(..H...!.b...RRo...yf'....H...J.6.... ..bz
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.8531413903899505
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:CxQ5DMtxwexbn9rFFRzMpYee3qMVBe2PTwXZdmM4+jdpqjRJrkRf:Cu5Ite2bn99DeePBeIGgxirqw
                                                                                                                                                                    MD5:CF54D7743971F559DEC1822349AC70EF
                                                                                                                                                                    SHA1:111C8CFDA75DB8808BFFF7D5F796277C1A9F532E
                                                                                                                                                                    SHA-256:A86EF94851E8CA9137EA751938E56ADB19013819A04D2831B6D014F5224509AB
                                                                                                                                                                    SHA-512:6C4E56995BA2FBFC3D3559357E97EF376D463B939A7DDA4A25BA886D9E98B3B9493777AE9FA65F25D1543C5D8640C435D470D9FF66D88B0E6ADE7C4333DC4B8E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: ....#..x......,O@1.%.1..#.;9..g...../..-b..s.....5O...gh...j6#.m...S...n]>...m.U..2Db..S.o......8u.BF<.R..... ..@Y.k....*......8.....,..........?.g...v..2!.u#..<.z..k.f.)..B..,.PK........g.r...g..l.7j...d..i?........y...9f.J..k.}.L7.......+P.uB.......]<M.;.I......)}.".T..j#.?..."..g....3....Z....j[..pye..y.vr.q...N...Q..Nk:|m.t....b[..k%>............@...6.....B/.........`..L..Ti.=..[.{.d,......vATSx.#...$.}.6.N...T... M..N..,x2v..p..j.}.u.....5}-..3..._jt!.k.....c...M.f..n....9FB!.LW.J..y....`.....E......n....}.*..|-7..zH3...I..E%cgV.D?......:.._..."......Y.9!.M.......;&dA..Fw....R.........3.sP..F...8..@%d[.?Z.......0....),.....m.KJ^.X..x....L2....=.H..^.yc...'LQ"..... l...C$2M..X^l\x..t.f.dhm...\-..H..?.7r^o............y.".I$..`e"...A*.W...W..L.S..oT"t..u....|..5 .R4.2..@.8.h..H...../...8-...g.. .n?.E.Q...tvV;P.>y..6..F...-..(..r.D..s....Md....1.G......>........6.8T}...M.Lj:2_.u.^}..#.B.m.......YW.1.$./l.W+..:$..x...`.g....Y.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.855277420921976
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:US2MBZZSrRNSbHUGEwu81cySCvD4d8SER7hvUJXjjApFb2P28HykRf:US2MdSrRUb1luUed8SAh8J/0b2P28H9
                                                                                                                                                                    MD5:7E57889C77C0669725980DCC7DD08F26
                                                                                                                                                                    SHA1:ACD45E2B60DD629B4325D62A02D3EF24ED9BC67B
                                                                                                                                                                    SHA-256:5F9ED640AC00F9AFC1F860054144FDDE253956E1E8AC205DBB459287D17BB8F6
                                                                                                                                                                    SHA-512:64736AA708C3AB17D044491690807100977D5778878ADC029EC6778F13EDB9FF281DA762E6305E18482047F25C01D9D4EB0FDFCE38E26003B29D0151BF8ED8ED
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....I.g....o.[..x(....2..%.A.ECD?....o...b`az.S...[..iK.zZ..:h.....y=..G.esdnew.`0x%TL......>.L...~Nuw._,`T...|.a.Tpj.|:bf.a...Q....}....f-...&.\...e.....h..*..L".81..K;%.V.wG....i.U...4F..~.Vi.h..@'..S.p$.T=.o3...z.a....10T...gt...+1qhI..g.p5..h.d...Y.a.Wy.<..5S..z#....E.!([[.J.C!.V0.....`.`.dq.&8Z.a..f...9$..Aca.0........&.s.....<....}..R...^...8B..O..z.K.nl.......N..mmJ.u.c.MQL.......[....q....M.....-...g...6./.Z...&.....8.d.........E...:.%...k......./.*.C../.T.8..(.s..%T..~....lPE>..:@x..i.%<..r.W....@..D.~*b.m...5C..}\....c.C.$=' ..dI...&..0%.g...>......,...q.v./LT~e(.....IB.}/.........n....5T1.)s..5Q.[.V..?+.qe...j...k...._..nmKA.f.E.."._.XzS.-a.....<.?..1.NL~.3....V.%2..F.......z.<?......%.......A.?Wy..._..SP.#4...l..r.[.....s.g6.e..y..O......N.S^q4..O..1.\;~......6......Lc..Sd.Z.M...at.. .V.......P....%../=+.."'S.=t.Q.o. ...........4......].lE..d..^u9.1...cK.2mxo...../'V.m...R'...nm...E......>.........V!..e...W...%....m.r..qh..1!...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.827860877536639
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:3W2DO8xskAy/WhQaomkaqODqNDFr7NG1y8dtgkI2Wn558XokRf:3W2ZxZARhQaomka7qJG1y8rvWnwT
                                                                                                                                                                    MD5:731E7430ADD9E44B167390E43C881B5E
                                                                                                                                                                    SHA1:8C08F0FE4B86C8042FFB334E809DBCA72F9BAE17
                                                                                                                                                                    SHA-256:F3D5BD1676B36CA27DF2375898A6EE5EEED52BF6394FFC85F9E64C45647F3971
                                                                                                                                                                    SHA-512:0C06F080C135CF463C70E4814081C3CC7562F0B7E9FEC6E12087B71B0D5F8D4397EC40C7AF5EA00A6A2C8F3FAD6B256EB0C2D733D0AC69190F8B8601C645D071
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.{L...IB....u....8=b......L............ .rt.%.:...,!....i.^......1..d>.7_?.T..1... .B....[.).Z.......bKX.m..@.F.a.......z.....C..M+,...p.#.'.......aT.h..}.5i.r.L.......1\.I.5.....@A.X...,.......>>.^3.%..|...r.:9...J...x]o.&.b..)...(..0.&.A...S.......a..G...b.@$....l.(.D!......UQ...o.'...p....#.B..!...L6*../........k....Z..q.p.[..p.O.W....j1oP{ .D.V.(q...V|.xN.....G...u.2+....$.3.5.B.q........<.9.......u.).....B.0......1@K.../.{....Y).D.kw<vp...%......<-.w.].6WJB/8nU'..D......,........*HB..8.D7B..C.gG...1.8...[....{M.....vV.{..+...:......<..>...U.[.....n.v.2.....K...C[a.......DN5RY.\.X...z....NP.3..S.2..h....YBh..(.......v.i7....:..{6....Ed@`.4b.........gP.W..3.*....+.tP.d.....a.......w..+..V..y1.U..K3@u........K....]....N.Bu;x.K..V.o3.....m.......1..H..G..\jT.Rl..1..}....\.)p...y.l.\l.9.H.+.G.....`<...".$N.....x?=.bRNx3..."....d..j..I.....@..t+>.Bg.o.u...}3...42...m.R.w...8"......AC.<..XR\.....*.zy.I......7v..h....)...d......
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.873753403510683
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:S7Qquckyl80v8s45qTzDd6S6IPiWKU3WGC83/pmbiOFPxe61OkRf:SBucljXcqToSP+6J/puiY1Z
                                                                                                                                                                    MD5:3ED1F2CAA5FE538312924A7D6C4C124D
                                                                                                                                                                    SHA1:D55428C7BCF9914FC98A85EB7832F0ED99896AE7
                                                                                                                                                                    SHA-256:F5F8F0FD5232FDA86C11ED752022C449C908D7D60A2C6172E5235EBBD4C6AD2A
                                                                                                                                                                    SHA-512:D01207CBC43C2A4A72EE4906D47FFFA80331ED78D589EA894ECD4A0440EA1D897EC5C415930ECCF6896F5D2801A8CF7B6699E84F9BEFF74DD32EB5C25327BCAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.0..C,..".y....k=..C.....K.....$....X..!..2p..].?.YY.#..}L..W.`.......z.S'...Y}a.F......C.P......m.P..B.t%,....Xf5Y..{..S..:y1iwR......<.....T...W...;X..SG.-..lY...v...|.....g.T..X.s)+...p..Cd/$H[zw.%......Y.a..D....2....V..wA...n.4....*.........ST..`.Q.8..%.y...2..60S....P{.x.u...#....3.11.J....p...].M.T...a:Ux...;&.Kbpr.|.W......?...rJ.....5C.% .9"ix..........~..=..;.>h6.Bv$.(.3..&.( ..M5...F........<xh....O.D...^..*.j9Nt[.....xx.7....$[,.#..`KF..H.z.....j]zL.m`/.U+.r......MZ%y=.l...7....e..l.u...-..t..r .........lD9.._..F...{.........O......IVx.fo..".h........j.......z.RRQW.xQ....j.:...*G.6.....t<.N.).T.CB..A.........U..].Rh.L5=..].I...y...)..]A..G......._6S...g...jc.#...>..V...zR>n....g...........=...^b}@W.c.9.Y\*.+.e..."UU.*H....2....`a....!7.t.jp5f.D..a|..uC@1.{.......Kr.......PK.RW.........iU'.82J?...J...m@w5..Q.Ox=+x...D.n.+|%...z...d.P*E&..|2...s...B;...)%....&R..?..y........o-g@...Y.>.....e.bV..........B....O..e$
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.871503741730109
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:IcWjYDLLkhIc3d7VdwJIU85v/a9K7OtYhqsB0DokRf:IcWjYDLLTcN7Vdt/J7OQJaDT
                                                                                                                                                                    MD5:1C3C0D8E485C38AE0BD876E56CF7B52D
                                                                                                                                                                    SHA1:AD7AB85C1CFDCACE736CE4036A16DD041EBCDDD3
                                                                                                                                                                    SHA-256:F699C34CBD1C649D7ADE01C8A86FF3950915F7EAC33FFA3A3C8BCA293AFE2D10
                                                                                                                                                                    SHA-512:6D8BE5EACEA0317A452BD5943C0BA9D8DD55A25DB59305D40EB9D2710EB9C58331E2CDF5BA30CBDBF5C71870574F396F08FD5AE65BC70DB1B455F8738E4A4C08
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:."vn:.........!6X.o......t/..{...Bc1.\..OQ.P...)+......w<..\....../...T......[..6...n..K...1<Q6.`..j*.c..}..42..9...I..kc.M-.).....ROl).\1.......fh../.K......y.......T..+...D..0I`.02.p.N`.3..5.........V\+.g/..(...y.H.8t3..&?....L..7<b.,...'.......\!q.....9.....iW."........Ms..D..K...H4>....E.1..{....K.CW"...at....R..h.....:U.Td..n.d..>Q..$l.f.Z..+zb:......u4...~.o.0.aT.* ...-........l...hY...lC....'.@<..8.K...#.'.n..w.Q.E..Z;.{.t%..L.G.HG........_..}...T..n.+T...~.!B.....=Z-.-.~-.o....Y..{.)>....d...Z."!.U..^......l.@$..D...D....,.p[....H...t...O.IG.....y./.Y%....2d{.\<|.%\..c...E.C;..)J..........P../..@.x.Q..k.M..G...{..$.~......... w..7........}..I>,..<...._P....3....*O.N........./..}....p..=.. ....S^9..:j3.E..S..XY..V....p8..[....\..w.C.....fg.T.Q_^/....1.pX..EXQT.2.L.KP.a.1B5U./T..c..]....4.8Z..M-.ef?og....f.'.5..r&..|.>r...XP.o..7...~W....w$..#JEZ....1..mm...95.D..l.m......./......:#...Ca...t..!F+.S4 !.~LE....E.i..'......g}
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.85786245903393
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:tGTaSQj5k30c8Ufjhk23SxaVA6x0JFn6v0o7le1zRYwqkdHOkRf:t1j5k3dfX3Sgh0kKzTP5Z
                                                                                                                                                                    MD5:5CE13DC6C707E6FAEF4C250C5AF8B6A8
                                                                                                                                                                    SHA1:76D7A652A3C15EF3550F554477578BB39B29F422
                                                                                                                                                                    SHA-256:DEFDED63A26CE2334B5C51D3BF85912B7F1AF56DDBF23E7895C65BAF209109E4
                                                                                                                                                                    SHA-512:B7C61667F0E1B39B925140EDEFABF144E2F780C114BFAEE6012349F32F134DC9DD76597D39CB10440D9E9370A3131E3F028C60DB0A4487D999230C9D50735091
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:$.#=.l[.........&......W.<...({.8..g.{..r.z.,....Ha.%'*B&.=G(..5+k..s.<....I(8t[.{x.-<1..!....#....;...S.W.Z1...u........n...M.U..)].qM..0..N....#:...:...V.h.'.v\._.X.H...07).,k.;..Yo.A...9.Z`i....<$u..r..~....r..u....Q!...K..k...5 ...K4/R....V..._.KJ.......p..3B..b.+.<\..5........0..K...E...Y..R...8.Jc4g.Z@...N.e..d...B....T..q.7.l.T.!..X.b..4.{..G...0U...>;.......^....Q.....?w..B.\..D....+*.a.t..B.S.....Bq.[v......Cw.lF.p .8....j..i*r..9.../......h.e.E~6k<.....-.BEn.T.'.....=..*.....8|.`$r#...AQ.}m.l..#NZ...q.)h.3w.o7f..GY..PvM. yt....+........*"7=B...=)u.a..7...~.C+^...U.l".z..8..T.$.E$-.6;0= ....0~...<6.P.M.D(k... ..........5.y.....c.RxV.b9.%6f...6B8.EN.V>.U.C.R.....u..cQ.]|6.>.}$L...`...a.`j.a...~.C.2a...C.pUB8.n?...p.W.<...N.pL.V.H.!.-J.y...Lws...o.2.f.6.,....e.;.d.......(t....S........?PL.'N+..x....#A._1op.....a.o...>.H.r.....L....*w........l.M...DK..{..+.R.&.D<_...7......J.c....U......|.~..s..'....M...T.p`M.W..J.{H~
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.837864898576196
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:W9QHluOeniJaPb3R5K7Z+bqlt8nM3ID7RlaMXmUqeC6D2UMPBk4tlikRf:WHDSaPb3R5a6nGeFlzmULpDC
                                                                                                                                                                    MD5:15FF6EBDBC1C4482F2D4A17E2F1763DB
                                                                                                                                                                    SHA1:1604D844F6713CFB1A0CF74811CA5A0A33DEE2E3
                                                                                                                                                                    SHA-256:44857B48F9A0180F0EC70DC1A085E9823EA202B38592037EB1D845E8B92008A4
                                                                                                                                                                    SHA-512:228A47522B2BDA4CC00087823DD8CD7F4A11275A6BDE19A49DC81A6C2EA4FAEF8A5637DB09F0C8AB281E15C087EB7DE303FC56309B796FEB4D98592DE7677AF9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:Vw..?./{......Qj......o.......Td..K.k...<N..5.H.H......g(.N...s.lO...jC...8...S..v..s..Mp..t..`..Y.Ot..5..n.[.fX..}.y..t.....S..n..3.....=/..lTC..?7.:kI......h.V....|...KD....3.?...u.X.....!\m.z..Z....*.2..Q.}X...M..x.i.....+.+f..4.!j..C.7.P=.zK..(Z........U......6..sM.'.....k$....@..3.X....C.i.....F....P......tjo2x.r.....k7X../.q..*..'DKl.Y.W..V..az..J.)U. .6*....5.4.\..6..!..E..q...&...e.)....sF...mRORIT...O.|2.L..B...,.f..{a<:$....i-.O:gB.....$.(...D:L.....sw.......1GW^mf...Oqlw..X.K...t|.B..F@.+........E...;..X.l !.&<>.{.IZ....s;......7.<k.{6....Wl.M~...9..D.]t..;93.J1i..&....2..Z.m(".U...;.....r....$.4...h.6a...0..?..wx...-N...$:.R....Y..O... .CRP...!&~!K...w9...?..^...5...A..Y.s..~..H...p8..)..I...@...<.......S.X......5&.pLkxb.$..:4U....&Xku..+F<....G...W=...?...@|.....~...`.2;x..........'.....z.I.$]q6g.. .......&]...R..F.8.-f&~!.va+../...E..j.../Z..."."$.Ox)z4of<.$..Z.;..I...h.....GR.......\t*.....S./.W.P.8.`.EG.fm./u&.....Y...4v.gss
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.82599893398946
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:eS/9qI7gJUgB/87BwYX8cUC9TlrU/QCSAl1wsgaY22XAjI59TBhkRf:L1bq5Z87BzXbTe/dl1wsgaNAAE5ZB+
                                                                                                                                                                    MD5:61C18EF01290AD940256C25CC8010D11
                                                                                                                                                                    SHA1:15007E3B813D79A6F965B98586B2FA740E133C67
                                                                                                                                                                    SHA-256:B63EA019787BCB3E17010C1D3CFBDEF237013B286141BB26E215C4C32B38B26F
                                                                                                                                                                    SHA-512:083377F58176573B21AA69220DE3BE254AAA0FA421865D606BE103697E335C4A65E71C1AA0082FFEC49D4F191774C2B6FD36552DF19F4E2461BABBE7828C92B7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..;.q.Z..%=(.4a.H[,>...V.G....jHssO....."..........{.O...k..Xr...........&..)fm..z.....bO0._|.(.e..}.dU......c..Z_?.. \8.H.e..K.Be!..F..F^..~].....M..>...T.r|..@.F.....N...g..U:.t..<]. .+..&.....rJ...4E..7^~.....j.$...xg...l.f5...<..|......b.u..u.v.(.,T.OC.(Gl..<G.#R.h.......aa.[..+..96..I...bO3Pg..M.<..[Rvg^...M.P8Q.n.p.Ig)Uf..WR..6..3.{.^."s...C....:.7.$W`_.y.j1..."....@O..rq .7.;......h./..n....;.Q...0.4..J?L...I.}.^.Y.ZN...+.a]Tjifp.8D!..5......Q..}...0J.A_...._..4...,..[0....k.w..iT...W.:<]J|aQ.0b.....&..B.W}J......jh.Fw....g.K..9.).?....4s..M...4Oi..d......w...kaN....8......w#......L.....P."x.....'C..{I7.TE.......aHf.".?..?.n..}.B.rI.s..zZ....b...j...G...).n>Sy4ap......"!u.}...$...2.......$.1m...:......b.2>.^...SVW.....Q...]........w6...j.......2=.M!...g.d..j..*v..gqb...........T..z........=f..5yL...-...Qe..{.9'y{5.;..X..h.@.[.._/.8R1..Q(....->.h....B..WV.J.8.m.k.>...n....%.)..Jp9.6..?+...L.{.+.eQ....J.k....]....E#:.9b{..$c../
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1275
                                                                                                                                                                    Entropy (8bit):7.83292491907078
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:wFmePm50t+prWiP1Xv1S47yyTH+Tc1PU7f+QtIkwQ5kRf:vl5G+B91NOKeTc1PUKQtIOW
                                                                                                                                                                    MD5:FD87297B2D774DE4A044030C97467E27
                                                                                                                                                                    SHA1:37FE33E1636FD64696C2E18C577FA703935486AA
                                                                                                                                                                    SHA-256:B7AC07B63D219519268AB2DC8FEC6FA0405F19CC45032E61B6AFA29055566CD5
                                                                                                                                                                    SHA-512:ABF23E7FA6BD741F4019D5BD9045FB65E2DEF8ED0D7215DAA44FC27879D3E8E198E75098430804D6FF67A491F1C6DA01B2C53DDEE722B21841BD4F0AB0963FFE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..n..5..8e..c.z..x...z..:...x<......+.........2...%.DQ.i...U.%:....j/.>.....&g5..?3...|X.a~.....I...V...S.2?..[.......*..E.t...).?...J.....m.../...;....eGg7...w.;.u..Uf.B.Zih.6..]x....7*O.! .e...R$.}.`...>.[.de}...`.sK...G..|..n0....lt.5._(..T......C.....+t-.R..f....A.q\..[..oX........x7i.[..6V.V?6...*.._.".|D...........;...h.(..P:{,%..*.R.2......1..-....1'/.....".D8+.!..i.s..BK....8.?..rv*.:.?...VL.....VcY9.h.>85.F.4........H.....%j..a.+.h.Q....F........]o_..c...X0;..m.bq.....ke#..b......uM~M...L...jx.X.....Qm.7E..Ea.....[.....FN.y^x.TS*....P..d.7.f..H;.w.lDT:.d..?L'qw...[c......._.8..-.*#.0......k.A.j~.>l.;*/.=..E...l.1.3...Q...m...&...Y..g..@.....v.q..@.,....3...,.......v@....f..c..d.....a7k+Lk..;ICy.4.k..c.{..Q.Y.W.D.y...b.(.)J.x..PS"Z..K.jL7...Yg.6Z`u2....2T.%L;q.k.,.`."....[c.3.jFm........+.1. .......x ..>);...e..T....>k4o^.....S........$.(c..."1...V..x.R.V.';...n..Kh5-I.......rIt..W8.>k........d.=...J..r.V..H.T.=Xb...9
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.856538307119726
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:xTry58x75SY23jYX9IDkNxCimbvppmhqcUytV8WIKnsf8fNBMkRf:xq54AtTYX9IGxBm7pSq9ytV8rKsfMx
                                                                                                                                                                    MD5:F76815A5679430D191E7FE66386DF19D
                                                                                                                                                                    SHA1:FE4B44EE79AAB4C65EC44146C1F88ADD106A8EE9
                                                                                                                                                                    SHA-256:0A5C061A85C8B9FA3A104200F4FC83BB8F546C7BFEC692BE5DB358D21C8E9365
                                                                                                                                                                    SHA-512:F813C9D1E11BF58FDF333D086012E426A86EAF6D1C93EDDBBAFDD13A0CB494040D10EC083FD41C84CB1EB3A4A64CE16FB45598047225C94B16880983390F04B5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.3j.S0h.Z......C.@.'...Y).,.l.Vt4d..I.bw.Ht9%F...l.&6H.>....:+..1PR.p...).[!.B...$...*E.w9|......j.O8..%=x...M\S...,Kx.....<6t.To ..7l......e2...<..sL.......y.&#s7#.G..!&P..^.s.M.......H..$.e...7.v(L..<......=.....g...........y.|.J.u...JU..)......mZ.n2=.....)mJM.2..N.SD.#4k.6Qh.+q?...f&......n0.....4GrR..xS..U....l...}{.g.....v.]..?.b....#.4E.k......W..Ez...?.D...d.F!....o...].C..F.A.N..).`.5..;....)..g...Rv.h..)...Uu..I..|..+?i.1.u..m..3.g....iy.s..@......6P.."..k_.../.&..Z*.U.*.QR...B.-:..i@....m.........O~..l...e?....xH.{..%*.9..J.r[P.0.E.g.S.8...z..6...f.\\=.....M../.Lb$......G.D.C....|..W.m.5.]i....VU...._..B.....C.$.......\..uh.i...Jy.....L.7..].G..8.4^..........u.LPM.F..(.g\.fY.CW1!..].{.qvJ....'.~.A..e.x%S...........z...<....).#....2.$.(.Y.*t..0.d:nzMS.y.P...)..$....s....Md..'...%.^.>).t...".}..4..e..o?....kc.t.T....W3....)..X..Z.r....2....N..F..6.PH....}#.i...........K..+.s..;.....=./[........ .}...p$.....m.hS..B9.W.2.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1274
                                                                                                                                                                    Entropy (8bit):7.842469036010454
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:JaWYQ9HhM+rk/y3mfjgFS96qq5jnWhpkzuU08G4kRf:JPhrCjgLz08Gj
                                                                                                                                                                    MD5:A37D85C769E5337B77BD845A35F1B62A
                                                                                                                                                                    SHA1:375B8DD164DC6D2FE5F696E7C62DDED8B8AA6E0D
                                                                                                                                                                    SHA-256:239710EA8219C6A6EBB79DFB38F488144DC2F16F074B347199CFCB73588F26BE
                                                                                                                                                                    SHA-512:3C7CEA7D21C4AC70C7EE305D699974340B3F8794D7F8D1877FB6A2BB5FB8F5E44940BDDFD4DB5CC0F098A7ED7E548D7E1202D62D6A086438F0A2364011B40D26
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..,.o~.....?.-..Xa.@..hx.Ey.Bt..m.4.9.?.w.q.E...b`..]B..:..Dc5x.m....3."....N./.......Io...T.O.,Q..m.a.....W......~.i.....h.|.][.?.p...i..>O...SU..J.%A..g../C...kE.....Ob.L.!.S..4ks.D.wc,.@|E......(..5X..<.>"[.....Q....i...Br`P.En......f...0X.{{.....e.p..<P.,N..}...wh.y......*%....5.S.9..1g!4....TT..k&.\......Q.H.6......_.}Lw..y .P.2..S^....j.?.,G.c..B(n...dA..-...u.$.5..r.h`...`....,tjM...9....6,.....+.......4(.....P!./!...KE.......7.......@.{ Z;I....<.Z}.^..........&.ZKo......d.9i.c4......y.G...|...(.(@'b.%.H.]7... .r.F...7Y...?G.."..`..0U..ws.~.Na.K..w..4.Y4)y|.HG...N..S.P...#.aFX.....rK..~.O.$-......6../...o*Jd{...G..?Z-..z1..../E..g..JT.o.H.....h.x..wN.....z.....Y-..U..n..54.....}.k.;I..\4:.w.a.....e...4l..a>...2....@.a..V..;...b..NJ.~.7...p>*L..R$ZNx.}.... C.7..3.6V{.OJ...j..J...[....O.....Ut~....j.<.>.\....c]..j.8...'.2Bhi`....bt.,a].n......-...]...s.....h{R ...'R2....?.....X]2.;N..jI.....7p..v}..F....HJ.#Q.o.E.......A....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.86052173135699
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:SESfx8SC4LA+LKsMB5cNx1YZu0lbotX9l3t43Zz4LZh0aLkRf:SE2tA+LUANqxlboJa0fzo
                                                                                                                                                                    MD5:E6BA694F4CE6E263C6BDDD9364151CC4
                                                                                                                                                                    SHA1:F06E5B553397675FACA1BAC71F51A58CE2689349
                                                                                                                                                                    SHA-256:F7A459DEDC4AE6D3853F6DD5B443F98DDA3227BD42D40581C6C8AE9CF345AD12
                                                                                                                                                                    SHA-512:B53F5EAB68468A162BE7F98E0E9874A6731E95857E32D5C0BDD684D7425E0FAE21726DA7479453EC059567471652BE2D7EB0F03EEEDDFC90AE862D7B2FC902E5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:0,....O..~....K. ....h...A.{.A.rF...T..4..,#..-s.+.CX.;.w......$`m.r......_.......?.....AR...%./O.%..c.h..O4..QL....D.p..."...o....w}Rm._.Hx..T...vAYE.{..?z@1.0`..\d.......}P$.w].#..9.&b*.*KtZ....d..K.........#Y........*m..10...U..4.}...Q$&.f.y;."c.X.#.e..^........Z.A..!=.L.........t,..n...4.gO..gQ...b.....l.D..(... .N.-.T........mZ...|.p..j.4.u.x..8A./.`.I......n.ACE...>Z/..Q....!...V.Rl..9.&.4.+..o......(..7vB.9.p.....N...m./G...98.tL.G...y.....[..9[lJ...b..h(sg........5 9.[J.....A..|.<...A..Si..j.F..:...^.!................5....,f.l..Y....ZVd..O!.{....f...E..&.....o.z...m..:........j...q.E..&$]..#._.5..v.r..c6e.qF...X&.E|...:+x.E.E....a.e..Q+R2*.OP.B..$.hv5.S.N.C.^..D...2..tL...q...O.....S.Of.V(?mb.....n....49....b&..p..m..i.h.:.0......5.F......T.$.>...!V.._=...#y.....w.WLt.:...r.i..P.#.........J....q(...[X.N.~..........h>}...n..u...}..x...C.....V..l.6.....{./..flXa\G....9X...Uf......(.@MM.{...5oy.....K..$..58.....y5.......Hn.o.v...~/c3.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8491152205643
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:7tgmw5LaWFr9wV1oXGub4GFMqJzpgfzVNE0SkW8kRf:7tgmG+WFxwboXF4GzwNW3
                                                                                                                                                                    MD5:CA7B5C3F248D5009E366F5D957BC7B8B
                                                                                                                                                                    SHA1:4FAA8F271753F09E8ACBEB90EB30636990747562
                                                                                                                                                                    SHA-256:1A36352673F7A59D6032F90BB630B6BD3B5C30E65A29D6DB336B4185CD31936C
                                                                                                                                                                    SHA-512:51FFA5AAB63611C2AF344DA22433CFD301BA4B7EA4DFF0701995A99E3FC355A00B5D920CC53E2B8405DA33F6572D5B18B7D656EEE2398661E138B40C99E035DB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:5@.u.....S=.1.o..Q....bx..o....E.1....$....k.....yE......q......Ue.y..M...^#5.I..Q.X."8Ri...i..v.0.I.rG..~..=.Z...../,b.M=1y.FF#Ju.L.?..{E..A%7..5...?.Y.F.:o.dg.l...).}.Gy}8..yw.6..."..Y.U{\/....j.....5}.|...Y.1y...<..H5w..n....u...o.L&a.0rE.Hbe.........._8...........gO.....@v....8.*....n..XB...X.N.Y20{{?...L...o;}...X..:.-...R<....L....i..;....9..._:.j....F.C<...a..-[..g..5..y....p..z../..).}.?A.Q.....o..x.,B>....:(...R.$........1J`...._...=.vfB....&Z....ZS......'k.rG..e..:../..Y...[.~=...'. ..Y-.Kw..x."n......l..`........]R.......B...J......f......O`.vf.R...'T...A.L._.....>I.._....{t.*'..f.@...n../'.m.XA..X0~0....'S.......X.....,.D{HU...a..4..$...4*...~..=O.%...iH.Grn[.U\.b. .1.....D.J...d....n...o.k.U...k...d. ..!.._h......k...J..%.~).7.o......ztM7..x.=....KS...k....56.s.HG).e..'..O....#w....R.{]._.d....3Z!....!.4..?W...RZ.-M...0...EG1....G...E...)e.'X6..4.bah.w.....o.j.....g@..+...x.Cp.f.E.2..T...+...,c.N.....kv8N.)......"ks
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1275
                                                                                                                                                                    Entropy (8bit):7.8278121794631055
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:mkJzi+r32qohssGe8WlcFQXoUaG64wDWWDtUStbn8HRqWSp2FkRf:mR+rgTGe9CSw74Tgbn8xqWSp2S
                                                                                                                                                                    MD5:C65B6A0DDAE83D71623F6CE7B6128FB7
                                                                                                                                                                    SHA1:BDDD67F284E72360FABDEC92B72E28FF8C177051
                                                                                                                                                                    SHA-256:DD21CC29B3463033D4316750ADAB2D43C3782F72B6EF085A031853F0035DDAF7
                                                                                                                                                                    SHA-512:1DA2B5FFCE973B8ABB335510E071662A9D8E0F3AE560C3E1B234DD9F88E3F302D1AC054A9A76E8476904995A0F3422BB05D29E14FC632E7B63ACFFAF77C42ED8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:H....n..#..q.q6|h.%h..q.)..*R..-+..V.4.....Ed...$.d,.)ZAq....aG*a....%...".......~T.cU.)C....IL........A...k.......3..;......w!I%.....\V...0(.....*..Xv.H.y....>.t.<.VSz.s...$.+..v.P....#n6....+_..V9c(..$.$e!.H..d...3..#t4.y@..?G...?!....B...).6..b'OR0w.....j...0".Y.@....VrG....&....>e...6.uA+*.;..~...b.....T...y.....KOU.....)n8......R.Z.5..C].fl.`&(H+.).dH.#Zz.P.~O....QoH....P..t.'i...!...%,.j..]...g..1P.tMR.U.(.......N.7.K.8.z).n;..s.P.=.W.9.."b$.B......_........).U%.%9..v ......%C.P.>1&...X.....V..F...{..!..B3.)...Bd/s.......VI..| ..v.`...C..l.]pP@_...P}C..>.._.....kx1......@.......;q..r...B...Q..M.....*...{.....7Q..e0.....&k/T......R..42M....0Z.... .[..Y.^."e./...i.Ki........c.2...+..+.>....6`{z.6.os.S..(ML..v.j.p.N...n....o...3...r.c....9.3!;..Z..*.d..=....s.....#.#.....v.]KZw..Fz.....2..$A.F.8.1...W.H0]....K...X..i.e.R.........VX...H..>.%3...;..uAC.].......a.8df.....jZ...L..:...`......W...WC~T%..r.g...Xv..6'..I..Q.a...>.....+.....bB
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.839686344027674
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:QhzOoBJEpEU/eGjkOGsFVtVHfDegEIS0WOuf3xRiz4hqOkRf:GCoBmV/fvJDbS0Wf3fS4M
                                                                                                                                                                    MD5:7AD5CDF957D156765281757E34B20C8C
                                                                                                                                                                    SHA1:1BD85616A70D1112DAE93DEDE7399E925715CADF
                                                                                                                                                                    SHA-256:AF2C37938E48A7D226E0A4D2B15031DBE69CB2231ACCEF83F82DC678A3EE96F7
                                                                                                                                                                    SHA-512:E4CC5492D9435B4D8BDCA83242F70C0413A374EFC9E72BF12678209995C25D7E7460B0DAAC36FD4B9488A5896B76D8BC66175FB0ADCA2D5D71C2A8A9DE2FADFE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.>....uHL....&hH...kb|{d'kc...E... +...3.c....&......b.O^.a......m....v.mW_...F*y......1.......n..-.....f9....&......q...k#wXVF.4.C0^...j....!R..R$..5V.**.u.g...")..JA..193....]..3..4....E....q.kN.W...qh...H..W.Ub.f.......L.Nm.O.O..;.939.9.5#.;...75.W....G82s}....2d..#?;.o$e...".Wg.l......c..E....wK.@.Q);..D..N<.O..{.E..Vf....#`...G.b..~>n.;El..*...B..I"?......H.tQb.r.S....N.".J...#..?..W...C...3ex'\.'.D..A..G......e3.,.Uow..s..^...S.o.N..rv{^.E.^......U..F.a...>u$.j._n.vz.q....d.<......u_?Q....(.u...?..bP.!...r.17....j.....W..Hy.r..hH..8......`d).*.1........i......2",{.&w.R..-....'........W.......6=...r.......|.>..9.p&....z....A...-.v.J.o...r..{.[:....r.zH_..V6..9.r._.q.bO......0O.....vV...1sV..7......r...>.`....a. .].,..5.a'....]....P.f...t..[V.dD7c...?.......y...q..k9>...'.Y..l\M0.U.....L.5+....v.5M.`.Tl.0.....g.)u.....K..........y .........t.m.|....'..._.^"C.Z..H....Xv.zI[...LsTa8..'.."...(....5..3bC.G..UO1+..K....]u../...@A...s.......d^..5..I
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.839617241644955
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:hc7XBqNumEukf0QqWTB7Njdz4lHRScKFpTyBDJUibRCF9pSd1dd2J7kRf:aXBqN7EuUqyrt0Sn/uhGibRw3O
                                                                                                                                                                    MD5:8CAD8196DEF291D11954E8C2E995CB7F
                                                                                                                                                                    SHA1:C9BA2E4F9D18E322B6B77C4E47C77153280387CA
                                                                                                                                                                    SHA-256:086755B6D34C4632AC5EDC057CA29B7D9A502D87427F4AF6D7C9BB23BA480EAB
                                                                                                                                                                    SHA-512:B55168FB972967138A0192E3D042A33670AF0FFFE722869ADEF1F72DCA1E6C101F52A7437432102ACF81E864B8FE42420F17155B7FDF9C015349C43F24AD48F0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........9.n<.<I~L.O..e..B]..).w.3.....bl9.H.;P....j......V.....,..U..z......R|. ..B...?...7w..5.|..Yc.o....m`...LQR3.4..*t...+..N.@..;T.ab.k.#2..!&.v=...e.').8...[...3.j\.........2.K..r.."...D....g.-(...a.x..q].....\..>5..mxU2...;./2#.b+...V.8.|v.....r>...)..\.M..a.Z....?..R(....8.-..&`1A(.=..\.ETB.F..(..5.....I.<...........9.n........)n....&.....NM..l.C.3..o&...L..F.#. .).-x..N.}.r.Bu]...~?.ypj3./q[L.:.R~......d<....E.....J....9......+.Y<..k..._.=s.........$B'.S($.....W_9j...g.......8.*.r..0..V.K.Xj..0.-cA.....v..z29.'....w.(9.84.o....4E...&..2`........e.......K....D..r..w....R.Xe..|0].<.!2.*.v...c.r....6...<.....0....j..?.ct...;&;.2.(../p....W.m.z.......VB.....J.......v"....^...6..we'........{x+.e.S..u;...O.^.q..!......0........py<...\ UUG...+..(.(`g.Ch.?..%..1@t...=.........J..}.L.og....Q.".`..%p..R. .&....D.{.'..9Iu.|...,.,..........P.n)sT.f...Y..... .N.w4L...~...'@#Q.U.....O...gv.[.+...`bh.....-..fM.+.........z.(...{J...Q....?....U.o ..8(..?.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.86988343319764
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:sOJzDubFRg1ngnC+yoLQIrfFctYBXs0xy7M3ZrEwAr6bQRup67kRf:2bF0EC+yoLQcFctYS0xka3Ar6bQR2
                                                                                                                                                                    MD5:42B8F86D7697A04F395087A97F95C7FA
                                                                                                                                                                    SHA1:16C1F97190DE8676A696D463198D34F823966CE6
                                                                                                                                                                    SHA-256:0EAD63F7C0A1B193AB0CA0B0368A59993B33D9B9725485F7B764F70F2263AAD3
                                                                                                                                                                    SHA-512:95C7DF9D60774C3EF38110FF5722BE4C5B0408839ACB79132F032145D00BE5AA50B68CC787A82280DD08A85443F72E5FDFC4279C3B0F5DFB348A4285C3AF960F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........j `.O*..&\..H...OH..h...Zl.F.....{.I.:H....j.n.o.$@..T1h...Fbu....4...N....8.:...'.h#..........rS...=v......:......_X.g.V...*k.: ..3y...?.5..Y*i,..I.....o.......T.X..A..h....}K....<....\....},...Zr...j...l.......b/1.0.d....p.#.3....i{.N0jZ|.G.......X...Y...".)......._..r<..t....cP8.R.,..,.!]Y....:.....=..7.....>.CE.b....G.I...V0...}.h...%.v...,.R....&.n..7.)..\....t...s5..1.J..a.....Ef~..v..\.........Y.......#/>.c...4..k.}.....m..US\u?v...?M.sR|..6..0w..8...V+$\.A.....S&J.pqqq ..c...7/c/..0..,SZ%..Vm.....;..A...m(./..9n....1...4.......I@46..-.....!.....T<.....O.k<x".t...9.Z\&1.y..q.A..=..ZMPDo.?B.#.@......c%.>.q..2...x.......C."....T....su.........%..%4#).[...Db...eX7..G.L2.S......i.Ek..D...K..A.X....R...Wy.X.4...C.{_..-_*...2D..L6.....a|...K)%....k....1...!K;..+)...J-".u.?.g....@A...8x..@.SBr..D..$.v.d..-#...5)b.;.H.1....s.?.D1...95...i.V......pL,..\...^..i..........&..]kt......W....olf/.X....p1.......=u.;.........a..N.:..N3..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.834220480904476
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:nK/8FWvx2O1XyrWFmDmjsjzDY2UhQDNEyPcyWf+6RAABlecQ3yOUkRf:zA2O1CCcBzDUhANif2fjzP
                                                                                                                                                                    MD5:584D46B55908001A653591D4CBD6AAA4
                                                                                                                                                                    SHA1:9E65A2F73E418E6D086707C60F1385A040E24ABB
                                                                                                                                                                    SHA-256:E4638BAFD1B9395EE4651EA4CC74401EC82DA7C0EE12E44D417C41CD35DC13C6
                                                                                                                                                                    SHA-512:0EE6E3FACCD9B0C0611D0D1611E2C5F9C969492BDF017ECC743C62DF144B741E5DBD8CFAF4161F708CE9D8D7E0D577E397EFE3D1BE132CA6124C11358CA69DD9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...X..B.....+.S}.....W..{r..MC.. .....u..'g~.....(G.g...i....f....z.....pW...9.G.-.g}r.....7.......q...'.h...N:8.....:,..#.D.,.3.y......`?..7....y....].........h./+"M.l..[D...1+.1.Q........ ......V?T{.S.?y+.B...C....^V.Mr.C-E......BW......9:....dW...k......_@v..h5...?z:..B.#Jw..Ap....A.*..;...I.X._&..QYA......k.....OYPv-..kf4...b..~...r.vQ&4.(.f..#C.s@..}.Xr..eq.3.-/......`{.....H6.(..t..).]...S....(.h.>%...miz0..&.?0..l.h.Th...o...D..1P..2z....]..A....W`......&meC........./t..7*#kT..2..o.Ar.........E..B..S.cf.&...p.3....v?.P..!...z../Z St...a..L.....x..y....c^'...GJ?...5..p.Y.E......k.o ....W#.R[.........{.RH.Z.L.$..>%.x....b.p.yk,iF.f..+.p!R.`..2...?..`.7}8...r`./....X;x.S.g..^(....W&*.........H.m.O{......a......)S.e...........Zl.....|*.m.....H|....G_.o.|X.q.....3R~.F$.l..f...&7..!..c.D.&..'.,......V.,..D......".8..%.z...h`R1..>..8......pUhfa...n....Z...'D....D...j .G3.....f..tOi..b..,..t...NP.).:|..X."....!....v.D..<vo.A.j0...0&.R.NARhiD.q
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.852174352326007
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:vPPeFKpEYv3WVlhWqWLra8ciaFxKamhQ2ASp5SgogzUj+W+QkRf:PEKpNYlhWqsra8+FxDmGSrSgogoK
                                                                                                                                                                    MD5:060AC0089117EDBF107C465ECE5B8215
                                                                                                                                                                    SHA1:DD994E2D236FC42B2A51B49C0FF7DFCCEB2B93B3
                                                                                                                                                                    SHA-256:64213F14424C309142D2D039D65A9BAAD5BB464B8FDAC7BFCA10BA2808ED6780
                                                                                                                                                                    SHA-512:689D881F7AD5568F59576A35F07EEEAB8FBF2F6BFDB324F1219B6830278DBF9485ABE9FF5A5ABEEE8350DF2C706F4340F5EFC2821A37A71B7331EFE885C61B53
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..F......d.L..4.....H9#./kW.....5...n..m....&... .x.).G..c.[A.82.mI....w..4|ys......a.g.....?.p.H..|;.*......;.-[..kI.........8.S..Q|/...K<39..$....DG]*...-.I..."~.G.R<t5z.B.Hb.Dz.D..h..I.....>.K...............<T.L.B.dJ.I_...FV.A:.j..`.^......7._G$..z....X.X..cQ.j..dQ%3.,.T.,.i.........L...c.8...3.v.#".....no..[QH...P..d..~R.. ). ..P..._Ix...l.9..<.I.=&..E.T.M.Hy....5.K!;!...T..c].m.c..._.`..\y3..eC.....X.=.....* ...4.m..#5}O]...L.1.........a.J..a.$My..gB,.Q...=..#...:EU.....Z.&.T...h..A^....zP.I%N7.i.h.....).....+.)g.'Y..A.".8.NZb...U....p.|R...H....x....Mp..."...c'#..$...N...G.......Y.....g./..J8[O....T~2|.iw...$k..,..e.u=B.9.j$..n3.</...0...I.....i...Ykb...s..9J..R.D.s?6.F..X..C........9...r.9{.\...DGh..<d.5.Q.....Kz...P./..T.....?..3b....i7...I.K...gH..i."..N....XVh......f....0{}._.....j3U..iy....T..c.=?..O.......D#...{...+.2.r......5.e_=Z.(P...c.0...u...#.....+.`.T..=.....f3Wa./O...X.'....R...7..a.....w....3.!..w.....vU..>...FJFbQO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.828500776063796
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:K/YpKNosRrnsIRUcTWEj0arWwqOVuIROyHd2MkeYjUjdCsnikRf:K/MKN7D3R7PywqOVuIROS02RCst
                                                                                                                                                                    MD5:A17E97FBC4705CC4A83B5A75736AC2DE
                                                                                                                                                                    SHA1:8CB907588303BB7C5D914499C3A59AAD18C4B53A
                                                                                                                                                                    SHA-256:29768D2156AF8CABF7B369E41C67836B40E825CA25C48486BD11A4E2545A48D0
                                                                                                                                                                    SHA-512:963EE686B53F1CF71FCAC0EE1147CD6253A0FA30F2A80B70676B48CE6588965586D1514617ED4E1B2680CBD23591863942EB45FE0BA8310DFF4172F3C652C546
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:P.0)..M...m....%%.._...JN+9.i..>.:.kM.u...O.c...6E.=.....m._.R..[.......dAT.!..`.O.....L.......#8!..I.H..9..If....g.c......=Ub.3o(S^DX.._...&. ......L......x@.....ZZ;))+..L...,......O)f.....S6..@).x<.@.=0.m..p..DV.|.M...4.B.J.NC1.{.)...D../..7,..P..[.iZ.%&1. ..(G....k.F..5.y.......$....0.......Bx..../...7..\.~..<..YO0`.c~:FCc.=Tr.}.!...[$G../...E..-:......D.^.Pc...50.T(.....C .7{..n...d..f/K.G.F.J&=T.;...=.Z...DZ.....x..75E......Z..........aj.>.:.Px.X..?..7~...*.s..e..^J....h....6..h...Kx....h...Y....h[X......u..>...H...&F...Q.b.....A..g>.....n.9Q.....&$..;ZU...........j..o.*.zA.O.r..h....A...].._.^a...aA..f)B..S..A..C......jr...o.....a6T,.B.....<h+..W_.J..M........i.@..0C.......:..&.fu.c7Y#ydr;.\p.d..I3.<.4t..@.<=yL..%.,7.........h...3...v..u..^*.R..'.$....,...X...m..........{.8R....Y#1...E(..hJ'.u.3?...).nQI.Ps.W.$D...vc9....%.C..0Y#...a%...`Hb......Hn.....ILr[....S..ED.klQ..Jzg1..h}..u.....zC....J.=.......W..y.%8...G>..7A..1....z5.G+..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.859185318232414
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:QusqG/CkreY18OzZz0z3XuIHEs1beBETU7AtVBGNxIvEbft8XjxzxCWkRf:EpemtzaTXnH3eEIqVBXvEbfmtzxCB
                                                                                                                                                                    MD5:516492265BFA6F88B875782A2AAA7619
                                                                                                                                                                    SHA1:D4B99D162DDE5C263BAEDDA5E8E71DCC7D6D87C2
                                                                                                                                                                    SHA-256:719A6E4960888E219DA0B136ED9E257F157027903079BFB699CDD419EC666550
                                                                                                                                                                    SHA-512:1DD61FAECCE58F5B0650BE07670004DF2C9750BBF1FAFC08A013B8D0D21FDBA2E86C143581E1F74F3FAA4C34B63C9CC2482F77B8E4315907F6F91F3299D5BB1D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......`.U.m....n;<L"Zim}&)....w.%..{F..N.._4R..v....{6[W.v......B.hR.S.|%p...y".$.l.q....p.../l....m[....(..g.y./....<....P.....Q....b..'s..=...5.-........O.W..E4h..r....t.. .........x.I>.)..=..H...`.S1.`1.,.@..Z......z.*.u......!....*......"..+Y..u...hX+K\..8....2.O.>...........,.2/1<}T>...X.\M...8...T...&.........yu..j.........=..x....x..Bh..1G..H....F...{.ZHP.5..A...@........>...../.\......~....S)T...Y..4....s...?.5.K.........70.~.V.l...]..u...o.:.....A..u.L.(.|2.fY|}...$B..l.........;t.y."{..._.(A...GH....Y.&.F-C.R..-.V..6.....e...../.K.0=yt7.~u.x........e..._...K.........S..I.u.c....I)".N=..0_.#....I.~..H....5...(./..VdZ1_>...lW@v.6...}.m/....._dE....Z.e..ul.U.zl.0}4%..hlNci..|.J..g.....3...UT...u...W'7..N=..(...B..F. 3.b9X......5.r.#.v?......PB.....Fu..=...G.Y~.z...b...?..9.8...ng4.;....@.....D!.<d......[B...Z4..w..&...\.. 3zH.....s......T..*. ..].*..Q..&.e1..,.u....g...A..S....m&.x....}.i.....}..........}.-/..d6..."~...9u
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.849861651078685
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:eDQKrhZaR3JjT0X38d9VtZoA1YAxsuNsqj+/Yv5hkRf:GdZp3GVvoVQsuN/CC+
                                                                                                                                                                    MD5:026F2E38526EEB834AD94D6898C2EF74
                                                                                                                                                                    SHA1:EC1B7F1E263F6F5F3FDAD9A2CFD977BB3D86F34F
                                                                                                                                                                    SHA-256:B963B084746C57AA80F03C1D2775CDE753C74BC7417C773541C9BAF6B9DBB954
                                                                                                                                                                    SHA-512:5CB27CD1AFAE34A4467D8F07E5315A110B01D2381FB1A9B9BFEE7272B2A27871062D248508DBB092CB20DFC711E479B8482BC00FFCFF3020FE6B8BB98F0A26DA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:~[\...?q..e.D....Cr....)...A.aP\...9.j........z'......PU..=.....XW.5...S..hI.?F#....x[.O.td'a.K.........(...Q....?W.|8...V .f.+1.b/...M..B..xOBH...."A...M/..O...y..(......,ib..j6..{O.........y..~\..)..[}.........~.iF(J.7..O._.q..NH.......[.Z.x@....s....}w ..d.J.S~2..,).'.....i..f.......7..M..m".......bc....R$e..}V.4.j.1dg...!Hj..^T.yB.W[..R.......b.).. ....A.M.y\.....A.. ~%.Y.XZ...YS....T(....J..M.&..IC:.>3w.@.K@.`....6....p..dU$....,...V."f`x.4...L....LG.....T....M.0..8(*.|t.2..X^..p.!$mU.I.....l@B.f...^l...zF.......5....~..k..Pe....6Ey"JB..e.9...9:W.j.lQE.:....;>......0..<...w.(..p.Z....Q...uL3.C.I...Q. p..}.h...-....T.|..V)27M..........*..0.q.J.....P.].'...T.._9*.6U<..F<@..(..[...j...3.z[f...H[....t..3D.C.~~...AY.y...Y..r....^W.%yt._i..`;.K1x.....a9x.k...Y.ok.P....U6....'....:4.p9.w?...s3.]..........|....?EVPj.8../..w.+v.Hv.h.(M.U.....-7|....H2....g.....9 .C.~".j.G^.h.pg.eh..$..Y...,o&........1..0.y.,.b.$.=..z.QN^......:.I ..."...5..Ck.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.846268562119086
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:aUAWgywIfcH1VaJW33dcyf/Bf6gPuh66BmNDMSrtwofw/oNV7kRf:dAWPfcH6I33ey1fuh6PNDzNC
                                                                                                                                                                    MD5:F6FA6C914036B21A692B468E7F1C9313
                                                                                                                                                                    SHA1:403E8B83CE9FC977246D51C5E42845C452918795
                                                                                                                                                                    SHA-256:D2090261C0865F8311E674F61B40B888EB5F5424ABCA69DA961CF7824337C1F3
                                                                                                                                                                    SHA-512:4DAF095FDE4715BDD765BBA9A329C33719D6BE6D8F86E5B54278A702B2221E3DF8D2E44C4A7ED88A55DF7287B717C9363710EF9CB99F81A28917FA354E1F4EC2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:2...){L....X.....];..>#p...U.'.9..,n....I....Dj.zx.H>.....8....'..=D.....ovv...B.'.Z..P7.0.<.......y....i.L.1......Z..f..._70lb.C......X..Hm....|.=....KJ~...@.v..`....=A..'....7....2....Y.`..*.....t...U.g.%.e.}...j,..@..F.|UlVM|..Q...:..Zx.D6S...5 P%......H.L.ia.Y.*D[EG>..t...z..>.....d$.Z.'..Z.K..Q!.5.vW.e.Q.....e.e.p.d.9).PI-7..?...5................CL.....)...U?..#.k...u.&...)......."e...,....@..(~z)O......h..y..c5"...a.[=O...0a...W@t..*.7....T.b..mM...%.......6,.dp.C.`.IC..@...,....*..g%=#..F...i..sNl.0D.^.....R|&.v....^..$..Z[..........P..0OL..$...U.<...'..Kf.jp..p....A.z.iUM.=.d.z...r....n....6..zIH..{.....[....TU})rv.I_.mff./....Ub.....hZ...(Ue.K+!..*N...c....N.....N.0......^.n...W....y......WgVp.f...|._<?..?.j..........].j...\.?56sf.G(.:....-...V....f|.e....s>d.3.+.l..".:P..Fb,...h=V..3Jf.b...:h.?....@.g.Eb6..3..>u&.V....T/y.it..$.0..z..bM.xNw...E.(ct...p.6.!.p]....S..k..==..........p.T.&..Q.G..OQgB..p#.R..ep...b..a...C.0..}..,.#.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.82566229676029
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:QATPfnSBLZuH2fx6C0U4skLxlvnuVibj9oQFnEXb51dYUwYtPuoCOEkRf:QwPPw42fEC0U4sYuViVhFnEr51OOR/
                                                                                                                                                                    MD5:F2D959394B21FBCE2636EDEF760FE261
                                                                                                                                                                    SHA1:18F673EE7B1607A716A9F6761DC73CCBB7E20F5A
                                                                                                                                                                    SHA-256:38829A50E9A3B9D33A049EA49CE148303EEE7431A6A4D93DF562315EBFE56AE1
                                                                                                                                                                    SHA-512:F11F066D522D1F8E00A1FA365D898C61D2BE380960D71AA275B71E853886C1CE018D44B2AC53EB33EB82431D8AC85B4BDBB26A3DE7767CB9827D213A19290244
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:."Kq>s.Nr..x.R....(T.W}9..O...}A[.{4.8 ..n0..O..}J...y....4S.O.OC..M.|h...../...:.PKRCP^.00..c..Y...........1.S.....K?~*D...)......0.'K.'....IZ.H...<G.m.x.8v.n8U..8.....FxKY...s.....v..{...ai...)H..G..G8......;.p5.M_O..\.T.?.6ix..... U:_...N.....T.1.d.4...6+.%.(.Y6-:..C.M..!<......Ac.....)...].U...)v.@4@R*'Y1..+KS..T...*OB.!.....T..l.%T..h^..2...,&.6=.e....[...3K..6Og.,...J.=..W.W.Mio~.....3(..QEs.'..D^L...]....QX.....y.....D..........I....dQ..u.P...........,....ZV..J......Z...D.%.G_..I.h4z.}?.P..r..H...M2..G....;/&...B.....c....&.........s.N..qL...].T\x.:....A...v...<..#K....t...Z.YM..{o...Qi.?...H)..<..!!.k..$?......H.I.5.n.:..z._..F4.Y..~..-..x....5\TV.(.0.4..~..Q_...-!....k.M...(..QG...Q.JRc...q1...&..1).)..............8..?.-.....-.....XN."B...,.....?..5Lz.J....p...x..._.t....R.6...L...j..K..,..F..MD....^z..qs...Q.!S..-.........O.l>x...7.9.%..2...D#......_".w.....r.p.z.a.q4.G!.. ..M..-G.....9.8...F..............Y>.....4..#
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.871804888389313
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:X+xb5NKer0jzNNzOUvBa+j04vAMpFdwYjdtpYnpyVFN2Unw558YePikRf:X+xb5R0znwmCoVdtpYnEIUnwBeV
                                                                                                                                                                    MD5:F8E80B481B78717DA7060628776E41E1
                                                                                                                                                                    SHA1:687A2A5B0B940A40E9185B2ED916162FDE0CFED2
                                                                                                                                                                    SHA-256:2EDB5DA5C921D10B1DB25D0BCB18F4EEA05D4595554060C608D65C72330CE4E0
                                                                                                                                                                    SHA-512:6CEB74C3864230AB00869F731AE8DCC95A94C084AC1E584F97E6CB17909804E3C15E84C0981075DE097997C6AA4A076CECE6AFDC245D0FB978190A3E49689F39
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:S.=.2.h.:......T.......,...j.....Ub.R...OHx@.{y...=THuT!......|Dw.ZO....t...C/....<.,...-..|1.G..+.Z.......$.9.p.Yz..b.......71......j.pH.....Ey.^w..hF_..`[.A..l..-3k...s.....>.:..!...`...E......=.H...,.+......;Q.5Z..;.d........Y.\.3..^..}..l...:...j.k^$.g6.{$@..#.S....z]....k..A_....05@%S....8.~..9f...E.,...(...C.....zI........2......O)....D.....%....V._..-.g.'.G{..A.R.{.nK..g9.T;.L.c....6.....2..!.D.a[.u'48..V.0...3..o..=..'e..T...3n.#.9..4d:.;..x.L.<...P'.?....n.....m.r..K.E.3.^:w....G!...3J..05&.C.....U-....O/..3.]....@Z.Tq....S:...v..m....mTr.Gb...O0V|.>.....VCJ...p-.T...:.<.-...|...@D.=......t.....=.<.(..{Z.WC6b..GU.."..,ev.w.....Fp........`N...Y+e........1)..5.~....[.3....nn.^.!M,5../%r.......a.=.H...y...CU$`.{Shz....L.k2.F.=W...7/~H]zo............^........f[.\..d..A..rz} .u.a.9..:Y....e/s.i........>.r.o.].&..\..N..f.H......z..dm.....N2k].S..I...................9D.Q.b..m0k..K!;...2.Bt.+R...-Un.T....F.....]|0`8.v...W.,..}(..~
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.866340501680486
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8PQYp+Z75e/WOHHQNzUme6dclx9DL2Gqehad54xS9Xj0WZkRf:uGM/WOHDkclxpq54xiXQ
                                                                                                                                                                    MD5:130F8844B2CE23AAF9E971F3A56C44F2
                                                                                                                                                                    SHA1:37D7B86EE1B519677E9C281F7145C78A6486BBB7
                                                                                                                                                                    SHA-256:15D0D6B6BFEAECA1867AE443452D2CEF5601D6CB1C2798294951506ED789416D
                                                                                                                                                                    SHA-512:CB787D2F6E4AD8E1E5AD1409809E3508A753BCD767C2E829181AAB0B26961E6F6F12F429029146BE54CAD4909D5FBF805FE04808C3E8EB86B8E373F02001F68A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.W.............[.S.[(.....t....9..\A....7.e@>..#et..<px.'...h...>.H...2.Mt......SY.....u.l...B..Pp..bX..K..e.Y...+....}.......~qb...T{.t...U.im..L.x.p.....k..e..F..........{V.......%\..l\r.N.K.\...r./...m2.?...ew..L.D.J.r...~.N..,.g....<kP.-....?2...;f..._.?U....R.E.}z....9.L..s.l0.l.f.l....I.jary...2.btp....Q!@..iO5M...P.^.c.....Pq...g.RE.7`..k8.F.H..:DQ....$y......cV..<v.k..%....u...0t^,..d..#.....1).WU3.=un. .`.B.]..D.ko3...k.D.........G.4...U..|Y..bM3..%.Kh...5...Mtb..X..i.HH.t.X'a3...8..".....z.....N...d.......OH...=>..s.<6.[[pc.!Sm.b..C...9....}..{...6;....&....Z.:.b.........m..Fu......!..Y)..t...#....<...x._.:..a..2m...Z!.Q..T.7.0..%..f.."J.%J.....mZ.....-..1.B-.>..3...p.r...>...".,......a..Dw:L0. 9.@...i-..P.o.I..x\..u.....%...`C.&.U.7... +...._.e(...Z.>.m.].g..Z..h....^/........(...{I..jB.|=.Y...s.....i.=.e.h2..7.z.y]..}y1.r.T.-R.w..e..........h....... A[iW.?.-f...D.h..B....."[cj..~pp...C:5.P.._. t..0..<n.1}..xM...)V..eq.]
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.827762572040625
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:kkHaBOOhWVMiVZpgMb6Kq2U6cS1AvT57zrUjAOmkRf:3id1u8Mbv791k5YcOR
                                                                                                                                                                    MD5:90F28FF22A7251BBA1DA886BC87013FA
                                                                                                                                                                    SHA1:47A57B61753C69BAB643983B2CA3745DF18E53B8
                                                                                                                                                                    SHA-256:A4C58E5922B1A8FE858F71F3F43988ED9117B06CE5C4F20109E2C5867E0A544A
                                                                                                                                                                    SHA-512:5FDC2FAFD7E0981FBE9B2F59BEA90C207D48333DC70E50E6776E74EFD685CF39C2FA8EB179B1A435483F94F9BB318C647F39190D3810904B286BAB235FD827AA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.oG.vARp.,2..:.z..6:..s>2V......:..@..P...,...X<.Hn.DgND..d*..\R.i...%..,.um..!.(..."..^.b...].z.|(UT............i..U.....!%......`.(.!....U.......k..,R.)....+."{T.X...Z.x]...$..J...T~...2.b..l.....s-......x.......S1+S..].V.eP.3....C.=..#.|u..."...m.....%...+.K..u.w....8..f..cJ.....^...0Z.....-..R.......'..|D-...>.]2..k.;.p...Z]..9.......~j..?.B...u.\.tp.f....Y.H...>w...cn..../.$.C.}....f9......0.......G.qr'#......G.4.r!..LRRw..v@.FN..Jfu..V.vO3p...(1.921#...;.<B......k.Z+..M..(.%...l.0]._gZL.n......s.. .M....X.Q.{..[...W/...|..c..~mD..m..b.@Y.....1n.H..2.A.gS@c...2.Po....g'.~p...a....LY....=...[......"...D.U.:.-... ..i..K...v{0...m:9....X...q..b*..[G...D.B.).r....P..q....-....h ..-.q.F....b..ZY...A`.Zu.2M..:U!C.."2~...#..HZ.r........S......An-.aa.....9l....1w.......e.._...p.nrV..H@....'..E.y.../z.T.1..R.. >........?..h....Y./d/44..y&>0..y..X..)...u.>]...?&Z-,v.D.ySJ.fZN...b6d.)&.........R.....}W.(.A.r..z...2O.... .hO.#-..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8217775702080665
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:P1yvkehlOzP/186hRLbc19BvTLLDRwNZ8pm5tjODIO97zj19ykRf:P0cXj/18uL89BvTlBpmLi3v
                                                                                                                                                                    MD5:4CFFA153BD8F1C9C5A8E5E73FEDD9A06
                                                                                                                                                                    SHA1:B349D0C263D7750F69986A864CDC92622088BEFE
                                                                                                                                                                    SHA-256:84334EF290E7882420591043F93E74EB9A3E6681FAD8E7761912A77588E4D449
                                                                                                                                                                    SHA-512:1DDCEF8FB82375AEA26053E32F12854554F7BAC184E61F0251F57B70F9E95BD47FCA96688F2BA68CA15D2F3A227285D8DB3FC512D927EA55863D59E1D9F0B59A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.B'!...c..O..B..ln..@.YTW.....Y....qa.t|f......G.I#jg...^.t...!.5D.....>..] ..?.U.~...i.....k.y...K...(4.<.~N<.Gh|2tLt.e..*4.."...c..>...3M..N8L..@..!...JX!.*0..._S..Dq..1.D.D5&...,.;..7....{.i..I?..u....k.J..Nl...!)............=h.y......D.7....;..|.......8rk..o...3..).3...$...."D....p.k..P...?.3.....U.oL=...J!p.D....l....`......`,+,..H..7s..'Uo.k.|.............P....8Q.'Q0...v_!..\..:G...;".`.Gk.l...p...;G..(b.j@..lTg~.(......m\lp.B..>5k0....../.'..H.....DS........&6..>...&.H.....$Ioq.}.&.2..zd.X...Z..8.q....(...0.4..U[q}N$.T.{..d..I.....`...k...n...!P.HR..P...jBd..yE.F........l.3'........qB7..IA.d.....m.{\I.o.Z.;.......("R....Z.W....I.....<.D...i:.P4....N.I.`g......3t...Dq@..q]...G.".2!.aZ....!....kZ.L.o...I..z'.s......}.....W.-..X...N3T.....]F.%..#.!.........61>?........N.Y+c..p?....,....R.,UoFpQ.|..k...uQM.l...`MT<..4U...e.#.E....j.....E.".3(}{..g..Hm.@....`"..l.E/r:....e.....}..7o]....2....%.....L...!.....~..C.,5f....."Z$......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8539812412901036
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:Iw9BEA1P/XKeWYMJAQYc6BG65hPM9CGv5dZtTRuKmXh4Yj59+PmRfTkRf:9EA1P/KeWzJuXBdWBFRqQCI
                                                                                                                                                                    MD5:4B18A04ED9B6F41FBB147A17DC9368A9
                                                                                                                                                                    SHA1:C0B9B16F05A94D04E0484183C20FDE8EBF4D2D46
                                                                                                                                                                    SHA-256:1CEB933F6095BD78F470E9F1E0382E5019CAD59A5454D136BC7E191B3E5B705B
                                                                                                                                                                    SHA-512:9593A359A9B661B6BAB7475159F7272B13BF2C4DA10B09497BA91ACA77D3C51C03313BB9ED9B0366751A03EAD16FFD087D05ABE12B80A3F2223476166E7999DF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....<2..3.;.i<...M..v.9f..:...&5..N...h0...x$==<.m.......d%.Br.ET..M.rLbx.`.S.j..... JCp.;k........G.%V.....xJS...B.....=j..[|}.-..lu...Ry.......}!.NR........./Z0\..qO..7>..C. ...........<U.*.D....G..!N7'...k.l..L...&Np.9.....dU..>..ml.t-.|&....*s....}X.A..V...........%..yqJ.........Z6...i#...M.f*..."E.s......?..#/.....>^U...Q\..5.........{..d..V...N/~2...kl.....{.]..1..oHU.......2...g..G...H...........`......L/.v.-.r.......A...6.Q..m..F.C.$...Ua_..V._..^.3.....qB......% ,e.e.pk.y./..gm..[....O..T..w.g\...>rJp..}.*..`......3AD.6yt...;.sT.....n.d.y.M....7f.. ..Cw`.B.P.~E.............%{;j.Li#0.ol.....=. .La....^..7..t...B.....r....g-.~..\. ...E.........g.nJ.n....|".ZJ.@.*^<....3.!.fN....#....@.5.6..."<W...zB.j8~Dk...o..u....IV..|...$...y..RNmd...o....G...y?......&...dM...:.....L'~0v.VM6.k...7...w7....!.^r.A..../....._%.cSh.1.f..0...he-.]....+V......mp6..#.vt..r.........!=d..~....f-.c..qp.Aa..8S.Tm...w........,No._."..-...m......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:zlib compressed data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.851409245553526
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:oXu05tCLwGSIu0nfNWUaKXffIUtypRc4hkRf:0uMCnf/fXIUAEF
                                                                                                                                                                    MD5:B3420A67BC829DE95085A98EF5C33F8A
                                                                                                                                                                    SHA1:01ECED0899CCFFD847BDC110B794F5DEB34FBDA6
                                                                                                                                                                    SHA-256:C51C014A007E29969F005AA80574813C99FEC172F157A75BF44875D5F91132C5
                                                                                                                                                                    SHA-512:15266718A71E4B12ADDD64A30E44A09030A93ABF09F5193C0397A00AA5DCCA2DB2BA0AAC861A81414E3577C20603D19B06D7E9426E362C0644E989F0E0B587E8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:XGR4..]YY.K..A7D..+..e.7w;.....u....V.d....t.........%-QW...z.....I......_...i..(.8K...mp....H3$....!.m..k-..:S.o+..V...K....}.)...J;.9....>3..P.}Ds.M.)..a._..Cy.6..n^_.Z..:>..!..F[a..vo..&[$.....M.i.....%.....f.f.....%..k.(......e..3q.T?.....!N............=%M...w|.C..z.K;.;AD?n.....-.t_...|._M......9X.h.j.;..z...H.....}...Q.s...........O.#.k.@I\D..hp...e.A,9R.....S.T.H'...GY.I.1+z..P.!.x....!......4....o..X.R.u......K.J;k.r...t[.K.Coh...}"...M.1.U.....\&..tL#.A....U&7..GbN...<...&...?.?.......w.4>..f...s.!...~._.MA..M..~7.u../{.0....(I2..>..:..o9&...4.^F1.....u...E..-..eb.r.......,.........L.-=..y.'w/...p..G.....P...xV..`O.k&..J}.#..d..t......~..z.(7\.l...........Lp.....4...p........<7...../..>.......#m.....tQ,t..L..M..T....tt]...........&...x.+.h.....W......../...k.Y5H...sw.:*....e.....3..o7W...[I:7.......'..uz:....U.6$s...}.b.....<...'.|...I^...ZQ....o..+.......6(.M..W..F|....)A.....1w;.&..m../...B.....lx...p.W. ..d..'4..75.`
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.85403730437728
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:jarOOhVwHW00Coogby2w4W92uZiklmaIKcjczSZm/B87kRf:joVwHW0ioeyR1ikJX+czn/
                                                                                                                                                                    MD5:05DB4946E3EF3D78180AA25C2F1D29CD
                                                                                                                                                                    SHA1:D36E9DEAA2946AC68E359A7815AFC7213FA1C163
                                                                                                                                                                    SHA-256:CD4EF13895F801F063CBFADA37AF97BC1F8FA57ACD6BF059DDA9EF6832085D1F
                                                                                                                                                                    SHA-512:1C197C3424B087B06A08EB4D3F7CDBE861DBF0CAEA415FAF6561B44A8CC6B15C599E154CA238BC530333422A35C7BAF437CC5A59676B71024A15414178B3BDFB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.^.c.r..l.1......@.X9..g2..$clh.h....h.*.:............B..rjY...=.7..f.l..Z..r..<..8^.....#..5.>....#...7..Y..v..u..yB..". ..!...............O..9..K.W.%W=.........W.t~.1.........n.v/D...2F.!..>..*.|..N....=.@...yO.W.....?.:....`.......Rt......]9w.L............b7!$.aX...Q.1$..$..l....S.$.....|..}..T.pp..S.............IK..............m...y>B.....f..u..*S.DD.B.....fM......X...0...B...N....K".".^..T6x...L..Q.......-..lAU..}~s..h.!zF.%.y...{%1.Nz..K..P.+.K...5.I}.nv...~.TIg.F.....$..~|.M....b...#.S.<.....Z..Z....V^.e..L.A........J......?M.i..J.A..8@...VL.q....G..mz....Q].U.%++8..@ .).poCf.7.8.....S..I.].@....!.3..l...2..fG..w..4{....p.R.O2.X.z.tQ.....N$.y....J&.G.....n.-.C.w.`.M#..jM...~Y........Un...0c....X*..z.B..P....7.g:..C!...$=...t...@. Q.o..'JB[v....l..R.w.1....GF.3.6..H4.B..kJ..l.5x.........../H.y$s.......:....Ux..8.^d@{...Q.4.+.......WS.\.6D........_..!R..9)n...Y.:.g...>=....e.|A..d;.YK_.... .........nR...H..V=.O...D...C..u...^,.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.851272772315817
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:b73ucePUvq8OZ14bmhuecYiUYbG2R0Stz0dbL1i1vBHSOoakRf:b7kUvt219Uf7bf0VZWdpk
                                                                                                                                                                    MD5:BC816814BC00DB40EBB25A8125425D8A
                                                                                                                                                                    SHA1:656D08B4DF1ABEFD2EFA369DC07D20917880C37A
                                                                                                                                                                    SHA-256:A32F3CACA484C82E39D853456AFB22501C8D279C6F6F13D60BCB214F5A1FEF4F
                                                                                                                                                                    SHA-512:8731B354C6BCBAF9ABA9C062F7F2EB3567175EA38202CD6A8F7A374B59BFCB94187E58D0EC8D784DC3C5DDFBBB2ECFC8E412E817E4D0F71AD9FD08D4B0BF1524
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...(=..W...W.....@R....S4..0=5b;=Qm.S.#!.I...I...f...q. ...0...6.p.Y,.....m.p....C...W.]..Y...[..@*L.I.\......0.K..>'{..&1........GSD_..Uh.pl..C1.g..Oa2o.]Syw@..+._.c.t...RiT..9.5...p./..+v..FS3....0p.R-Z.....~.....a..|RJ.:.<.Sn...FR...6.i+I.l.vu^....-.,....6I^.G.%.y..D+.'.k@...A.....cj.E}.6.4~.k.U.p.../1.p,.>....,.*..E=.A.>....n.....8R".8S..If.H........ep..: Ln..q^.J]..l.....J.../...t....[.Q...H./..#f..P.b.@..B.MF....1..#..|.b"R.......J^..v".E..X....szw..{lB...k...IP{d..Oej.Nk..H....j...I?2\..E)...$..0m..*.M.A..-.}..#....;......Q.`?..ec.._....}...-7..W....5.B..6.K;-./k....J..H...b....m.'..,..'. .....f7./.9...)p..;...n...j..Y.%{O.'z.m...Y.\.)lI.F..v.P!F....W)..:`..t.7`...)s....).0.*.Z.'.x.]...}..4F4....~(,X]...h..[.Tg.)..Q.X.....).c..e...&rK..p..........+W..Y./..lCQ.e2.%..o..%3..D..q...&S...`.Bh.\.......v..6..g.l.W..HF:.i.J.X.......W..3{O.%.a.*.b3l.rx.C.6oK-...X.....|&. L#.i91.....XHJ.jX.Cl.m.B.Tk+hVd......+OA...L..5...o..y.i)...#.....mQ.(..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.841956938243432
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:LIjfnKBvSXQZ8Clrtq2/IbcrhxjAB32qV1XDAR/hoTIkRf:tqAZ8Cp8uxr8xZ1XQhEz
                                                                                                                                                                    MD5:F34AB6D90BBD00E54473B931CE307316
                                                                                                                                                                    SHA1:70CBB97029B56A2EF7AA42F40E3FA788B24BFF03
                                                                                                                                                                    SHA-256:FA3864E07143BE3206B138C46C32B9647799894403CF02350114B428E2A0454B
                                                                                                                                                                    SHA-512:68C396396FB1240D8B809FBA4692EA1B9CD20868C7759B53FD4059FF076613BD550278DAC01B4C5424324E32BB3952CE4249EBC1C3C2DECFE7C5543986ED3050
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:gXH..u_[..h....8...:w..^....>~......ZF...........@..x.04\.`...jw...r).....=.d~..r..../l.SX.X..r.5.|~l..$..eob....b..\X.2..-f.U...Q..F...w.......m..j.c........E...N.g.N.9}j..:M>...V.V.;_.:}...e.....5.#..f|.\.....3~.#......../..m.&..A.......*..x8k|.l...L.....!$x_=}#4._...Py/..z....H.\..nS@.....([%x.~Z..91.......qS....v.Y.l.Ajp.......B=z.>j.0fo...2.0...k.]P*s.S.yd..+..<w.6..._...-d.j.(..tu...&4?..3.l..A.:..i.) m....z.C.1.;.C..j.;..m...S..e.m.w.~j........T.yc.l..4.i.|8....f..`.T..M....9`.q.P>:... .`......i.s...............#,..K.l>".Z....(...hvpWbe..m.C...7....Q...qCOp.|...'>MX.y[HF.cp5.4{?...XOz.0o#.D..^..C&.TCy6..|...0.8....M.:....U.-..cT..}.../Z..y.g4...m......'.l....'RL>....s`~..+4...B.}n..u[..8...?.qI.V.U......D...G"...$D1....*.Vt0...}..%p.2?.......K ....W.......J.:Y..=s..........|9....n......P`...}....B..e.....*c...,..X4.)...Q.......h.|n....M..?M .^...{x.Z....}w.5.n...7.R.yS7.*..;..n.hoZ$N...a...\W[o{B........m.@....x..v\Mquu{..k.._...[?....q...
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.853222056677729
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:B+5rAdXCOiEIxCfNxL0sJylCfzONTQHbdUluJcbQWlQE77kRf:BatTWNxLz8sfzOFNbQOVc
                                                                                                                                                                    MD5:ABAA92C8C1CEF53D5E277B484D0C4B0F
                                                                                                                                                                    SHA1:8C1CC71064BB44B299598F23406512B47313FECE
                                                                                                                                                                    SHA-256:82EE868D883CE891F967F0E8A0D7CAE9DE2C81F59A901BA30BE8336B0B4E44A7
                                                                                                                                                                    SHA-512:8ECCAAF0451F51206E1592ECC8CCCCA110865AD923F346B1298BB1717FA27076CFE68407884E344B8343911EBB7326827A35DD447B194E93BC872C2D2062936A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:> 1.Z..l..2B.W.u.hP.,..w.4..E.-N...mW.\Pvd<|....E...}h1...tVw..y..2..+.....b..6~r...rC..Th...3..,.....<..Ue...)|..l.*.W....$.8~.|.U...S..bq.f..wi\..C..R....f>rP.@V.[..w).}t...C.@..4...N..C..X..)..m+..z.D..ivo.N.?..h..M.C&M.i.......;......y.G..A..R..QHZU.L.....jn%o..[N.AM..E.t.Ky._.i.ZM.....T\.%.z.Cs..4....p=.m..&....'......2..{.c.Z.Koe...Ho..Tn.`K.(Ljrf..-..d.;.J.....I..u"....`...D?.s$H#....<..Bb...|.:.........[.N..R...c......,..S.....A;.k...G..m.B..}o;.X@!.X>....yh0w..-.b......=5.{.z..%jjRs2....t.!..2...w.f.....P.}`O......b...'.d.sMT...:Nz..C.d....Q#..i.$....J..b.hk.s.L.;0.N...!.3....!T.Cp.D..G9+........./.].....L..o"D..+.<@r.Rv.."z./.ON....*.E]2".#..|/A.t.e.=,L.)M...c....B.Szp.xc...,~k...f.h...H..z.g.Rt..XA..z.I.ek...D>.....%.t.b-.H....R......&.. i'....D.CB..,..x.q..x..q.......D......%..C..s..}.*.r4......!..^......`..h^.,..t.-....K..7....2..@..\......X....W........8.E...<9.......@.....}5.-.....A:.3..e.@.Q..V..... .R..PH..s.$:DL_.8....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):151040
                                                                                                                                                                    Entropy (8bit):7.997097794562139
                                                                                                                                                                    Encrypted:true
                                                                                                                                                                    SSDEEP:3072:qCPtJ+0Ish1Zi/Bih+ZCPtJ+0Ish1Zi/Bih+ZM:qOJ+xshW/BE+ZOJ+xshW/BE+ZM
                                                                                                                                                                    MD5:5CC67164364DB831FDA300471D234FA3
                                                                                                                                                                    SHA1:D906BFF330EA463828DF8BFB528B127EAFDBA427
                                                                                                                                                                    SHA-256:B62B302CE1E119BBB3BA26E3A39765C078FD46201D1E3A09528E0BCA4E403CFC
                                                                                                                                                                    SHA-512:1D6C4F9A962FBA6754078EB2AB6913178855B4AE05A328354B7D5D666F2F8562C77AB57749F1608830D4BBCFF17E2458F4CF367F3ABFFAC56C415920C5F4CECB
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:u.J/K.....o.............vW|./....i....?........$X.0..r.z(!....S:.)...88.g.I..^......\...-..=...].`.p`......+...,.~h....i6.....2.......#....X@.G..ZB(..X.V~QN.......c.p...~.-.NZIL...../z.z...f5..{kqO..|..ry.H..`$.n...~..}>.#.-..g.(....SK...}..)..e...:..7....F..S.~,...0...cT...-.-...M.O..M4....\..u.....K...n.W)......d...B.:.M..d1..D}..f.%=...;..P.x....c.))..sh.........cS.zY...).......0Dw.c@.....d{;5Q.8.@.Q..Up..vPI..LD.<".C.6...~.N.0f...9....(.!.uY+>T....A.0S.7...zi....@SI@.@....3..,.5..w.J.L.T.f..v..........O.tS.]..U..T.#.....&AH{.iI|.FN.f.^M5..RG...rm.6...:M3C.L.a...i`.P.f..9...j.tSJ#.......<...."......@c..B..'[v{F/L.'d.z......C.g..=.}g.oS8...;.~...[.M.....Y....Iz.....-.P.-.......}q.K."..g&....N......zC..Y.Y..j.J........F.S`.!..G?.....*.P.t.$.^...:<.ID8/..L..C.........;..m28c!~.q.}Rk*..+..W^gF..5.....A...*...*..*.9.....,..N..{....%...C.r..ts.?"f}t}:...p..$...K"s...[._vO..~p[1||..E..Q<-..y.....d.X..Y......h...D[}Y'\.KA..M..........c...$#L
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.853524768071021
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:XWvQBrVuECzSAK4eWiLfRMCl/zmQhiSXt9fq3a6eJBP0gLoTDkRf:X5BxvgeLfyQTd9V6kBPvLt
                                                                                                                                                                    MD5:E1DE1F4D68AB3C9A8F5D00EBE625216C
                                                                                                                                                                    SHA1:231299FB4ADB9C60DF2FF939F7336485A60BD93E
                                                                                                                                                                    SHA-256:8DB6ED9D3F3DAF2363D359AE22839F5D438333D8D80D3F3B13B984263F327822
                                                                                                                                                                    SHA-512:83C78A03EECD0C0257D0B6A114D9E8D18A6E96CD07D49771B937909D87948E27AF2096BD762E8FEC32C1CAE78BF30DC92B2F083E0A1B3D7AB19F2D152A8C7EB5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...`.......!...s.E.J....A..b.!....\..R......5...;.......5.x....e....9>.....}.yEC+PPa~Sc.i.....;.`.z....RR}...:6...:.dQ..%..b..z1......g...}2..M.A......C...H...Z...(..).O.Y.O.v.nb.w:{....{.S...-....D.t...U2..k<6.jq._.....i..t......uG....hn.2jg[..bM...S.....a?..Q.%.-.....a ....b.. ..v.)..EV...|...j2c.]).,...C.u.4.`..#..&..V.4.&.Q.....l...%..(. ..G..|8...B...@.O...<.!..............M...a..E.....U...=t.I....S..c.....).tK.|.S..Ew....G.r.......Iv.....X...w.L.B.V...=*..T8..A.k4..H.J.C.....@..%..5.O....q.....?9HA..&EC].JUI.>...Uyx...{:Li.k.H.VF..i...u.... tcR[.7...n.X.....#.W..sWvo...,.>..f.......9.b......|..E%.bg_......t9...(..P.F..4L...P..)......O..i..S..)..j.......t<Nbv..e...C~r.........c..py..K..q....l/.....Oba.0_.e..e...!.....rV.........\... &.4.]..\E..mN.=5...LG.._.l.!-*#p.b8.a......;e..f}^.@.'4B....._>...MP.7..*..'.w[.....@p[8..&6.Fm..".....1...W.W0.y.4.>]}$.U..G.c.=|Z~...OHZ.'\...\.....{(....K.}.b...E.......6.+e...XgZ..$....e...O...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.851079474831706
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:NoUd6GUcuN1xMT3yzs/JBK8rubfaR+0waVw8yOh/wgBikRf:NH81Tzsx8jaVw6dugBt
                                                                                                                                                                    MD5:94FA57DEE2722428544D2DBBF1943F18
                                                                                                                                                                    SHA1:E6610C992ADA99265C98452A4F9EC5B7BFBBB240
                                                                                                                                                                    SHA-256:BCB26F7581C157DE90ADE01DFF0CB04559F34A2738A15D0FE3E1DF8E9AD42ABB
                                                                                                                                                                    SHA-512:414B57E27E5216F097E67AC114A9ED8A48247BDAB4B3CAED3A1783D335AA6EF4E8D397EEAFE5BC73D996162AE8CD4CC752924D3A1C26709D118C694276E5DDAE
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:`c+.w..C.[(!B.JV..|c.....z.../!3...@...Gk\.-..D.Ef.-..,..{6..X.y.}3.S..W....?^}..b....79.e,...G..Z.5._^.._R}.......sYQ..bk...'+Q@...=...C......K.B.?L$.YV......G...-.....n..*..%A.Ei.8..d...m/?...R.d.bo.+Mo.[.........#...N.i..Z>.X.i.U.A\.....v.....i..4g.?).^...9..1..^`..B'.5.....%[....Z.......0..w..&....%..p...y......"....S.\..^.UM3.U$n...x..p....8..S...S...t#.......'....,.o..VRQt..E.].u.R$.h94..y...|...]h..._...J..81q?...6.8..,.....m.*W3..n.7...F.m.MK+.y.=..M).sB.LIM.x....B*-.T<...%.L."....2_y.7.E...6.s8(NF...sY..N......R.^.[....z.w|..7.2.6aUz..mT.+.>#<X.....W.biI.)...s.B+*2....Z.`z.....L_.....f~G...l%>f..bP..........yj._.....)5{../.|.%H.]/.~...<g}CI.Y..P.. ".........O....?..H.D.fN..G..`....[..".KnP....!..&.?.6..9.".g..s..X.Y....F....l\^S..t{h...(5o..=..p.....K.E+Ye..X....'.V..!'..mt......\l..../..v..^.$8..J.W_f.....?.R..}.-...2..:....SY.`.{...A...[...w...{..*<8....88=......A.gh.w.4..#._T?0....5..../.gEQ...*.`:..A+r......gW9.....C......z.?.%...s
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.836894246561027
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:RFBSLqgAmIwPkUuyEE7yHuwIhtovkb3NKGjBevATm94EyhP7qORU9p8dcMykRf:RDSLqUDkUIEfkkzMGkMm9YDqLOZ
                                                                                                                                                                    MD5:C39F4DEB31252993E98DCC7BABAAF7FB
                                                                                                                                                                    SHA1:509A8E4DC7B6CFB8A8EE6A74B32D953C4459432D
                                                                                                                                                                    SHA-256:A10133742748CC23FB5C980961B2DEC4C8F9EA74DA33C185778D7C2ADAAA209A
                                                                                                                                                                    SHA-512:4BDA69AA06BA6141E7EE05A50C91091310E3F2857B0F62A3E39971F7A2CC54760086A6C199E7D23A185A82E747ED37CB272DA660A355C535B286A9DD9770222E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.o..8.h]g..aX.X....j.B...;.+...m2.`......]8.,..%.-.H`k.m.l.MNn.QMcsH..d.4...A..V...7h=..d*.<...gL#...E..._...x...fUV....m......Gp.d..Y=..n%k.....b....K.... ... ...ns.DxZ.S.^h.b.{@#../}(.#.S..885~=.L|.6.r}.z?.5..........a2r...Ww...H9Z=.O.a.8f.N.R._d.n.T.+&.d..p;..WI.n_...t$...1..}...;.W....]......I 2G....ZU/..,..Y.,M."..+.g.........8...@.A.2..t./.,y}mK.9.}.H,r.<.....J,"..}..E...Sk;.]*d.1..3...?..... .<...g.9........M8...dn.)..........F.....Z2..../3 ....H.h.n......1..<.~.......h2`...&...m|..~d...4.[tvGTk......$.)$E..b@!..9Q.....:..#.....D.....Xp&.N.y.._<.0.&uF?...3.(.hB..B..._bC9T.T.-n....D...j.....Kd.....T2.......cA.`.W....YfK. ...W#D.".2..Z..KF....m..PRAQ.b....~....:DeE*\.iI...&....}`TxD...v..A.6<).....p..Z?..Q.\.k..G..(FII*:...hi/..n......tx.&.2..>"<.d.cv...r.\P.2....;...{.Wc.a.22.....Zl..8.4.!#....6....\.5&..Q_.9c..b.\]..nH@.X.+.g..d.Bj..7&V...j.o..K\....9z.l...).A...W...c.8.....i.l.....I.t`.).w..:...y......4..G!.d..*.<.dm..=K..(.I...y.....e<
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.835647124193379
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:AhYHkfW9rTFI1H4RHImcXDDTUEpl3nC89v+hpF7NK4sdBbvSVu1kRf:IaOQJHImcXXffCov+7F+HS5
                                                                                                                                                                    MD5:F15349EC4D22C90BB9FAD72B7F3F4C03
                                                                                                                                                                    SHA1:4BFD9373C356CC74EEDB31E26ADE15F6F133D103
                                                                                                                                                                    SHA-256:1778625221A5DDD4416AEEE82D189858624D64BBB7E59BB1E5F235A86B2EDCB0
                                                                                                                                                                    SHA-512:3A44B7481BD7B8F2106C80B6A503B7DD3539F821A5729351F92F625643E1D4C74C6D4E9A6071D164BB32A1EBAD768D243BEFB7F29BF76CE1D60087486A0BA676
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.+...\...E}h..<...N.U>._.@Z..?D..Z.Kbk..z...hW..7<..V.....M..s.^..E..#.zH.....Y......cs)S.R......>t9..{..f.z.>...3n....D...<...,yd..k..=5.....].t..Wy....g#...V./T.id=P.pV5..`.:Oct..3Ax.y;!..SyS.......O.m.v..V...K.=.....?...9|..JL I[@..%..W.R.N.+Z.X..e.t.......#..?.vfK.z8..k$.J...7?...!05.......=y,.IW...D,.n..$..%...@a.....u....v.`.s.F.....q(.vY.O.M.3..).S...`....rIZU.G.."q%.6.j,fU.vA.4.....e8v..X.9..\.D;.t.@+.9.b..A.;..\C.9j.3..._..m..~F\..'._.r..|..K.L.=^*4N....S...+.....!t.Y..\eFz.Fr.O..^o.O..|l.Wa.@...#.....l......c|zhP6?..0=.g.w..e.J.>!.m./..l...#w..{..&~..^.5.+.5.|?....HY.U5...I+.w.....T......{'./..GFn!.j..=.......|Loqe..^.k-O.....@....h.X./..'5......U_...$F..N.]"/H...Ft.$.b...^.(...5...B.m..![F.2_&..9S...x!.CY...Q..k.'"/f...w|...:-...{..@...../..#m...P>.......... .;.J...4.p...................`...g..%q..Nu.X.Hf..rU.iUqQ... ...6B.t.2.l....d.....H.....!...5TU.S...oC....Y........^'..w.`}.y...`E.7..v.9r."._..#.%p.e.]...T....bfl,.Q........k
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.8401081781200315
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:aBJB3mRIko/x0dGoPyt2TV/mBvZXdYsMcn74reUjakRf:aBJB3KIRpyGoqITxUvR2sMc7eH5
                                                                                                                                                                    MD5:F4A0003D5E4488D8BE58F75335B5F0DC
                                                                                                                                                                    SHA1:2C0363EAA03A75D1A7BB86F9B2065F599940F5E0
                                                                                                                                                                    SHA-256:D01D52485CF51FDA8840812FBEE10260892D14D2B05B7D69FFDE7336BB208A6A
                                                                                                                                                                    SHA-512:952A1EC6666AA5910190DD46313A76F5CF63B9FAFCF09A22C6D35548D905057C8A7B3DC72810A9C034463AAD425CCBFA8A6707A68DEB5759000805316757D978
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...H..e..P.].>...4K.x.G....L..W.S7.#.Sx}..{.....(..$......b?..a.H.......Nk.t....(.@!?v^.\..AW0.i>P.N.wT........yA.T..].Sq.].y.^..!{..4cy.".eOi.J<...5...]$.'....o....~.....J.d..<.C.).@=.'$.\(..C]......cf.c.....Nt{....\.........P..q....!.,.=......+.......cl....Y...C.}...ds.*..\.].H....H.O.3C......u..yb..y.C.7*.jY[[p.{qO./.z\K.q..o...X|..#.....sX....<>..o*..7N)-.h.Fp........3.h..u\ J.O..^q.`...9~....%._..I.%#jJ%.r.R...&g..c..Z..h..A..$..:....9.f.69h.!.....bt...,..O.u..].Nm#^t.....}.+.....j..J{hM....Z...<..T..$.J.....3....J...z8&aE........%...j.(2.......... +.....!.H.b...t.T...&!'..N..-.......1~....]..|..|...........kHj.....bY5...).._.>..MZ....%.zN#..3A2..m.6.@.8.....=..u.....b...............\..f.m.....w.K....>.)E....A!..N.?.......3.....{......T..+3<k..(...(..#...p_i......D,...!.).z...i....qF.5.=.`![j.LzH...s9\'.K..A..%......fzt(/.=..v.c.+b..!X...d.f.\....Zd-Z...if..^....U.x..?5.(b,}.~....8.f..<...h/.bf..c..-.![$6.......8W%..'...+.@...4..C)
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.8664646289291325
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:bhBqbm6JtAPozaUqSadIJ6dApiT1dDJ74uZltnFixFxbRo9SD4pt67kRf:NBo3JtAPrNdzCiPD15ZnYFzBDct3
                                                                                                                                                                    MD5:96E6283C8D96445D62F1F6D2D189011F
                                                                                                                                                                    SHA1:8146790921A7FA1FD14B0D2B7E8287AE61F86525
                                                                                                                                                                    SHA-256:B0D80E9023E2F1CE84F3053E45AA6FD8EB7864765B909942620EC3A23FCE6E74
                                                                                                                                                                    SHA-512:8A750C6DE3597D6E1886DAD34F7205BB22F92C0530C52FBAAC23D50975F5587ADCCA5C19731924A235098C28B57995C1318A85E54003E6A9BF35534FEC87D518
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..|y....._w..a`..F)..p.&Y/..]5*F.....g.,TQ...#...U.V6f....~.N0.M=|O...Y.1..]..(T....e@....C.....|.o{..s. ..L@..(.N.a..T|....@.$O...^..<-.s.Ll3s.A`....C(..7R.@..0...E.-Q...V..k5k...?.-.<&.)...+t.vC@......O..#.i.v.X...4... #....i66.;.6...MD.......c.v.m].k.qu....X..g........)...t...O.....f......=..P...w/)TL...j*..0....+.88....3V.T.K....j.N|.a'...b.X..Y...@..p..G.c......F...`x.....@T3...|6.4.Vo..fNGL~.K.WIA.<M......6\>.AyZ ...\.$....D..>,..F..S....h.#.n...e..D.........twH.gM^>.(4._v>.ffR$... ......a..2...94o....x.....d...LJ...."..........22tVQa\..<.l$>..qE...g...f..u.3Y"C#......#S...%..tn..7]..%}..S..{P].........>n..4.xF.[S.6.........}.$...Dk'.hV..X..U...^ uy.O^ .z...~.T26 .........8..B\..)...7j.-|o~*...iM .[e..}......i.........a.xA14.2.}g.Zr#..>W\X.B..q......;p..4Z..~....-M..|...2 .y...g..+GC.N...^.....mQ.)h..c.K.G...!..'B.A..+!i..v<.f4=[63...M.>0>)...~.H......~...F....%j..}..&.......N...j.#.....#|.Puci. ..u..#.....p/...].I.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.855173978642656
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:5VtSt+x7/I5o4T0hgCAcVJENq5USbzlTGYfaaqeJWu6ZpyXxorG7kRf:5VAI7g+jqg3YIa66yxA
                                                                                                                                                                    MD5:706496635B59893F63139EBE221E098E
                                                                                                                                                                    SHA1:51D52659134198F0F7FEF2BDCCA8927F6AA2F5E6
                                                                                                                                                                    SHA-256:FC4C33D1E972004610BFC0B3E826411797231F3200D3D1DE4F332B173BAD816C
                                                                                                                                                                    SHA-512:C002A1F1583DD54DF4B8136D35A3A78FD57724486EDFBD1EFD0FDE5C55ED49EA37BF9C03BE8A03FC7E130514332326DB5D75EF89B2B510B19F18246E5BB5A9AA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..d......i.Q......uf)...^.}...!6$-.?.>..V#...Zw.....\...O.....Y.[.z........|..t..v..W..4..O@.$ .i...URp;...C..!.#....OJkX.).I.G. ...l.E]|N..-.c.c..Z..5.;........../;.k...HQ.e2m..?A..a.-..........y..c...~.Uvq...>X0`.7.h.i.J.Y..L.^....R2.........d3...[r..vw...0.f...o..ER.7.\q...T.S..P.+..L.....C........{Ii../........~9....t.*>..CU.:4...m....h.g|.,.($.L...uc.$F.z.0.Sdi`c)N...N.ABWoVA.H....D.h...?..9._Sv+....W..:M..*.....&!......B|..T......P..a...P....c6....~..8.e;...B.e*'F@.T..?..eV.K3u.Q...R.X...MH..xqc).."7._Z.,WtkQ..N..+_P[..H.........F.;H...j.J.g...e.....oO...1.G.$..y.u.........^.*.....+EN.~~...8..e,.$..`.u.~.>..6.XU..4..Y...l4.9vUY'....J.jn.q.*....../.m..%..tn.#..H.Z~ed..kZ.o.....3.?..N......H,-.?.e...Eg[b~.bWB;..>7.&.k.....WYO...[...H.........D...I.....!.p).*|#L..@IF..,.{.:cT....3...3.f.Yw........."..v.....RM.~..(....[..=K.Lw...A6]6o...2o.^S<....`.KdU.\.x._.m...#.Q&S>..8B..,.|(.P.`.A.r..-..$.4. ...dq....tY.kq.r^7....o5%)[8..._..2h..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.846388878519942
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:W6yTgGYadwKgYpjVkG++AVsyuIYyFN/nIwgtPeqt3RkRf:xyTpnwcn++A2yuIYCNIo
                                                                                                                                                                    MD5:02A5168E4BD705E34A20AE33E657F76D
                                                                                                                                                                    SHA1:228858BB9369EB0B66C787B61668D865982E147F
                                                                                                                                                                    SHA-256:3B6104F54EB4C6559DF55CA26F0625B3704AD9542E58C10022C3C91A90FFF955
                                                                                                                                                                    SHA-512:E74AAA7BBDFF213E59DE9F257887B9D4476CD912E00914A532EBD26A0898A64770C0C40D51D53C60E1D8E679DD33790E1D7FD51802053F02F64585C5A5C0C2F3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..-.....z.EmF..l[(.....?^.L.nU#o.1.......<.A-....qi...l...e|Ps..in......l..o#6%JBf.........Yb>gR...+...q.1...wv;Wk.@.Ke......m...,,?..du..9._.T.$......[!G.E<.6.3>.T....=.......W..<}.vC.c.7..U..z.m.....o.,]..2H)..jr.q..ETw.j.n.1...g..YQ..$:...?.-..=.)vB..iZ..l/...&...-.4......S_.....w.G..h..phPC.@<..o^....4.8.l.x..d...@..k2.y...#V.t%.]<......T...C*.6.[E...^*h..F.e......:\._.~.u.Pb_.l$. .2.$....s$U$..`GV...$7.l. ....@Av..fz..o .....(u..YZ=TAO&..xO...t..j.*..Cs.'...%.8..s.$u..QS&#n...5...2...'....x..g.`.+t..........j<+.|..)....r..G3..B{...\.....p.b.Z...........f..b.A.u...O..g9....s..A.....y.'.K..._.4.[.o;......`I....2U<...../Y...tYx.....G..XTx....vUL/.B....q...W..(...'.l...>...gr....a.C ..lb...8q:......9..^..3.?L....Do..XX.....w...~^.E..KD..=.D._.V..U...!..<..1.w.w..kS....?n....F(?..m{..~..).p^?.P.....T..J.+h.....,.A.-3.3....A.+...~.Q$c.X.U.r Q...i...t..u.b...T(.&5?t\N..A.....BC8......E.=eq7L..m[x..>.t.......)K.....iLl.. ./!S.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8366369176320925
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:Zrp/9yCLelu5EfG665otmDN1YTGQFPz9dA5ZHSZ/dIBcrkRf:VK2o65otmDN1luP5dAexI
                                                                                                                                                                    MD5:A45C6337FE1042283D3E1F80B8964AAA
                                                                                                                                                                    SHA1:8363E3BEDDE62FBA649FB033FA905AE29C41F29C
                                                                                                                                                                    SHA-256:7BD46F293F1511DB821355B9D839A43E2EE2D5CD1F705C9DE5BD2A545019B94F
                                                                                                                                                                    SHA-512:17200C6AA17404DF02BF894F2575B701C03E7B796A14860ED7015BC2D4D2B9A0B6CE59079A9FC159968C03772A18395F09D3E7F3211A88C1812B192BD310C42E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...K....A...x >.[A4..,..7...K.[...j...GK..m...oS.;&.....%.>.0G..+b?[.....:.....CI..5;......o?....>c0`_p.1..<V.....VN...+..f?.w.Ki.n.w.&Q...........".$G....y.........N.!..).H1.#ESx...N..F...+........:1*....R....Q.r....O0.b.h.+....7..8.M..z...4)....bn...H..W....\.n...B.:.r.o@<E.>..O.3.L!.9...B.8..b0.i....v.2_..z.n...q...S=D...W,gyp...G.....]-........y.....r-......_+z.s..'k.7..<I....3{y.W.0.Z...{.TM=...zO..?.taG:.m...J....<..83vC/e.4d.V6?g.e.8..%. .]....ZF*....7.......e.<h.l...\...$./........`..u.|,lq.S.:.&[2......V..&...\:.(o....lf.dM.^k..wn.....rX...C.%.k.AH+..8.G..J..O..2.....@.r..;).gW>.[Z.J...R.e...z....2....+...z.z.[(a5`.~.e>13wd..I.@.TE.@.......EP{V..]{.?'.y~>......`...V..Y.k.]]...(wO...)g..2l...|.$....n.@m{......R.sJ.n..F.....M...q............l>.@.w@XO.$.@.2d.6..v...='gq.I...?..6%........OK..Y..|...8..............}.4V.x...D!..G.@xbO.T..l.Rql.o...?..l^Qm...&.f.`0..1..D.2] ..-.y.5..FnTZ2.S.rG.g=.18..!.....q.F?...@..m...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.838997917793712
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:dYzY2fQJlSLE4uXsNM7nNt+6DONULTisAQKLl7dKkEusYgp8iKcgNfkRf:Ejy8LE4uHRU6DFTiYaNdKAbNM
                                                                                                                                                                    MD5:1C60346F426AC77A0437B3601834477C
                                                                                                                                                                    SHA1:E3C0482D7A1963863C2BDFD9B6DFCD32DBD5CCFD
                                                                                                                                                                    SHA-256:95DE8F171E028D9C709CE1E8DC8428F6F2FCAE30B05EFEF3214FCB785E662CB3
                                                                                                                                                                    SHA-512:84AC88CFDC13971A9AC6DE6D43DBBB84933D80E8B50E5FB412F184AE312595A944182F9D0E56B3ADCC112D8D9C8CA963DF991FED96958886907AB7B40F55C904
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.$J7.G.&!r.].0[p.....v.S.R.W=......M.... ."......NSa/ .jY.y......l..SO.........K8....&.7.\.!.*.".3G......~PG..'...........w'...U......GZQ.$..3...i.I.k_.iZ.......b._n.kt.(..A.iDR.7MR..9.(p....n..Q.&'.i....v.B.t.3Y..Z....+.+f...B....}..?z..{.E@...t...AB.>.T[(...........f..............u...?G.....5.%T.2..E4E.r>` .L.!I...] .)...-....1....-|B:w..).f..2I.V..H.....".nM...I..FB......qtM..D_...PB..1.%_(.D......[............}......R..`6>..'....~w.p....s..k....J.G.Wi...>O......wE).h)..hB.-uu..P2I<.nJ.....................!.....E`....2..GG...|....Z..-*+.r.stD....O....[-..K.........`(X2..!...M.......T..v.;...q.....CV.[|..I..Z.N.x..3..I.7..ky...>....k.~..|\.i/9m..fq...}^.*.+....{$m%Xt.....h..nQ..+:.u..j.vw...d1.m...T..x.m...... ..:.z,t......T(y{...o.#k.+#.l...+.z......#. .U.....@.H...-.3:...\f{Pr...ckI9:..dh...?.~~....)...U.&....Z.Kj8.l......4.b..!..........|......8....!..p.5.'..g...t.OUE?.X.......j-G.f75..K=V./..D.(.5....G....)\..L.@.K...%.....?*..G]B.1(..@ZH.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.846277449258413
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8UXSk5GEBj7nYfbuPeHdxMUIzWYFH5qSLWxsa/1xMB/ikRf:8UtBjrYfbYMDpyZ1WiSSX
                                                                                                                                                                    MD5:C34FDBC23B9FECE68B23EB83DD53B468
                                                                                                                                                                    SHA1:12B9A9CA3FF347AF2D2B881543991CC538871C2C
                                                                                                                                                                    SHA-256:2C982FE2F51E2F23A127E60A9216ED5FA624DA7AB0DFE28E15AF54D13AC9665B
                                                                                                                                                                    SHA-512:CFE00B3AE82F7779D54471CBD8EC564727B336E755A4FAD0AFA82AD5B07E5C8FB29E8304B222BB4E5129C3CA02D8436853F62FD163E199E2629BCBD4C54A0DA1
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:^....c..j%..B...4.=.Ys...'1....Z..d...n,|.<.I. N/.{;..Z..1.;....w..v..:.....=....B.Z5~L....L.O<..r....Q.<.S....P....[..s\@.X..S.....$_..A.N".`...H..#.."}qF.vdN=...Bs...[|...Ck.m.u..R....Iz.I..~..up..Z%:*#z=.'..c1.=Ecq.{pe..Z.>.h..hTZ.&..~e..IjyK......=.._.,7..@.p.+.....U<...'k.......:.....D&....D.z.....'(....h.o..h.@....Nv.....g.O.....(.ur.I......W.2na.9.w.5...e.g.:..n.e.....D&`.{..t`Jkw......@....%..r..a..w..ei5.yr..R.\......T4...1bc.7.....Qn....` .........>_...B...u}$......$a.......h.a:...R...kg.M\(6H.BL..^.p..Zn ..Q..P...)..8.U.e0]S.q.(.,.. .|...h.jU.Q.=.Oi..j@;*..%.A.r..Y[..k<..^......u}:g.-...ya...\...y..G.....k..._..P........*.Y.=..Br..'.#!....ab..+.......R..#...Q.*...j..b.......?6....*.N.Adb0p'.].Md#Q....M.^.{.-.$...../.t...p.|8}i...V..x.".[jK;tGO7..Z'......]..IU.....[....5H.w..it.F.../,.m#.{...[.......j.Ad..*...A..|'....u.mT.o,....^8...L)$.j..yJ+Z..]yl` .'.......I......X..(...r.M..u[....}s..].....O...*..n...V.....=+....p.`.93
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.825603164471908
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:zJLuAvug0OVXTGvWb64IxHeXjR+gYIp31pAOyJDbbstlqVOOkRf:E1OF3bGwzYgT1i3bC
                                                                                                                                                                    MD5:C2717DEFB9945A45053C641CF9BDC9EB
                                                                                                                                                                    SHA1:43E0901E8D24CADE3F0259F7BB5F0E9B34F7B8D3
                                                                                                                                                                    SHA-256:51A9F94AA0578E284F4A4DC277FA2F503A4A896E4BD02CF4F9416178390405E6
                                                                                                                                                                    SHA-512:4CC889C4A8873AA1C530DF89C031775F1803962AA1ADE3D97C58CC924F311A8A550FB6E6607C877F0CCE3AE36B11211D3641C76C781B53DB86DE13082BD23317
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..t.N.pE2=.#:.!...3...x...m.?d.T..{.e...#.Z/R..v`.R.c.........*74$M......p.P|..^T..y..y:Sg.eZ.R...J....."%........@...4m.....?.U)...T[....E.E$r.D.F.&...)g&.rS.r.......hN.8.... ..^....`K..P. .M..*.-.........;....F0....G..KP....,....7.*B....A].<..../.: .D...m6|.+&.Cv.C........)..l.wy..h....=.H..0=!0.M...eZ.d.....V..{.(b.l..5Q..v..4B.Qc.w..k...:%.h.L...`..r...H.wo...r-....!g........R......D_.......o.+....<..>...&A*....g`0.[K."<.E...3.j..iqdu...S...Kk.....+..<.Qf.i.O.$.v.y..*`a[e'..rw.>...a.@..Q.....f.....$.8...8.P$.Y.....U..%....1..]......D~r.6..&.M../px..%..-..|+..\.Q.....;.Yl+C...*.P7J.|!_..O}~.5.-..s.j2.1......Dv..'N=.rD:..Q.W!.....)!.. ..$..`.".M.sEt.i...H.....=.C...`>*..=...|.p.....+.6..1.'..-."...{.,..S...A,?-.M...M..,YQ.r|.....y..2.:...d....=0........%E...W+.Z}R....G..;....!$.A'..1.wa.._jQ\.wL..p.Z.-ZR.vz..l..5...r..l....@....1.hr..<...jF...4x.....-.r.w....H...t..D\....>.!.=..2r2y...l...#.......lF7.[...+.T0.|.WmP....0ko....n.W`r%
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.839567564517203
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:MG0TCyOkNGfy1+b7Bxg47t/zVLXqp62jrnPHx8Gw0Dohr4kYnsBPpxkwMPhQKkRf:WlOYH0Dg4Nz9Xqw2jVpYr46GfmV
                                                                                                                                                                    MD5:50F6A1ECE7FE946227F1D0DE2331A774
                                                                                                                                                                    SHA1:872CF4C81CA5787C205B099DA06A385F6063097A
                                                                                                                                                                    SHA-256:0D86AAF15E4FB17173D355E41953745B1481DFBE86B3C63612B11F0333796660
                                                                                                                                                                    SHA-512:7ADAC44F255FB92FF48D549D034DD677642EE994326352B2D90ACF9AC715A122957088A7BD48CD4FA1C09305EE5EB9ED55618B1C16B11DC1110358F466A420F9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....\.2....b..HY.g...L|.I.S.2^...].#......u......v'....M.^..{..Z...'k4.H..ZNo.+...[.S....+.Tc..R;.....}.<.>.5zT....^..5...[.k..!......!...!.7.y..I&.&x.xa..f...1..&.....(jU.br.......'t.......A*..'..V...P....1.]..D..Q.R.Z.T....f....e.g..&.........Uh[.O..m.^x.r.@.'..z.._...............2.5%0..l}!q..(....0X.(Ue.....9..n.?.".V.....!bF.....q...L..SXP1#l.x....y.b.....5..l..l.ue@E..#.jU...az.X.d....(.Z.S ..|."hl._../..!P(.}...c.<O..5..5...._.z..BQ2_Q....7.c#.4...u..9$Ji"p.1%.L.M7.F.....0....SO.......+....(.I........0....`gk)N."...Y{)...*.Q.k..L..n".5...N...I.u.].w*.s.1oT`.7$3....]....az..+...I..I..@.Z.$.70|\.`...Y.+..\..=.o....:..kNj....R.`....y...F<bl.?....Z*G". Nj.e.....rY.;.zM..-{)c.w 5v.lvj.....k.z.S..f.......4N.........c......k.....5..K....?A..~%...'....e.D...].".T.c.....|=.l...Q...........|..F..S!.#....YBKAX......X=@&.UK...}.|..#i.k..>....{L*..........9... .`..J....3rQ?..0..4.e*..?+r..b.-..[; ".U..{.=}..y|Mq`._......{.T $)x/p...B
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1274
                                                                                                                                                                    Entropy (8bit):7.8591755469163305
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:7zVrS0H0Eb8CMr7//LhO4uz/Ph3+QJMIcU/EtoAd/zv8rMZ7rVP5Xsc28IAkRf:7td0EYCCLjev6IPkoAd/z8ru/l5XsF8i
                                                                                                                                                                    MD5:B57EADD3788985AE4E513361B5303E84
                                                                                                                                                                    SHA1:B8E873CCDB466606816066DF1E9D103CD89D20B0
                                                                                                                                                                    SHA-256:FD30B13CDDF8D753177FF085DDE2A1372434B9C823D8F7F0E959474A3FFB4090
                                                                                                                                                                    SHA-512:141A4117A5683C448D307817FA5B4462CF67336A7C7E4624C621787E2A7025FADD3858270E8DA5BDBAA0B25C3FCB9E08297D4FA01F1A645E7098AEC70E1123C5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.jgv."g...8.2.. .nc..V..:.fG...H.#.x.:(K...hv... ......9....6...i.Kc.*6|B..$..e.:'7.f..r.H...Sn++.... .2~3.@`.."S~+Y....].A.6R].S...!.<*....k..b|....C...q:..(.(?^o..O...Jp.k.1y..`....?..?...wX..;.&.......L...i1....,9...3U.6....o.%..a.@?..QK{-....E../...}z\R:6U\T...~........uCV..T....f.......t...:J}vx...BAa......".g..O.BhB...e.....m#...K.^1y.."L....b...Jo. T$.....Y%eU.N...].u..Z..w..l..g.w.M..R.....L..*....../.._,..X..........BR"._7.6w..-..^>1......x..I...J.lA.'f.XmEn.w.C./.[...}VmT...$)........yc..$u..uR...b.h|......d..t.+.#$..0.RI3....(....p.GN...R..$g...R.o.Evi!.P..t+D..2..F........^x,3)..1d1X.u...x..C.A_.N.?_h...P..Kt#....`.9..h.31...zo.9PxF..T..`..Yl.j.......N...2....WF......Hl...s9I....;.._.G'..y=.|T.j ...d....,uY...u....z.... .%U..F.{4s..F...r..../..)....y..Oh%p....0_0e.Pks.Gm....:.t.0W....=.......F.8>T....,...j..........X.k.>.|S...X.`O04...4....@..Xj.l.Pk.../4.+..._._ ...._.../.KW......{..-.6^|.]...l9;m<.V.D.....L.e."[A...u......8|.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.8345521086952745
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:cZJ2AqEPtVpEPR60GqYOKN+qI1QfihktaBBlHEI9q/XVg2wjkPHkRf:kIEPtVQQ0GqY9+/OcBDoVgV2U
                                                                                                                                                                    MD5:096739C113269325E89E2A33A8FFB09C
                                                                                                                                                                    SHA1:A858EFA1877A4A4CF44396780938F18795EA96A0
                                                                                                                                                                    SHA-256:4FEAA02F727E976BF04618CC3B4BA9DF7834F72715CB1CACA970D586AD0650C4
                                                                                                                                                                    SHA-512:850F9FD85DF08F4717D5AD1AAC70061EA5C5C94F902D33AD71D2D6FB53C972890103D4450202F477179CE9709176033E87761D1B94FCEEA82C96705517BA7B92
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.GQ._.yy.agG.du.Bv....k...QX.D...-...M,.)...*..L..........U.....[..w.gA......~..............f9...[.k=.l./.4F.M..4.....h.'.\}.eE...........=.../.]=..n%y...L.:.3v.D...5..j..+.g.E@K..W.e..l.xK...M.,..U....C..Q.a..2.D.b.....6.Y._..b..f.)....%>.Y..].xG6b.k..k%.D<d.NLI;\..QS_..?.}D.wx..T.......oE....l..2.U..AfT.Bl...s.&t..@f..j2S.U` .t_..!Pu..X$...kAC..T.5..'..PG.d.....1$...%*..>.._.T.....8.8Nu..gI..3...+.../.....f..I.....I..B........|c../......U.+.....U..v.t9?..!........{.D.:WgnH.'7l..T..4.^.:.!/..:6=I..b.4.~.L..:......w..5..-;8.NX.F;.X..'._.9emg.O.4 ..+.M.;..J....._I....5+5.............ed..#u....>A..P"..u...e.R..w..l..u@bQ..^2...+.3.....q...b...*.\B...2..0=...^.i0.k.7.M..5..s....d; ...M.K......lD..V|.F.]p,.....T...%.H6.^....q.C......"g.......`iV._..*i.x._...bY"..8.C.......eN.9q.,.)(.M$.I.!..r. b.?..T?...5FO8.......[cu.....1./..l..^AD.......G.b..........<...x..S.....3zc.QE...2.BH.L.QZ....x.$828L....@(g.AO.tJQN.6..$.U..H.j..&z>...w..M..{.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.852871619232954
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:YKlgK15TbU+iUIttv7UIiXdjjXoSlUujyyNg0NJP3/9QOvG3PkRf:Y8gWMTtx8GO5gOCZM
                                                                                                                                                                    MD5:B3DEE18B0F07C6422F31301F6C1663F8
                                                                                                                                                                    SHA1:841F8C9DE3780C7C3C93995099923DD92DE868F5
                                                                                                                                                                    SHA-256:90409E5779EEC83101EEA365A0A0AEDBB3DF7494878444CE09074D11267409A6
                                                                                                                                                                    SHA-512:90EF586E23288F1F7EE6CC4332DA853B1C603057DE9707062925B789FEADE8AFB87529A3BAF2EE5CDF8A443533213F32DC45B184D06C32D38E1BAB2797ECEE13
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:Oie....\.2'.N1#.8.9.!.$..KH.].......t..s.O..y....V.G.,t..xze.X.[W..;._k...Zp.+...?.M?..E..#.....np....*.8..y......L.......EM...^I<)x...H...F.q...2|p....(..k..e.e. ... Sy..Q^....k....;#T.<.{H*.......c..YW...e....O..J..3.x.....V0f...":.5n.IYl....9t.v..m(..7..=.]..)3.?q........D.d..Po.s...rl..*.z.B.m./..J...Z|Z...;n...-.Iuu..WBm...vl.....A....M...9..M..,}F..t_g.7...>..}0..2P...9.......ze..~.lj..u9..HA.. (.M.;.....S.m...#..X. w.5".H......,O.<......a.)$#.nQ.;.....A.....?...CeK..G.F.K.c..).+.f.O=.......lL\......J.5.lg.....j...N..[M.....#..$.....O.73.b..?T...I....p....p.x.s........kD....G.#.Y.....WL...;g..Ek.....A....,..\..z.Y..........qPe>.......T-I@......Q....h..~.....v......H/...P.~.6..5.........K.t...l.....Y.`.A.i-...e....$.n...h....-k..S../a...r.M%.{...dpo^.J..:y"D.]..GI....j....X%.~....H..7....`..].U..v...[..........c..5.b.. ...YV}1.v.CC...L.N.C...%..X.......6..!./....Ed]..V(Bb.en......n.b...K..r...T.`t..Z..i....L........#.=.@.{..G...)E
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.843914078957275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:sgP6tQiKUhy207D20o6KOZVXVcc2iZ9evvPe+Ws558KTUkRf:sgP6tQIm20o6KOL2c2iZWFWsnP
                                                                                                                                                                    MD5:6B80EDB49AA43C9D4934E87F8809226D
                                                                                                                                                                    SHA1:DB65CA6E8E89C244ED43AC767447D8F31AD332A3
                                                                                                                                                                    SHA-256:C186B7CCCC0A3B78AB76AB3CDA8482CE0B2889ED4DFD95214B4AEA56C73F31DC
                                                                                                                                                                    SHA-512:A7145BD5D3D9ABC55C122E770ECA1C44A89A417A0BF67CD59F60CD2BCE459D2007E9EEEE71A056395691CD6F4E38D3B7FF059547DD6C83BB8FE13BFD744247B9
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.`.X.w?*...B...7.....P;|[.,..I....U.y......<........!S.}.f.....~")(.N.a...B.c8.t.k......B..a.v...0M;...@j_.k....t.....}..xl.V*O.t'....;....h.+Z..!.f..e rI..Q3..C.pqX.H.3...z......-.mR.`RrW... .-..^.>.A.W.K..o....5X.m.DPi!...k....{.z'.'.l.z........t-.....~...O..E..GU...h..A.R......<A.~..A.4.1:..V-g....&..._:..E7 *.`GJy.}.$...z.p...7..vEp3..c.G.....E,...%`Gv.Gwk..0...b...9"....\Uc1.B..;8."G....v....x8....u.+.L;H.a..U.....:..F.s..o...M...%UoQ....I8.0..Z.y........A..=..N5..L 9....n..eG....^.....0N.<..@.........OK...iG..[,.....eBk..U=...P..l/. ..5f:.....88....E....}z.....klU.O..P...O].M=!F..0)......$.lp}....9#L.=.....7l*m.mo..r..7cK._......uda.)..gu...7.U..8\z..Un...B.zX...]_.... ;J{..L;...b.y. N.X.....8..m*....~^...H..Z.....:.A....Fp.0.G..C...f"..+-....E.DK4'....W.......bI0`B+...n:1uN..e...8..........PG..0.........e*~d...m...1vx:..~UxD#A.....+'O}ouIl....U@XE..g.z.n..@.(...B..a.9.......J.t..'.5.B.a..s]s..;..Q.N.@.?...DR.<..E...."..].j.|..:...Uv!."u.|.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.850073107500927
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:lfxsQgyQskhQYUJD16+f2LA9XKCzzZjncuBucSrJGInpXPvh0LfkRf:lmPyfkhQu88A1KCJLcu4NVCo
                                                                                                                                                                    MD5:8095E04AA8DF60B71878F636CEE16B41
                                                                                                                                                                    SHA1:E76E9390F2D072E99E700F514203338C6856D1DB
                                                                                                                                                                    SHA-256:B92580F10BC214AEA40AF3E25B2ECE9B0B973B65330193B39C3D0908B05C8680
                                                                                                                                                                    SHA-512:2D1ABBC3FF88277F934F94614D92F548EE6847D3064429E5072689972172330B34534821DAF5047044CBADD4B2805B8C7DBA631A955E9A61BB779253D2E099EB
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:,....=..[..kO...Bo.....O..Au.d%..J.....az...PP8Tni*xl)o..e..q..ONR..0.....TvK.._.f.R........O..{.)z..rV(...m...B....;&.V.CV.At.... .,......)...Zz.R._..^o.b....t.\=..H.Y\....^....3w...nb......B]O.avY......Q9.IQ.].....Bi...(%.D{...\..3....sU..mU.4....@....C.....q0C.|k..;v`4\..k.}Gy..b.k@<g.1.5~.)....=-CZ......?}q.9......]T.X.e.rG.k............Q.../.....l.j...>OqE.[3d.....m.......Z..|+......gGW9...6..u...Tc}*...oext..M/...#^.....b.3...H.e5..BnQV.z.K?..0..I.~L.....k..;>...`zy......g}c.k.t....Q6..uG_I.0m.T.x}....Z..V....H..$.......i5i...n.[....7`$.`..u.o.....h.z...9.Ko=8>j.d.b.....]J.....Cb...zYj.{..~.o6.......1Rd.m8...,.."5\...=O...L.....,..`Y....w.t.z.q.......P-s4...JOO..L..._.....p..i.+.....F.b\ +..`BF<P).d.E....I..0.Tj...Ln 7.J.........b'.T1.......:.8....;w.d..#C..v._....I2..f.../...A..@w...z/.....?`....<X...x\:.Q...l4..K.c...CD)./.6.........S..7.`As...a..D.f..}.q.L.....[[.nv......H]...1......M..5..w.p.:..d..2`FPu. ..}....W.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.84798213368065
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:Ifm+CSMrRFL629uOT6d1zyWJf8I0uZi4ykRf:j7re29b6d1OWCuoS
                                                                                                                                                                    MD5:75E2F4882CCAAB7D3F6677E7758BDF80
                                                                                                                                                                    SHA1:187C95C477D579C04788D75F9537027849E0BCB5
                                                                                                                                                                    SHA-256:CDCF28B022298B3C6B348F4DF4C3C639EC9F9BC8F4B1A62A41BC2FD65FA066FC
                                                                                                                                                                    SHA-512:80DFD5A63ED2FC52CD903A205364700312E8482865257DE5B7C3C3080738DE8131D420874413BF6EC00AAE6FD0B7B2B6C5CC9D4C95DA0858D35A72921885A0E2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:L........-).[}.H..6.j.. .S.6..M..*....P...}..\W...v...i.^...6.G....]t...<.uB.s..6.w.#.L..../.K..._7...t..sY#...'.U.R4<..w.........x.'.........JWo9Gb{.v/.jQ.......O..e5...E.}.....B(]...?<=.......A.ts.aIS..}%u...."..m..b.yT.....+.Ajr$..E.)-..1...J..)..UW.....#.^.s..2.d......c......9........O.j..'......W..#Qt........v..u.w@....!k"...;.((....[no.....G6i.z.. ..eN..G.(..+.P.H_.%.N..T.w./+....... ........X...T......%2......i.1..=...U.]..W8.\.:*Kh+..[G...d../....~.).j...B!..&...4...D..9..V-..;.t.<..(....=.W.f.K.#.....:........u.p...;...............-...$...#....i......w1..!..x.w.u........n"....#{].b.S..X...7q..?..6....J_W.o...../#F'.`.z....z.].=.l."R....a...T..G....3./?h1..R.}......C...Z;.|.X.XW.d....<.....)...d.$u.J.O.T`...gSE...V......7..=..%w..+.9.=~...-.i?.@gxc.^......4;..2...e.@...o.....W.../.$9.:.9V....S\......C.~.x..-+z....<.....Lf..@.........t.q..V.||...6t.y.3....A...z.K.(.rG...~(...._B..LBT3..g.S.c...W.%....;.x.'........R.=F.w.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8253364600728235
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:BJ8XakPu60O1HKrWGu8TZv3WjuwAVYROF4NSzcXLeNGc6KXNYIkq3kRf:BLkPmO1HPG3Zvuuw3HNYcXLe8czNCqE
                                                                                                                                                                    MD5:0FFE8C4731B73D5123FE4494BE3A788B
                                                                                                                                                                    SHA1:40576DC9001F6F843D6971E40820FA8A636CB830
                                                                                                                                                                    SHA-256:132CE605FC20595FDB839D20466A715B24A631A1B4C2E8F8CC4E9A92F69177D5
                                                                                                                                                                    SHA-512:B1F988125340E6B7C3B4E883EFD9DF4A9B83A6E6B2F4DBC0BACD816B6B720C60CA97CAD95480E8AC9979A35292568A20A480F89B75551C157548341D2B8D469A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:t#\ju[.L..P:....v.d./x....v.A.T...Y....&..].-Q.....A\..a&^L....B.tV..G.P*.'.LT.....UKZ^..Bv/[.2O+.X{.b......Lz7.f..i.cx*9.c....C.t..n.b......c#..s.;..W........`A....+8r~P[=...7...8...O.BR3"uxH...{H.f....!.:.p^*.d.M..]n......,;d5..........7sc.m[O...^.. ...5'm...+{..7.4.....a...6r..H...."mG...L..hA/Sx.}.Ve.*x..y7.`}...wY..I..%`..Fkf.#....\./.[.h....+|..6..8Q.."....'.8...e8..m...L....=..$..Y.H....Z..U......(..1..r....x.01...1p......u...dN.'..T{........`1..BNWM>\1..e.(B...s....hn.k.B...0T>^...W'q.(`...zP(v8.ou.u.6....U=6.......d...".a....G...C...;...#..yC.D.G9.$tY.d..c.U..Z.n..@K.:.V.[w2N[-S.{\.:]j..O..5......<.:..JV.K..E...!Fyr..........r...WZD..N.I.t.......b..Z1......R....._..F.`...:.&..Jg^......1......fB..}wv..w.BC..!B...aM..$.[.......N.W...o.<...E.|...._..q..t1S...JF...4t.D..8.:v.....H.k...-ePa.;.."......i.:h!.d~...R.*....h../t1J^.:K7.U.@30...VZ.[z:-Lm...y..v|...t.dm\..v....W..........BT.S.......|?K........j...f....,W{$.K.E...^..ao.d...c.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.83384555443972
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:mtzgR+ztEUJ3RsxU68JIzJuQzUuscsPVGoKr6Q4RMkN4AkRf:mpg0ZEUeU6H3UusHIoqmN4L
                                                                                                                                                                    MD5:8A8F535DF75C6D0E5C7C41215D610E2D
                                                                                                                                                                    SHA1:D7D426125E5D125DFBA619358272D92E6733525A
                                                                                                                                                                    SHA-256:D746CE7568AA5D05222C1DE83209AB4F5B4AF26E235776E88C981BB9CEF3C48E
                                                                                                                                                                    SHA-512:840DCF68F7F063A664F61434E38F4D48642E4D806756F1B38ED34F30E68297B9ADF75CD69FF7CB62C7E955E978B5CC76B23BB2343FA063EA72319C762FE24CBD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:-..k.|..A.U...Z.N.!]..W.#$....T.+...N.x.Ps...$.th...T...|v..i..."s..^.*.G~....%z.=5[pyvY......h....o..u..(C....a.I..z1..\K...t.W.:....M.R..L.0t.y......o..V..5 ...r.....(."..]l........R#~e..!..B.2....x.......;Du]Ato.X_.h......sOZ2ys..0;......M.GJ..6.m......6x..x..FXe.....#.-.A.X..6..xn...+.t........i....w..lip...q....V`O.9.........1.....;..`Y....+....R..s.............m..o5..6l.w..I{...vs....y7v....6i..E.^.V.n{?.Qn......:....t.[.m.)..... .V.{J..D.l.r.R}.H,.4..7.?..../.....=.{.\.K.1..?.>.fx.....3....(k..7.[H.L......]P.z......Y%..v.c.._L...[.y.m..=..e...2.r..0.j.`H.n...[.........:..PUU.V......,ZZq..&.0......Q.....~y.i....E..T...K.R..;.....R.q<.....7/.p...Fc. K.......Kd6.....i.....o7.S.....?..K...... ..2R...w......c'..5.t.....SW.1.2..v.pn........'kl..k#O]...*..XLW.....+..i..A...*IM...t}!.70......\&..........}.uSGgg}x....s..r.......K....:k..B)..?..K..._K.x.#o.v.....8.....mg.V.BzW.%.-.i..%7s.J.^.c...$Z.5-....x....q.....i.%H)>Q..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.859166280957768
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:ZxG26DmnovLE1tDt3phrUuisAvyfYS7xvMoT8KXcwdoIBJ1cjrSdKkRf:ZUmn+LE1tDHhIumoYmphTNMpQ
                                                                                                                                                                    MD5:6BF66C45CE6DA4AD24598C28C6EC25EB
                                                                                                                                                                    SHA1:5CFFF5CED230D3E9D6AD22004E5CF2869D8A9E3B
                                                                                                                                                                    SHA-256:FE085D997125511945F3E7F1A6176B8100026FB5CB454F92B9D6B5B9A0666685
                                                                                                                                                                    SHA-512:DE385D7F4B9C1BBB56AC01D71723CDCB0E2A6143689A047AB0C7231402D7D948E7EA0E36E3B76EBDFD058047AB3693E86B9485D994C44DCEFC24BA19BCAF2F0B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:R.....Y..l..21|i./5...}.'..l.-.^..B.......c+(c.....i$+.jW^tH.......M.;e4Z...T...)q..>...:.@A.8...Fs..&. P$.5.$.f/.\."`."~....E.:.A..\..>L..!.+.m..2?..K.K..4..l...:......D.v>...R..8...xg...7(.1.C..]W(.....U.w..~E....>..kj.......R.b.0.....o...t....s.%..%..H...T.Mu...@.%.[w..&N].*W.y.6........P!...b..L.6.?|..+.D......(.Q:*..(.;a.M.'. .)I../......<...4t_w?.xs.%.A.]..T|.yzS4F.H.I..J.?t..cU1..-%.2..."..nX.Dv..."..*...L.^.c... .......lx.s}.I.....}5..s".{.;4iE.-W.......y...hS...=,..$.............i.{L0y=..l%;....P.......X..D....A..T.z8..eg.OqV..}.Sb%.}.;.......}....[..hoh..;.U......uaNpu.V....$......J7D.O..6..~.........keG....Y....O.G..*..@6..m.Z.......LP=......{..V....m.k.Y"M.V..n...P,....5F.........*mk....7.4~:.8.r6....}7...a.XA.....\...wT+.+*...i...sE.o..C.....IeL...J.qE.....2,.MN....).9....w..L.~&..n-%.v.M.%...!....0...D.O......~...L..z....N...\.+f...A$BU....}wSpR.+...c...=.D.79...L*O....,B.."...r......,.0G.kgw[.~?....t....U.4[G...X~kl.".7....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1275
                                                                                                                                                                    Entropy (8bit):7.8456565201282675
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:/O53q0uJ5qfah5OBU3vwRy/BNCvQCAeUCrA3aYyl6DE2MXbnr75/kRf:/O53q0u7qk6nRbQRE83ad52MVs
                                                                                                                                                                    MD5:4248BF9134D072F972A86273905104FA
                                                                                                                                                                    SHA1:1FEBDE1937F0BB556E963AE1FA00B0A2CDDFA732
                                                                                                                                                                    SHA-256:971F430627F255D94D2EC22A5B2AB905451181ED5B1CDB057F3B8F88BA12CDF7
                                                                                                                                                                    SHA-512:84B0F7E38117047A4B1615D44569A66BFF7DED031EEA5ED78A8ABC1BB08B71BFA19AB9623A4FD60E6D671035AC940EC566CD11D35A2A4BCCDD3A7D9B70282C1C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....M,7......1w.=..[]F............D.....a.S.7D..FP.5..d......S...E.;.g.....4".}5W2..b.SI.^.]`..5.BD...uQ.......~bj.q5..a..Z .SJ%4.kr.].a...OHE..Z&^.:5J[,bd{|fT9...}...nv......r.l1./..T..:7"^..)..JDI;.<...n!...Q.o2..<..%.sc..l}...w).."v..X.p..(06..O:.... 4.q.$.9k..H.g......^k...,..:..k./,r..W.....~.Ks..Q#...../x........Z.j.'...(.>...~........... ..f..8i.pL......)...ro.?vK.&...9.p#...4.A.'K.`.........Rm.|Q[t...I...;.8..w...c8.-"%.N..d._.. ....V..H.|.....h....u..*}.p.....r.AyrZ3.."..xOq...........",..#.Z.....y.'...U.",%AD.......8.....!.V..l..N......:f..}....d.d+.mY.."P.N*;.$.......:....3..N.;}/q.H)....r..:71XP.a..q..V._..=...F.j.....m..R.)PI.[..k...>b.o%K..c!.n...A.|.JT..2V..!\Q.ws.?m;...1.n.B....P..Oi..";y....L...R:+4T....!U..R:..1.W.......e...........6w.dz.T.U..*.c...L..z,....P...+.O.\..V>.k..Ao..x<.&;().-.L...L......l.._.8.D......._...ln.o.R.=.t..w.>5...di4.8...t.n.u...<W..]..).z......).r9.-.b...a..h[7t...5.~...W..P...o..d[.=.:R@-..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.867868930503515
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8Y/9dj3Hk7Usb+4K78MOo7B/XiKUfwCGT/POkRf:rbj3nsb+4a3l7hi7G9
                                                                                                                                                                    MD5:F8BF881363CEAA33BB87D21F754B1077
                                                                                                                                                                    SHA1:0F96077E23A0C3653BF9D30E5B81B507C6DA58C8
                                                                                                                                                                    SHA-256:45432D415CE6152FAE538EF35B9929E04CBB316177CB73322E5ACB19A8213CC8
                                                                                                                                                                    SHA-512:97B935A3926443BAABF82C5D0ADD7C635802F266ACADEE7CA6421625143D4D95642F97A57BC26A540D5CEF834555747A22127E75E98344D13FF084A368655165
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..[\...Rv.v.i......Q...o..l.%....h.)os..Rk...DK........w....H@[d;9U....J..}...}DJb0....C......b.).:.'..%..t:.i...j.6]....P0.e..KE...O./..<......d.*o. .G..9..t+K....F,.tA.Jsi.ag..R.;~.w..(............j.j;k.x.f........4...... ..e..2...#..#g...&U9!.|.6...!..uR.'"V....!)/......^].....)I.g.+f....dPo...V...e.a}d..:.Z....R....J.u..A....v..pI............I.t.m.#.=i.a4.;..).......h.f.S.._..........m....|.mUm=Qs.".?.F.r..[.....;V..T...G.v.bIDU...p&#Rc.(c.&..l.oj.B3....x....1.......n.R...{n..> ..IY4...d.S.n.]gDW...P.s...,.w:...m... .A..h^....PC....k....c;B.....T...s.'<9..o.,..2E...G)...1.o'....9{.a......0...n......,"..B.e.....*..l..Q+7..Q...t.....QM.t.=$..'..4...c...Y7...;v~Bt....|.5.+f..z7<..y.....`..7....5..}..Xl.^.=.P*\...iTE.......s.........8..f#...h@E.B......8...a"....R..N.M...`.J..2;..........5..W0M..&5.Lp...p)...H....%|h..TJ .d...WE..>8..]....n....g........'. <...]j.d.8.....k.FzV.*6..3.V[......r.q....r...n.B.Bb.e....u(.......K0I.........s.8.AL..0.M..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1274
                                                                                                                                                                    Entropy (8bit):7.815122286721129
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:0Ns+5n9m4CCYG+u4bKXGBc9c+vj/AwqWxrTcfwOBfmkxRK2+r801sKkRf:0T8AYGEKuc9c+jAwx8fTflf9+r80M
                                                                                                                                                                    MD5:C2EFE4446F2A40E1A3AC4A491287BDD1
                                                                                                                                                                    SHA1:4AC744E620184FC718B30BA23A737D67188FCA60
                                                                                                                                                                    SHA-256:AE2CB52E19B44B786760BD935E29E0F2E67112D0A8BDFEE7A3847C9792CB8C0C
                                                                                                                                                                    SHA-512:C23A9D1607905F5B6528B0C17C2D554DA045959E2CD656F3BF303455D12DDE339C1D195A00CEB251438EDA085DB64BF1061E771F2BDA8442A6ECEE3669A072DC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.b...."Q..Fd3Qlab.....LU.5....?dQ].cB4.i....A.Z...f K]p@.rb..e.c.3.H.U1+....t.....y....ku.24L....Cy.~.W..F..+..8p.!o..0...SU.Y.S.44[..c.,.b....A.,..T.F...2.j.76...Z^-Tu..."L..p.......~.C :......*"_......P.......p...2U....Z......-...l.L....`p..=.>......Z4.$.l.O..s..P...P....h...}.C#F.Z.e.....E....m.<:TC?..6.>3....7...CI.;)y^.U.InI.-Bu...h.w..r.h..`<S{..B.."..7.k....O...?.L.....V.4.KY................{.".-....8o]...&..yJ.Cu3.q...e....e..}.....&..y.9...l.WH.RL..$...;..c.#...p..w.........C1..5Q.k.E....S}...!.4`.#....1/.a..3........LMPU...l...R.H...-.CJ,.y}......&.1<..av.8.}.I...W.v.|5..Q>%Z.&.....'n....u..N.&/#..../....em....Ho..t."p.6...........Bq.e.u...W..!.k\K."F....@.?.._.?.>..SO7.....>-..........M....^ >h..RdZS^Se.O.!5]..c.}q#l.I..^Hr....s9mj.szp.9....b. =.Q6.!V.6y.`T.wX....8.........Eh........WS.....m........2""..Mq.7.s.Y...Z/. ...*..=.-.4..5.R..E}py)M..x".&.2?U.l.yr....wk....f.q...Y..L.."Q..l.P.e.........}$j..>?..K.........)........p.(
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.864202923337415
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:DeubAUyur06NvzWf1sW+Szyn9lJiDkxUCf9oXQjDWbXT0BOkRf:DeubVrtWf1z+AhDmoXQCQBZ
                                                                                                                                                                    MD5:AB5DFAA4BA2F4769CAF81512B95703F3
                                                                                                                                                                    SHA1:C9EC38499EB65FE724E048270B259AF7F6A82042
                                                                                                                                                                    SHA-256:84C004846AB27D72463FF94CCADA5E020F4B202A02882943E3BBD09AC8B18AAF
                                                                                                                                                                    SHA-512:16C7EC968BCD02FCD496D29341F6C0D91DCAB398E4EBE60C68FEB17BBCE7C08D26EF2FE38B8231DFE52CD830283BB99B859D286E8118096DDA83F0B126F91452
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:_.>...L\...6..B.d.cZ..GD.r<-w....V..R.?..y..%I..!.....r.IV.&.P..z#f^.n..q[%fl\..U.A3...y8..xq..LX...*...{..R......^N.N..W.]......N..7...-.*.....Z...7...mk.}......Ys.:.9>.u.H*>...c..h._y0.@(...W..%....l!..X}..7/5.7.tL....}.........K.m.......f.\......&.z..(....>.:/wu}M.......J.7%T..D(.. ]..<.$...4p........`J)...G.*hv.._.....n!AwJ.#..R9V....tn...h..l~.'..=......k...X..|...u.fw.x....N..{....9...Z.9v.w?^Q..h...O......h.LW.....X....CRR..i0..~..f3:....t^....0M.n....i!....@.D;.2.]...t.[<...Fc.......9C...Fm.F....b.Pr .[..0. ....0....c3.L.0j.@a......m.u.........W4.@......[........f..u....".so<.;.x..X...`LK*pW....pf6}....ti8..C...?..Z......*..E...9.D=nM..GX.F...c.Ww.+...].oxw..B...*gj...[O6.7m7.<\[.3....4iRZ.V.....T.y8..w.J.....a...dx.Cr....-&X.>kA_.*~..[..|.i.Oh..s..t.'j..;.F..\.J.|.^....%............9b.l.~..3....v.'N.........Ql>....Vxd...-4]#.. .X'X.k......C..Q.s6.BQ..$v.8.l.+....e.W...T.S*.....I..Vv"..ZUDG-g.K..4#........|..Em...x.w.......).R....w..6]...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.847592604320558
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:4AIcQjGDbS7aZstGoaAKyccNodzdLGYJF+VwiZ+pYxRKyvJkv2UkRf:4eDbS7rtGoaAfXOh1wVwDWxR/uv2P
                                                                                                                                                                    MD5:4CDB4038CA78D1D29F4E6C8CE2B2960E
                                                                                                                                                                    SHA1:E2A10F34E1F8B1E395D60442A19EA576C5267829
                                                                                                                                                                    SHA-256:6CE0302C08DA078097ACF634F93535EA847F6E162C46A3A1DC4B3AAC611365CA
                                                                                                                                                                    SHA-512:F6843296876CA1A36B45A3FACD6B154D57C6B6D12D57FD57A51E484E2E1DF97931CE02E1BC74868F6EDC268C7BB7A63675868A0E0ACBDE9EF600827654D3C01D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..i.+..\...L.&"$a:.......!XR..$.q..~..8.w.A....I.U..........Gd...8.d._4&.X..y.K.(g}.........qH8..u..g6.....m..[@.x..c....<..._cY....pw.HE.x..]..j.)........A....~1..7+...6i.\5-..v)NE..^...D?.R...<-G{....S.rX...P.rS8..P.....j@+..cC.........h....~.X.p.;.G..Z......n%.Z. ..0$.9..h.C![q..tZ..(....G.{0.._...n!>..r....%|.b....z...m3Bc...DE.T"..J.[~<{....K.j....N_C..U..~k...n..w.E..fgU6........W.8z.K...$.%.J.....x.yI...&r.6_...q$.`...r..P. .pq.r.b}|.e... ..).<...}).E.......G{D...1.hB....@.....3...4.|..HpN.m*...n........up.....|......cV25..w..&..Nf.h....L..... ...:Q...%....A-.........<.1.x[....A#.......0..E..M.t".....q...P.$[......w..q....\G..y[.K...l.q....o.dL.9<......[.....x..V..y..;Fcn...Q:W.VM.8...;.n.(xZ...U.b.#.y..........;. .d.TN...J....z.d.h.._39F.G-...m...?@IqU.....a......{R"?c...J6.|4I?{.X?=......;).T.G.13..1..8_.e.....C....C..D>.QTt>.(..w.}_.V.....&........c..l4...9.5..IfD.Dx...f!!a.m=.E"..........YG..qh..,....M..j.....S.V"F.+..\.[.<...d.e>
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1275
                                                                                                                                                                    Entropy (8bit):7.856204393884704
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:SA+a2nHDa947ehvO+YHxUzE4gaMN8QY66qSOMYB8Lrm1OKgkRf:S3B79+YRUzE4gaMN8b6RI0OKr
                                                                                                                                                                    MD5:603AAD749D3480D2E32212BC62E200FB
                                                                                                                                                                    SHA1:879DEAF49A9CE2D2F2DA31FD527568EBBF61DEDA
                                                                                                                                                                    SHA-256:E9D29399BBA437096078965664BF800070ADA94BCA238E366DA77B9DABDDF30C
                                                                                                                                                                    SHA-512:7F045C122264140A2DD0FBB752242D3678699B0BEE9649967D1B2921FA47E3E888ABE993B88252DD973D7DDAA4C1BAABC6F8E6912105296DCB3F342BC8833726
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......E...RY.X..1J.0>]..v....BO.....H.......X..'.!....\.....Yw.hn..q.h+a.mf....H.)}.VZ....r.^j.>..R^&4.....8_..N.....5......d...rpt.......a9z.WA.K...c@.8.<d<.P.T........M1xE.]....-...qJ.cEN.j`..=.Q...I'...Z|..D..EGie.c0b.nZ.;.#.-8=.rU@z]...iY...l..?.c.D.R..;....g...^..._.....`....HrQBE~.z...q...w.q9;.......{(...........$`@.My9.o....&.[.5..v:............4.-Y........@".t.(5e....cX.^;b"N.V...YA#w.B..2.J.V.,z.Y0{..IO&a.$.a...h..4....)CA..s........'P.<S...Plh2..Gt7.I.....R.]..uY..1.I..!.%" ..QZ.P......M;..O.I...s;......5..I...Q2..$.p..".E.d.D...<.!..6.........%O..."AylR.2.wO.......llD...<E..Y.g..s....\.X.P.l..y......:..!.......&8.c..z..qE..w"?.. w........j...>.j%*&X@..C.....G.j\....x..M...0.9B...L..c....$..jV.NPq..G.v;9..E.t.....ut`....x.t...1..$#;.w.D.^.:^...J3 YUH.......(.{..sq_.GT.n..tz.>PJ"!}3.AB.........9{.q...cE.. ...0.X..b$...sl.....im...I{...1.......?.q\V...h...,dL...;...F..rX..(s`.L6R-,...e...Y.R...sh`B.E....a.!8.G-z.;z.....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.840035971173466
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:TindACgT42mOOJJ1vvoe6e3Y/NuOtMpuUO5THIOkRf:endAC4UJJH6JFuGGebIZ
                                                                                                                                                                    MD5:60101244203411179933EC9F641F9FB3
                                                                                                                                                                    SHA1:6C2C7C88B77A437B756F5F46F8BAF65ED9FDE118
                                                                                                                                                                    SHA-256:612BD301D5211E60A6D1FE8C197D09268059E963C5076EA417C438FB6DAB6F4A
                                                                                                                                                                    SHA-512:42E049C20D06017D12EF615BE1733442499F150058E9326BA4195AA0C6EDF1634FE813E1EF90FB94C133BF9260EB092DED74E47CBC8279A7A1FF9E8604000D43
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:."...Y.w.{..D3.d.d...%;..=c...g.i..".........}..z...g..TA...O;.....#p..j............F'].....d...H....i.u..M....s..&...r....-.X......".?P'-|Z..^.o< .H..Np.a...W.>.Z9_..Ng..{T.)a>...9.>.....M..U...&U`s..+.G..2J...K)?.&&.a....\..U....L-.w@...#..G..}...~tqa...d'.+b.ev~m5...cv`,.S.0.i.b"{.g*..Q.0.:.E..p.\..U..9...:U{....v.6.MjK5..J....H&F..G.'.....W}..YC...2*.X"...)TT......`E..e1.C...?Z..~j..9....^~.a...1..b{...Tl..F#H`\~5.AGM....!.P.....%@.J..t..Z.[:>i......#...g"2.?...d...8.;EZ...w...^.....Pga..XlA..w2..o...v.o......7........E.A...;U..Y..2.o.......$h..J&.....p...O...0R...v..H.*)3..Fd.S..=\'.J8~Y....c....e...<.G...m..|6...F`...ex6..3h....m...$.....>|1$`.;7Q.E.*.Q,J.@.^..5.D.8P&....H_N{_~.[..Tx5.l..S...H.)k.]b.rE.J._c...p..~<..`.f-.O.4....y.=.YcOp..5.s..&E.....E...........8..~,.:a.._6...!7......y..T~..@...t.;../........]..j..n.jP.wi.....b........E...B[._3...r....G.aD/"....YQ.}..i{.......5`.?.[.3.......L......~$G..u..c..7r..|..}..s..Y\8..\QZ/
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.826349571900243
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:fpysbHwVj7ZlVZC6cnZ2yDUbFaE5xNJONzTpyA41alFMFDkRf:RysbwJfVZC7nIOZE5xgTpyIFL
                                                                                                                                                                    MD5:4BFD998C349CA456349DCC02DAB5DB73
                                                                                                                                                                    SHA1:F6B5DEC1BA2C4682DBFACF1749A5848ECDAE3360
                                                                                                                                                                    SHA-256:62256B1851303676442378A26E39BF8F7B9471F2DF27CF6D8CE26B420590E93C
                                                                                                                                                                    SHA-512:E69035FA8B9B7E6255FC07EF01E97F5B12BA931EFEB2264EB08E06653FE80DEF49C0586F97D3357EEA01E1907AB2034A35B027DF02384732FF786187BB08FE58
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.A.......8..Jd.K:.^="...Z...g..Y..%o8.$q.B9l..!~._..Z...%b...D..=M...6.....n2..(Q[..V......J.qD.q.u\.D.}..U.....m..XR'Z..+..M..bS....F..7^....`.'.... ~.....T>..L.l$..d.5B..|...[..........#2).<q...{Ay.{.9L....M....lD.!t..R.l./.:t.dR.......(..T..D.{@z._.....?.>.S.q.h~.pF<"5.....=E..YJ........+...'d".lG..$.M.m.Ur.>/6..Af..W..X..9.=......Yz.\_.....u.r.%.D.z.Dy8Y...M.6?}o..Xb..Q`t..NF.......-......K..;iY*.....gM.S7^..k.H/.....@"~M...zJ~...r.T...b.<H]J/.........K....|.E..- .....-..j.F.....P.mB.6.$........F?TSi........Un.....}8K0....$.$.|Q..P...R.R...V~,5..]K....}01ML.);?.....>T^....3i.s.......T.O....c.=.y.[..'.d..1.-..(d9^Z.7..1..7t.1. @.q....a..-7H........(.3r.....Gf.c2(^>.qO..V.%.D(...=...-..H..|1a.......Zr.5....sCC|..N.E..'....$L|GSK"....A!.............g......9....L.c..:.u......iIh&/...a.p%.....Z@p.0qR.s.@.7.?i.......n.T...do#Z..e........K..}.. u.;.{.P'....D79.W3'0........_..q.@,..Z....i..^..."....%XbCr@.ae9..w......@l..AG..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.855231536685201
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:hR4pUT27R5jersvp413bOHBLx3k8k0vW9J73NYdLlb9ly2DtkdD+L9bQlyJOox70:hR4p42vjen3K9BdW9NdYdLlp/udDobQ/
                                                                                                                                                                    MD5:5A0A4CD9C66F33EE82D746EFA59B9597
                                                                                                                                                                    SHA1:CAA4053DBCBAE26C9029098F8F2CD7F5E01CC815
                                                                                                                                                                    SHA-256:E7C685A0D336E41747A6DBD561C3A2130542968B9A7AD30E33BBCECF50237106
                                                                                                                                                                    SHA-512:9F3D68C604A36170F6A6206FC589DA38DAF1370C2F20FE75D88106D55437391419644252226736F03AC8DE51DF9B5FEB2A787C3C1A868174C76AF0E97364DF62
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:c..h..f.g....v.Zv.~.F `?..r.u}..../F^^..`.......J.#........+..............0O.{.^C.=rf.x.O.....)...a_}f.{.Gw.N+Ywg..3t..../.d...K..RP.,.!.FCI.&..H@........+.Uy....t..U......+.s.9.!2..z3....N...#".W.o.H-~N..Y...b8V....K....ORz9\......}K..%....ok<...=....."..,....,....$q..Z.g9RB..........>.>&a>P..p;...q.5b....&.h..w...'bK.=..%.^..vn....>...N.XGZn5ej....'.5..H..Pv.]....Q:.5m..Fb....f.qj.C..N.a,{K....*i@.C/N}.R....0v.&!$.Nt.2..'P.4S..|..........c!.'m[....;U4q..xI.$.@...o........&L.*...).+0..hn.......$,...Wd..a{.D.......1.1.f....s..az....\k.g.r......b.[......B.7F...3+......m..#...-.......TWw.M3.. _......E=.9.u..5...2...S:.......&../.6P..D..&.,x..I.J.&......d$..!+.\..@ob...ey.q..Q..&|...4..6.^.H..*CT..n.(.0......ge.[...V....s....6..../...u...,<$S}qw.{)..n....aL......oh.}.1YX...j.Y.~@h......y......v.S.r...g5.S.DG...n.{.H..J...6x....>.z..>.. ....#T ....eEP_..`G?)....~.w..0H.K.~.Z....e..bY.m....k;.'.k.M..b....|..x...;NjX...TWM`...}mXgOH..6.cf:?.C
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.824757595591978
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:QP5CW9lWrigNTJq2HrifoA45aJz9ruIhCDpHJ0U3lhfMkRf:YCW9lWvpJq2LocMJz8uCDpHRlNH
                                                                                                                                                                    MD5:794C8D96906BBFA305BF049537F6BC8D
                                                                                                                                                                    SHA1:A6067E7C23BEF44958722187823790992AD2CA1B
                                                                                                                                                                    SHA-256:EF46ACAA093AB911A37C24EB7AA1A151B05F678D8D7A89CDED823E88B58AFD8C
                                                                                                                                                                    SHA-512:7F7FD3E97420D365F66017371586328F76C2718A23931CCBD7950E520244CFE2EBAACB1A5A69BDF7486A3EE761E3A7DB57606E3F5B9BB55AEADEECF08B4C8E20
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.9.$....<.mm...+.`.z.....t57..<.'%s&g.._."..&jD...>0....@.R.x.N..3.....w l..g....@-..D..x....n.>D...g...o.pf-..*l.`.....F-G..|.<....*.*a.U-#....k[%)f....%n....1|.-.&.9S.b...g...zC3.....e...m.w.'..$K..b.u.......Z..}..^*.....bu.K..>.C..`.c...)..!.......?%.B.\.._....b..:N..o..T{.u....H.]{5..8.?g..-.J..R8}l.^...1...%I..*..E..tP..M..Z..v...e]....=M.6.2...)..S..=@...gj0.u$#..i..).._.-J..?'...W....#..=.......U.. v.^)}.T..>c..p.....}.]X...8...{a..:....%..XCxg.....K=s$...].....rVKY...(..h<..p...V.+.%..8....0..-o...s...|U...xJ..v.z.IZ.,..i*#!..)...e....!o....B.G.X.....l.c....<.hdV.1...Z.....X?..WKo.~..V.HRcdT.w".....^2.....tF.L3..P.K.V........P......1p...c.*..._a^L`.6:.&.J.2.tb.^1xn2^.{......H...":..4....5s.&.l\.x..5V..J....G..13r.3......B`#.J..-.m(/.....(.(..../.g.w.9=.s3.W.......m....)..Z%......Fp.DS(.......R.l.t,...%s`.6..pp..Ug.....0..:.Uf.t1.i.}-0...n)dZ...oC.I.f..^)..1<2..sO...W>s...`MbB..x..l........Q...y+(.!I.../.....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.831410780935683
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:eCv3LxloCXI+27XWK1udj2q3Ty3Ud735UjXKkRf:eCv3LjovTrudSYTyO3eTV
                                                                                                                                                                    MD5:39B2F9771568C3D92ACBE94172F31CBF
                                                                                                                                                                    SHA1:79384C28B10585F9EABE21D34FF14F5E4D361448
                                                                                                                                                                    SHA-256:9930D3F55419F3C6518CB99531E37EF1A922E2E6CB9471EDB88D27AA554765C9
                                                                                                                                                                    SHA-512:99A1F4B8A547A32CE700848C838F9739C568F31DFB0C6B8C47C22BFCCCA5CE71E401E7E27B839E33E3DAEA22536259B682EDCA1942E805A7ABB452FC65197BBD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..&..V......F..e.W...NA~......I......4..E..&....r..*..p.........{...c.0.<..e-."`.|t..2...D!.e....+..!..{...........7.Ve.#.....g..r..e..R..mw.7...wZ.^i...B.....~...?{d......../A>.Q........F^D.........4E...s:.Mo..Z...?...b+m.7..!..n0..*.k+@i...K.'..e[....L}..P.Y.t..#].H..z0..h9....,.d..HU./.],.OH.{.=..J.3...e..m/.~I.....^(.....fl...v..i#.....>...3.....~.f..._..^s...>#.o..iy.T.uA..%../.bW{...2..o.F(...Zz....."Y-...;q.^.....7....`...#@X..0....._.....n...D[.e.J^v...8..O./:C......W2...xh......%...#...:)..J.EE..t.V+.e...Q....C\.......f.MS.....84.(.+...._..N..].....y.....i.+..m.|.k......*[.....B!...U.ix...E......f.....`Zshs1.V.f.u.l2...r.....E...r..he.2...u.....V3JB...C...._C...^>W....x...8^.U..*..J?..^.DZ.|.....]..I7....E?z.}..q7...Gs0$..6...L-.@N.Q...].6.3T^...:.E....@...W....oQ.....z.9.X.}.f.Z-.Z/.v%...E.....`r...o?...../..;..$.f......b..|%A..t.R=.`].....,K4...w.]...X.ss..p...7..`....#.#.z 9`qgJ6.0.<...fG....7..@)]..S...d..".0../..=..4..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.834259322545239
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:yxwq6R36yweXmFts+gnH/ryUzODzDwV+c5CtS/8EUUjItrAKkRf:yUR36yrXmmnGfnDwV+eTR9MrAV
                                                                                                                                                                    MD5:51387BF7618AFD94AA5A84B90A818D5C
                                                                                                                                                                    SHA1:EA031174CE1A7A43554BC976F7AAA833C9B10A98
                                                                                                                                                                    SHA-256:6A6DC118E35B9A9DB70D4432312E0D18CA8DB8C8C052B8C08377F642CC9554A1
                                                                                                                                                                    SHA-512:0269E87DFFC248FF5585BA1AE2302E9C1AB4459D6D3E83C0E27A78FA8E35F5633B2C11684E130858A74B8A2A649FC0F6861E59B6D48A6517F8890CE930A81C0E
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:z.Ye,v.......k.P.&*Z.~{...l:f...1.?1R........Od.H.s...W2..S..S.3..I..FF....]J.....2IH.F......@.s.tR.o...)..~L.^...v.W..S>"_.|......n......:.H...~.X...z!.. W}.....G8[..c.:..h]._..|..{..n..../..M6py..C..Q.H.N..bt...]!....!.p`..!Wv.....$.;>..w....L....'.U.SL;U.Z..\}.e.>y...xz.C.,.U.1..Mx.[......1.".o...F5 .O.A(:.4.]..J..T......YT.%.,ucu.......s(pn.J.....O!......H$.l.H...%.j.]iE.}o....1.F\T..h:.6.J...P...l<........l@.7=.............6?.....e.^c>...ev..-\.........h@.d.@1..S{ja.._in...?H.....j.^lU..0Sh....5.#...0q>Jk.&..{h..cC.=.......>."`h*.Yo".D......D`Gfv...........p...g..VX.-#o.s|+Q.G....4d......n.B]L._.,.....Y.|E..#N....Cn....p.q.R....q;af...........-.0_}.|......Qj*....B.V..G.6..yIS{.E..USl..{^H...hz;Gt..RQ...].E...3..W...`...xE....k_.c..v......=Y..0FQ.p.L......:!......H.BA...9W..<+.#.:kX....s..~....z.h.uAR.{..}..s.[.6w.:.]..h\N+|....`pq....>o.....E^6...JQ..q.s.-a..l.d...V.)B...aB..!.....6.."1cJi6.uHN.-z..8aH..l)..sej.&...<.J.a.,M..F.....<.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.858766817584554
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:DVl0Cx/pvgHSvNT5LS+70ONkHy1Nqr8K9sGYruoRlgNd1DGCxfj+KieLkRf:DVWS9gyFT59zNkSjuZ92ruoRlgr1DGCO
                                                                                                                                                                    MD5:7337649FA378A21B0B7A25AF85772747
                                                                                                                                                                    SHA1:BE096EB1FC2CBF3953B3A470583C769FF278E521
                                                                                                                                                                    SHA-256:281ABC57A5B564870E750CA4E4FB1D6BD71BE04DC27CD7FF142E1C67AFFFDB2B
                                                                                                                                                                    SHA-512:035448402777795322DCB5B3285748F1DBBBD64D96195A0F501D39056B2218029AB5DE4006B884ACE4B94236DBDCFC18491E029DA7970BC05413A8F97D6A27EC
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.).,..&].3.E......:.I...l..%d.....:....A~.w.6...*:q.W2.j*^v.D._.Va. ...b.h.H.*....F...............1X....[|.....a[t.........I.*.WG~w.>..!...;e!....."8.0..1pS.....aS:.|.}..a..:2.g..r...M.......2.0.kNle.m........E =...`i.r5B.h....w...1.[..x.v..L2Q.....A.j..!.!(...S.f.$V.drG....m] .=s.a.(.....O...IQ.M...a.UB........I..Z......"..*..,).[n.:...#$0...).W.(j.}X..eA.......Cg...(v~.{i..H.:.Mm..y81kQ.=.E....HU.7.-$u d&...c._...6v...?PJ.4..7.n..W...<j..wO...'..!,x......G..4..Fk......../45.."(y.JD....y......9.>..........n.V...X.c.5.......y.....mH.n'..7My.\U.H7..?.',,...[.NA..\..&..z.!.}..\w.u.~.......v......y1.V..-.....h.2..`=......7.HR..Y..d....$`..tO.}{.8WE.6......3/2p..M.e..]..'..5........Tn.G.AL.b["0...a*\D.....G...5A....`...@.;.i....C.....e..|a...3..a[.(.V'..6..I...[.`.6@......I.....]6..k.3..[<A@e.....%Xc..jg..L.7..r~.1.|.#>..1...1.O......%c:.F...U..J.....Mb..B...X........3.@....y.n..H~...:....?.*.$..tf.[..<...{..w.pg....%d...p
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.854343697607141
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:Z/8RS9KJt/NsdcsHstq6TRNQ86BqQE4kvSsGwt9MqNMlwA/kbjf6QgkRf:994HwTHs3NNHQqekrGwt9Emr
                                                                                                                                                                    MD5:A46DCE1CE8F4CEC2945F76C9EFCB7A6F
                                                                                                                                                                    SHA1:95A1FF29745632FD155BED8AE2F4D7314E5F184D
                                                                                                                                                                    SHA-256:36E9CD041F0470E7E2DA027E3B2359507789A5B21C29CEB36CAB2DB01FB87782
                                                                                                                                                                    SHA-512:9F13B4942D3AF9DF79603C74615802C9E6172ED3F27D50967D5BF86F023D8CE27E75F3E6F9BC9B45D52CF1747A0253D500CD30C72E77E626197B439CE8D3A18C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.........E..M1&/14?./.Y.[......._..%.q.d.8.i.%:.3..=.,..s.G3S.F.u..G%.....}......F....y~.s...........k....4..#...p.l..."..@........:>M....a.H:!;.......x.+.8q0.k.sJn..7.<..[s.'...F]r..H..".W...Q..:.I..%.=g...7.H)..=lS8.*.O....RUl..n+....k.c.;.......E@...4=_...\...J...yA._........Y1...O.0v..~.....$....."$.U.D...@.#...o.&..{.......&.....W....u..UZ..O..F....&....0.\..d.@ .U.....DG..a....f.:.......Y.I.5.U.8e|..|.W.i....ky....&ht ..G.P...y}.0.........<.D...../...g..R.....-.[B..S,....1'.i\....z....1IN.#...!.z.AT0.xz.b:.9yx..R....v?.|q. i......<.....-@>.n,..7..1......{....LQ.......hX&...;.....4.I..z<..>y+..,.6ty..CS...........F.....[b.....D....4.;.".......7....N...?)U,....|..WKg.....ky...O.MZ\.'..4+.n.[...w...=.9f.jk.......5..l ._..E?.2.vEe5.Hs...S...........<?.E...O..VH.k.cw...9...3...t.<......X..?...@.^...aw..x.P@"...v.A ....*....-...!^|t.k=dO.\.D...:..%..y..X.?.4d...Q&a?..|v.+...I..C.`.O...A...=}f2..."..W.......M...=.Q...{..LO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.814543032580602
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:FFIcdWEsdUZx19Vq1tjS3Alearmxbtxb32IamRlZlcO67wtWtfk7kRf:FFbDsdUjYtu6tiL329W27wIfl
                                                                                                                                                                    MD5:08D16E6E7A9A8C630EAB2DB1997DDCBA
                                                                                                                                                                    SHA1:6C4E9A44DA9B92C81755432175853B6DEAB359C8
                                                                                                                                                                    SHA-256:19949A23DEFEAE7007003CE81A69F0FB323F6FD7B0A4B21982C26488DB5AD3CA
                                                                                                                                                                    SHA-512:9C6634E000664F9B49ADFF4A53EFC86242A7D52AE2802AE664E6CAFDBBA33B8BB245443F474AE61F213924C051CC8118093F398D34E2A531D7FE00A1E5177857
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:].k...IMY..+34m..4K...i.....u=*..I.x].fw..Z.Mzy.:..L.../W.hil?.....;.mU...%.....u)...=.0Z..d...d..l..f.%.'i..Z...D....x..;N..Sv.u..*...;!?"..~.\..c.$.......pM.kH.5.....u.0.......z.).l.{c~R..9@.A.../..z`.8..:c.......a>.j{y>.%6.}.p....:.]./...].........A..T=t..P...@.g]gD.u....&. ..8R.....k........0j.]k.!.. 2-..P..p.....X./g........%......9.\k....|...:%.z?X.U...3..g.f..Z...m.C;........#..w..#..76.=.D..Oe..t.c.'.:!.3.P....<I|..N5=0.A\...".P9.3.p....@......w..$[.'9.W.....c.Z.y.......>D....~....l.'.S.5@{..........4S.?..j..xD&...j.A...#..PcC..uu..13.Jy...Qi./.....S]*.fy.;.....B.:L.*.K..^v*...E.......$G.U.._.5f.7./...].MC...7.....W..3.yb.0.....[^....l.....|...I....v[..A...?.C0.w....bvw..Y.v.n..d....7..YZ.t.d.**....a...D4....W.|.... 6?..$.v......i.U....a........TU.l..(l..o...#......E..w.#./d...P.t'.F..F..e.....R.#.....9.so....~.'..JZ......xt...T..pM...^...........<gm1..{?3 M?.<u#G..uM.Q ]....#bw.)..#..E.?...!I .'..KE^x./.$.-....G~..`...D.M.=....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.843368989334219
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:prZVLe26806LLUGzJts7jPEKOCUCGBwaZFCb5h2LEPewmkRf:FZRe268xLUdMLCZaZFCbU+
                                                                                                                                                                    MD5:A601D27737BE96309E5DA81309D2AE54
                                                                                                                                                                    SHA1:F82A7DC5B03EAAFE721BF65D27CDF55F00E19037
                                                                                                                                                                    SHA-256:94D381C6A864EE1FBC82598195676DCEAC7D538FF1CDFCE1DB682270C7DE42AA
                                                                                                                                                                    SHA-512:D19866BC9A6DC0A24A9B8F455C2A775EFF1097C55FF1AA9475953550522AD0B3539C9C26B02B1AAFB50DA55E12F117B8B9E89B12C73C1ECED26553CA66AFDCD3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:......L...xrO%.."O.=....!..>+R...0..\..x^g....../.......'..r.... .....g....k...*..... ...@o.O.j. WR.d.-.;m..EY..k.Ut[ .3E.K....}..a.^.@..XFY..5v.6.j.5VS.r.LJ...7!.+..!.......Y.8IA)a3>..~?...>..tw(.G ......}..l.......Y\.3.[4..........#.6.R."'.:.......'..{N.V.k.R....Eo........./.8.'h;.P.f..Ui.1..X.<+..2.2&.(.2...........,.....a...v.....6..E.~.8.`.......7...-;..W...a].o...B.b..8.H..w|t...@...._Gh.'E...T)...l*..`.....`4..N.K...rH.{7.h...H....M.b.q.....-K^.......8stb........mxFN5Z*..w..I..Daz.%ul}m........6..g..C.l.3,......x..4.S .......h.xj.'5.w'f.-.....G...>L.8......?.`....#.Z>.P..l..k....qx..r........Y.....&.......)..sc3N.m.?"*........1;.-,.4.......lhR.M. {..v..9.........O...PR...2......l..0..nd.;..&+.F...~m..............{]..o..^'....".*U.6....]J....|.......Om...K.R."..l..Mw(..?.7.$....6C.c...w.j-3K/....A..].W..~>. .F%.....S...PS{..@........... L.]..w....C.2.."..J.....j.......NXF...1.Ek..kW..*.o{,.p5`n......Gh.A.!.c'.S.'*.........FD...,..q.#
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.8285235330127945
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8NxAGl8bCt23b76324WlmjfcvrfJMPBujsI4wRzhE/5O558mFuXkRf:sxRHob7w2VqEvzJgBBwM5OVIk
                                                                                                                                                                    MD5:A46EB7999EDA4D5C691B44B0864488DC
                                                                                                                                                                    SHA1:C770CC255C82B8B682A114D9C79E7F6F279967E1
                                                                                                                                                                    SHA-256:73AF66D1BB1D02E32064F914793F167FE7C87BDF9B9206003B6FDCB7C97684AC
                                                                                                                                                                    SHA-512:F0AAD25F7C235E509C04B31990E5E9C6DA8FC6B422319C77FD10EDEE225E519B1183017F2EDEC286229723E346C002FFBE2E528663DD0A02ACA9E558EE71F7F2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:JAp.<..:.^..2..6.G.VS1."..|.........*..n`=4..D..!.P...w...'<.CJB...a".a<../yM).:...6...f....V1&.X...P<.!@.y....&......l.f.,s.......=..(2...X......nd@....d.....Sy=..t.......a.......;.l..e...v..QP..C.....)....%..d..{.c..`........F.."\.b{....|{.u.....>.s>(.cn.{....|.U.dY.....c......... 9n..x$..........{.~#.hq>.$.,{...s.j.w..#..c..`4/3.d=s.-..9.j..kq......9...x...K'.....6.:6n..T.Xhp_T;I..4.....L..4....U."y9.B..........a9Y6_..h+{....i1......eN..5.B...$..x....4Ji\.Fn.1.n.19......cIZ.L..@[..f*I....CXL.{.cn...5!..z......R.w[{3W.X@!P...F.P.k8.......\...&.Z,..TQ.../M"NA.ju.Lp&=...x.s...X{......g.~B=...9T.j..Y...q5.....'......;.99.G..iW8..c...a.q...<s.....SrK.A.......l7L.W.Q.4qM.3'..Y.B..a..c....~2.....U.L:..k....U.c.s's.8Bz.6.W....v|g..0.h....`...^......x......[....15qt..V..xxxWr..}......l..f~.qg4.)>hf..F.^..;...FV.!(..Nk@.d.|.0.>Y....)..f..|<r.!}).........;Y.,../.F.c.....n..AA.e30DjG.{...p.....m.$..<..X$....y-...).....].0LO'8i.P~ex._.!....iT..d.,t..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.854921447322496
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:FxM43MbjSTCzXGaLVDx2n2n/Y98pYR9KkDwIn+obTYlrIiM1jcmcKkRf:FxM43ceCiaLun2n/YKEw3InTbTYl+C
                                                                                                                                                                    MD5:C4E3F755CFDA4566F9467375450E452F
                                                                                                                                                                    SHA1:E8DFDC4E21AE81A3ACAD3786ADB6B332C3A20921
                                                                                                                                                                    SHA-256:4D928F260F4D1CBDFA89EC5C5C5124A5136E797848DCE6E716D58FFF0D5BB331
                                                                                                                                                                    SHA-512:C86E201DD37DDF3396B75D1A045D0A4AA09FBB3B51DD313EF96399AE72D127D4CDEEAF7FDA4C77926433202E9C7B5D91B9067AEA0265A2E2D3552CE2F70AD410
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:i].G...*`.&2.{.T ..2.x\:yf..$.).R.*..9_..5....E.SQ)K..Sz-Z8.D1..3&Og..DZh....RW.)..A.....t.X...!D.'.n+.<.5+D.;'P."..#l.... ...m`.@.....@v.(%.$.........y....>.X(.`..lr.hJf7.iR.'.c.....<f......n.....1F....s.95.|[.D.*.y.V......5..V.;...u.......Uf.H8..3.....o\........p{.2.>D2.K..PO.....+~.......7.':PJ-..........;cj...%....o.)..a;.g...9....M...R......pYE..{5).Q..=.N..iC.^..U9<...M..=..IGA..F!...59...^R..Xh....&...;.F/.2..k...v._......PcL,...J4{....TF?t.E..#0..B.n;....0n.....z... ....1D...h..Y...F6O...!-...3..x.T{. .T.~.^%.y0...CW'..i....A.7J<^."..%q..\bR.=h..... P.k.b..do...!.;...b..<.../.......w....>....H.....]"..KD...].3....I%.W......@.j......T]......]....[..e\..h.o...M...j..1...X3.....g.LV.l.../v#v...,U#..P..'.)..k%.V}..........?...0..S....eS.l. ...K...$E..a.&#....v...0.... ........7|..?]<N.v.m....DM.M..S"_n..~...L...D.........4..;o|^S.z2...q.2.r...a..B.%t... ..$J.}q.../(..WV.A.4..>./..y*.|.....2x...CV..D.Lr.RsQ......"..<....A.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.851639151258456
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:U9UT6yq/husOIbr2YjcERrEAckKAl2JSYaPBSUj9qJ92UkRf:UOTdq5LhbXgoEAc/SYa95qLY
                                                                                                                                                                    MD5:C28B801F0B40210FF40403002B06BEF1
                                                                                                                                                                    SHA1:566ACB12A0D0A11795028C128BD6665C73D2FAC3
                                                                                                                                                                    SHA-256:B9C8FE81D14AA37E91245F38BA49389FEBB16C7A63F59CF0C8B77B4270DBD947
                                                                                                                                                                    SHA-512:67649E5057D0D237EDB58F931172B53F12B1E23EF5897397B8245AED90AA3956AF1602388BFDDE7585CAA13A2C24CBBAE5E7E6D328EFCC9E6070304961EF9607
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:>.M.)...?E.\.($+......65........e..2.X4...7.\..2.Typ..9(./.......q.........B.....j.....w..=C..(.v..A.a......+7-.AfO2..h..6..c....%4W.@...O8.m.......ty.).2.\..@a.hR`.......\RbN.m...d...a..a..Z..4m..E.....6.).<w......D...c...m&....M.B.....2&Sdc.9)..Z.W...'....7....M..H......P.T..WTL.Z....vF..6...........T.P.7B7.D ......T...[`G...8.p7..bX....|U\..7Z(..(.l_.}_..%.{.a.*.e#J>..9..c.V...t}..........)....m..S..s...C..L.`.H.......*Y............y..ec..}....(.j!a..9!....B.AB.Kv..Zw..eK..#.w.)l.B.O$p......zvW3..._O:w.....O*et.V.U...Z...OF...D....~ .x.AlU..*>h.K.....Qr.e............Hy'...&x#.J..L.#|.1H.p.5..[......`.h.#..H.v{.....J...].K.!`..*..Q....]o.h.0.=.*)..:}..^.&,.c...2.....o..Q..i.3.r..q..8..g.Y1..%.l;5.$[:....t?.8....b.....4p.?..../[..j..-.fA.UY..g Hi..h...EV...i.@3..P...m.........'1.q..T..5....;z2..$}N.....|..UICs.F.!S@..E...v...R#....9m.....n.u.......0.E}..... wS...P.?.G...V\...f.?....!.7..`...............':..N.h..<..&..}}..97.V.I!....g.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.858512260034711
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:r02V+Zii8lRDMGdscuaw5JFrjQbhXov3TMM9j/wQZFenYJ+awkRf:h+V8lxjSLf5JFrj8BK3b9j/nonC
                                                                                                                                                                    MD5:69B65CBB6CA6FA6DE85BF842C6218EE5
                                                                                                                                                                    SHA1:B939BA303592EBC7D57C12463717D1EB88F52BC7
                                                                                                                                                                    SHA-256:286675D897881314813306056C48538C24496A2E07DC687C9EE3066A3A426310
                                                                                                                                                                    SHA-512:EC3BD24BF5A9120F4D6333B3445785425415B279DBE44E75494A5D084DF910C81AAD2B0CB20815B03B34072E0F8BD55ECC6E4D737A56886E63D9A9582F6D0A05
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..."....2..m.'n...8.....}T.].iSH..U.r....)v.........I,%.(.....q:..l..Q_..*c.-.1.K... *..{+.....|.)O...g.?.....7.3.S....4d.(P.."\.\.X41..,p7:p{;...j8.S....}...2.<..........9......y..#R....5\$...uk]RN..0...L]..E...$~t..(.@|....`....!..[\....s...i8.o..E...1?.%/"..Ll.e.3.i.4t{7..th...2D..*!.s...|^$.`....2........w.28....(m....:2R|..$...5.V.CX..L..9"u).x...~N`.-.Q.>.1i....c.B].m.J.Q.-z.3A...q'u.*..........q......M.S.R.%..E.v...^.N|../{.H.....Zj.\2..hQ.....]...0.;..gb.m`G.+...U.....j.E....zlW.....L.....9&......k...&.2..d.t...N..0...O..p...i........i.C(..+.'..vJL...`.*......%.:..GE..J........!.G+...M{..b...[..?..1.........O..n5u.S.....C..f.1j.e....G.....\.....,..`..I.P..9.;...{n.. .(...B..j4...3=Y+.x-...I ....L..9..6Z...R.f.]...;.A...K.k....".|e.@.)...m{wt.......';.9.....M.PLn..n.h...........H.Z.W.. +.U0....K.FW...{.... .Z.........,.u_.....h.R.........2Wm.0...".Y.+....R3.iR. B..>........@T....|.V...T~L^..Wu......7."].m0.{.K..7...C.O
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.842747826569365
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:fhqHSlFXJcuRil7sKqD0upwEPlapEj6EFkwOYPy3l2iVSGdgnVkRf:fhC44ue740uaEflGLY63l1Lyni
                                                                                                                                                                    MD5:28CC62D0529B2669DC90C4CAB8F44A6C
                                                                                                                                                                    SHA1:A742E33E1545C15CD23436018F571F4F6497CB0D
                                                                                                                                                                    SHA-256:70CE04B82EA87306D5EC3EFD740B1B45823107309DCED7E9811175DB56B373A9
                                                                                                                                                                    SHA-512:2CA991E18153E7CA576234FF1D7EC29E0712847855366683CE2C8BFB93FF791D246CBB487C51E8EC5E5F63736596222E160044C004725C581AFBC10C9C3029D2
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.K"q..W......j*..3^...~.{...^.m|....... `:.;...{...l.bX.N)P....t=.......u.O.UZF:.m....3[....TZ...L.M`.H..}F.../....>.:=...g...Q.n..W.....k..J'.].3DR.9..\.D...K"..Jk&......|.......|......kL.....g#.q.2...w*.....7...=.|..h.m.2w.9.W....e.R....?..R.L....C.(..`D..tD.s..z.Dn..J.OM.@ih..+..s%E......s}.\!.pz..F.h]".....+.....wr&.....v...z.,5H.f.....[-}.............(/ro....."w....Y..Z..........z..1.......n.6(g....._d...zb..4-..*.{.bg......D;.X.KB.l...U.b#.8.....t..V..`.E#......F+...4..#....=....c.../...+2...d...H../..4.E1^.Z{......V.x..W..1c9l.T.AD....F...?je........f....d...&Q.pE..2.tE..9b. ..HS..].....fh9e......s.5..Eu3...gL.]....~....~....._V..wZ6.C.%..}A.qX.tSac......x......m....a..&..?.....V$......"6...f#.....T..T.....2..2.h !.^...!.z.$./|Dw...d%p...5............%l....9.)Q.v........XB..\Y..]./..:".;G3.d.H5>..r.y,s.g.c.]._..MO.....[Z....&.{..R3.N.v.fg.i...I>~....E.........|8.(..6.....ff/....u.l..r..O.`...........T.%(Ga.0.z.0...}...y.G..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.852181059293891
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:nbiz+TeSMhL+JSSdWHvycgXCmdKKoE931dzi1wQCA6D3CUbPkRf:nbdeSILUdAvTwZ93PQ3gjCI8
                                                                                                                                                                    MD5:43E4429FE5CC0BD9F72B763456EF964E
                                                                                                                                                                    SHA1:89D3564542FB793128E5C92163C3939B5FFFE459
                                                                                                                                                                    SHA-256:05FBFF6A9E331AE0B3174C8C3518F28AA45F8BA28C0FC216BFCF780C317328C7
                                                                                                                                                                    SHA-512:7E96A2849D1CE86853E23702C6487D1EBDC0D2C3EFE3BA3A724F08EE1F7E881B9F03F4354AC5FEABD2B953C92B6AA9B5203F44F592731DE2788FB7C8CA546003
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:[^x..%......WF.y..*T...{...=e.A....{.X.(..h.*..J9%.."H.....3q...MM...g"..9.h...p:/.z..E..J,A............4.o......!e.Bh...!..Y...G.c..i.....5...E..R..8.5c...THsB.?.Zk...k.6.....=..T.lJ........)^y-.}...I..+'.pU...f3q.[...k.kJ...0..g..h.R.~.=.K4..8......s...YD.x#......w{S......._..4...a..-gyU..7Q.'......d.5HX...G.=..m%y.O..J..5..&5..i.5>.|.{.".h.k1i.N...i.l'Csa....E...5.....{.L.....'......q.....y.:........l)...FD.2s...Y...;_3J_........!;..2.D(..Rr..#@[..).o.J.....9.....d<.I..[.#+aB..$.........qA.{......rS~...d...|.@(.(.n..{..u.y.[...\.D....!... ../..I..J..[;n."J.9...,...F....}....|9'.m.........y.&..G..av#8....1V.....p..N.SG..NU...R..N.l......}...XT....v.v..x.p.P."3..;..h..._`r4<#v....."l.e.D1D..l(.T.......>......fV..q...W-;.M...,......E.i.4.^......>L3vs0..F.:x.?......]......'.E_<).3T..s..;. ..;...CCf..y...3...?G3d..:.....Mx.$.i6.z.........a.w2}....)FO!.2...X.......<...{..i."c}..V..p.j.\e..B...[.<....|....{E........dc...+..Z.K.....y..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.832931806923739
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:IUvWRiri4UKSEWIoF/uLckql4ThwGIeAtRKMwBZdWSxPBG7kRf:dWQUKh9oF/uokC8RPt
                                                                                                                                                                    MD5:0EE7183A23795C707DCA3065C5EFE383
                                                                                                                                                                    SHA1:0F544FCFDF48C27F79C6E9C23F9CF5D8FDC1B6C2
                                                                                                                                                                    SHA-256:D3B037DE35F2EF778E9DF266E989955EA8AF1874091998E11542A170EE841B66
                                                                                                                                                                    SHA-512:42A4986D548285CC0C20F577CECBEC4B718701A1645571D630D88B635D4481C89247EB1D5DEF747DE61C0F26FD36C95D8E33DC8A79EA565D4BEDF20742BDBDA3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...YX.OA-xm..w.....4...2...iu^."...\.h>z..6...1lq(..r.,.tM.}!...Q.W.MN.e...q..p.......z.n.E#g.........^s..u.....u3......K._..6.^2..g.\.G..r}.."......SU...j0.^R.k.$>..~..".<...T..a(.:.....a!.....A....6.eA..8.:/.w.b...Ceq...;..^%..'.&co.-EBp..f..\8....7.~.!u.=.e.....m.I.P....d...:.di.Xv...h..h..B..7.-.....>..Q+u..B...D..TA...a.!.Ew..xR......3.-.['.R...p.......*$"....Az9r.f..@|.6.0_2b.}UO)$.....J-#b(F..?...a.!5H.L..$.M>.N.&t..Y.5.V.>.....@-c.Ew....1.3i.7..].....J...3.X...\...1..%H...h.r.......p.....7">H..q...!l....d+.9...F[$S...Y..z7..!QMY.pq.}........YG..5b.....I.1..u..#...c.I.8....40..k.._A{}.m.......rJ......l.<..~...`.%q..rl}.? ./-..y_..0 RaF2.d.r....mn...&`b.A.Np...D...n.;...;..x.\..pC..L.e..?.u."M..|..{t5..K..r.m...u(."..r....,..&.....}..x......c3.m%..2..S..h.%...5&..:..Q..T..X.2x.MY.{H}y@.......\.....o..."8Soh.SH..3.+V.U"...5....t...a....u..%c../...c.7.DS.:...S.&.~^........0. J....m-.]72.F.hU...7K'......p.L.Z..,1..o'.5wK.e<.>..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:DOS executable (COM)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.806122283065023
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:VYC4o9J/YpnYOzb7VEIt0LYznaT+4l9IurBQ5cWAhFA7gEo2fDeBnlVOkRf:mC4ChIzfL6Y+bcurBycWAhFAyBnlVZ
                                                                                                                                                                    MD5:DC909FA242E9C3EA0A06B29CE2F8EAE8
                                                                                                                                                                    SHA1:6529C698618C4EB9FC251F055EBB442968F874F0
                                                                                                                                                                    SHA-256:70B5529DD2E9FFAC1BFF6EA34DE48FA7152EFE4EECE1A3A0CB817DCD1BB44A1C
                                                                                                                                                                    SHA-512:EB624086F210952F7AF63BB929D832868871367CFA7A42BD71ED022DF7F4AB556D153B002123B3E837135A5DD32CAE42242CA5677E00CAEB72CAAE747DE6F250
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.(.a.....U.....4..3..6.q....!;t..ML..e.e......J./..A.%uPDi.....^m....?..^..A'0..b`:...`...VC@.....R%.B]Kt/..h.G..'.......g..D...0.N....!]..*%W.V..X@b..j.g.2H....Z}....'(GZ.p..m...F1.!.2......p.{..*....y.`......w...B.mu......:d..{.#~|.I..?.ZR.L.sB......`....'....Ty.(..*xt..\^Q{....R....].2:e.>.i...mN..V..5.qte..:.....eN..I..u.....A.a.B...[O.])gD..(4...."..x...3....,<.A*Y.bZ.AF.....ae.j.0@..u,...O.>...t.Bb.>x..E...j..~...`....>...X..E...=..D$..C]..&\.3.n?T..E.....8._.|yp+....8M{....F..'...`.t.Jc.l.L.jy.^......`..(......yM...n.b5.h.( .u.....@.[..g..ch.N)._d^q...!=.......u.'U_....jQ..K.a.KB.h.........c........_.SY..Cs/7b...<.w9.I..."'......)..g..2!.oi...D.$n...)l.!.=E.&......}...3..._......I.J.D}..o...d.k....*Nu.e.G../%^...'n F...~...[.....L...M.4.+....7..D......:.g.=..G..].....F.p..\Yh\./\.2]... .... ...K..\..YF..7Inn.e#.:'7..d.... .]U....;G.B...C..y....Vsh.L.S.E^.........W./q...R.W.Hn.9...w{.5.....d.."#..a.].-.H.;Q..n1Q..{.%N.Mr.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.826800317121633
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:zY3AU+7cz0tEwSWI+F+jPJAKNWYsjH6/4KUS/bmn7oK7kRf:Ms7ZWwBI+UPJAPJagboX
                                                                                                                                                                    MD5:DCB2E048E675725F7FA32E86865108FF
                                                                                                                                                                    SHA1:36D229D61E13490F9918997A351D8109A132F839
                                                                                                                                                                    SHA-256:F8892C672D00FFF86B753EB6DED1E5114A640B37244EBF031461B414E1DB9004
                                                                                                                                                                    SHA-512:75B67E0F643EABAA1F529C32907738B9797B2B9844FC16A0504920630ACFD3A4A06B9E3105A5916B1A0D52424A04151E05F8ED139893A51A1F2445050A6FE528
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:K..j..y..p...cbr8E.rmo+..w/x.H.^.p.<@.r.e../{%..|..UZ..y.."....Y"U....I.].Z....*........p...2.?i{.q.....u.........X)...e(.V......Kx2.......,.........J'.n...7..d.....9s.P....L..|.I..$=i.rzY.cO...{.:R.v.$..'..U>..T..1...kr.....!.KL.P%.X(T....I.=..2.y.....1Y~..j..f...4..'C?.7.j.....Q....T...7Q.I|.OT.v..x&...Y....`..p..>.LK~.C?..o...O"... ..-".X/G........'^4x.8}8........|.......m.q.0..c2]..Q.T(...p...R.hR..._....?.',t.R..QK=y..V..'..`.3..}.O.......x./....*a..gy36.._..M.S...z.....d....#.n..v.w.&..#.a.:...Y. |....(...R..yD..p....9./bN..*z..%....x..5*._w=..y....E.ob..........b..~M.......y.M.Q.._3Q./.'$.Yk.A....O..b............uY\`...l.|zY.6.P..'.a.s..<....EQ....y..o.zZ........o...c.<E.6.....5...$..>.S...s.[...%y..._..$5;..[.F....k^Ro......&...AT.[s...^...rt....s..[..0............;.'...o.....pcq....je.V.1.R...k.....j.1.8...Cq..0..GS.Mk.Q.[./..Y...\..._5\..%.o{u......C.c.o(^....A.85.'9j.@-xh..c4e....8"(Sf..?4Yu.........M..n{..xK.o..+i.I..:..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.83641736269785
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:YEunzGPTFzwgEk0AI+0rZLLk71atahluW1Go2tURR2jRuHJ2OLx4+K6djRMvbQTY:HSzG7FsgE26+71aSN2uE0PLx4+KwjObb
                                                                                                                                                                    MD5:5D5D569C0F02EFE725444149E2AAD4BF
                                                                                                                                                                    SHA1:6113F6385BCFF97AB36B8446A6A010D4918BB18F
                                                                                                                                                                    SHA-256:2500FFEB0DDCFFE0B13FB20EB8C7FB36A77E419E3F12F540923DD9B846D9E58F
                                                                                                                                                                    SHA-512:AF7A48C5960E6F7726B22514D616029126D102205EE742A927CCC9286B6F650D0644F05C0D4AE1E663CF2B9F135AE6109CD5D3F7340749392571A814BC96E295
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:1J9..]>.z..z+....~..[.....P....93..CfB...y..>....E!..-YR.G.....\!K...O.%q..w.x.L.$..;...I*.yp...wY;G....)2...v$.'ioH.!Zt...:Y...,...J...L.......^b7........%.=/R ..|...T>@..~|..d..A.+..)...1.......w. 1.~t+..&.#......=.>..;TK...70..au.}......=.n5.........~..B.A1No......$...l'~..D..........f.(....P..It`..vUX{ .R.4.5..m.0..[...b..U...$M...P.d..3.'.C(2..u..;\y6..}.J.)Z7(.?K.6....?.g...........l7.....[0#.Y/.`...g..N.k....oW..e.Z..Q.P.../...%N....If].....s..?..F'..+.a8.#u..]...y...|Z....G.Os...../..P&.*=km..c$.........|.3^....r^.wcPk....j..-..B\.....SxXt.O_.........)...[-.Y...4h.o...._@.".ws.Q...T.G.f........^v.)...].g.:+..$D.....S..".J......#..>eL/..E..B...PD.........V`....c.......lS.F.C.u@.v.d.)..n..82.mj..B.=/7.R....... .O.u...V)R.Q.}.~'./L.....7Q..KBDXV.)..snt.i.....`J^Y.O.6.....8...O.l.....R.T..; ..~..7nQN..rq}.cA..f.....0Z...Cq...v..7.=...bp..9..._2...E.t..@..2....g.....J......aV*..C:.-.'}.t+....l.....|....`Dr...........q.R.1.R.\O..>..C......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.84623261930484
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:R9CGVPWFRb4M3oG7x3a8gdZZsTkGQZgehpkgUjHM5frw4JRlkRf:GGxqRb423x3tYZgCkgus5k43y
                                                                                                                                                                    MD5:8622F2E5ADC01F0244B7849EA18BF3BD
                                                                                                                                                                    SHA1:818C4F1A18A063A51915BABA4C8646E8E21B435B
                                                                                                                                                                    SHA-256:2380D508DDB6095D937EF963ACE6D9BDB0B885B3C5E3C857846EAE2C5BEBE5EE
                                                                                                                                                                    SHA-512:82DD749AC9D22915117BE142DB67EA6A65C93CA57E00EDC69268156FC80B04DED4BFDE3AA97F05AC092346137DE7262D32AD64E7AFA4589B5DF21F95E3298608
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..9F.;Z.BT.....C.d..p._........J<js.^-..........Ub.E..,..i..t..~..4...#P.2....\oN0...u.B6.P.A.Km.Iv........D.=...{.......5............0..`..M8...M^..x'.n..~.....;..4. .Qk........;i.....4......-}.......3.1.p.D.+.7,8.y.'..#..<ME;..(...~=..I.e.........?.l:.R.z.......U&vr..(..[.D.P...........u.`v...Ot.@ghPz.d.}d...#.....0?...O...]U.\...C/g...<.+G....'9&.4...B......n`r..M..%.YC.Y...Y.#..b.u4.Z..".f.....[.#.+J=......z...=u........9K.P;;'.>.j.;EO.......a...`.2..^.....:..H.....s.a.a..T.=1..D..Jv.y.7.[t...r....).]..Gc`.U0...';..X....S..!.. \...A.6G.p....-..s.B-...e...xT..*,t........1.....E..).`=U\..z\>T.F..c{......P\u.&#9.S>.yrK.....o....zYi.RQ..E}.%.9T...G.........&E\...`....5f.*G...dWE(..D*#j..xQ.. ...qL.....c.s_.S.:p.....A...PP?...8..9..h...#..@.....,Z...;Yn..4x.w.=.)th....!..]...........C_......s..f..?}..b..?.. ...g.o,.w.-....x.?qg~.......O.#}...|U.PP.G.....5o...........k.w.*\.I_..O..+yNvy.H.....R>.w.p...Uz.$Q....7...4..[.........Q....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.8318342583375955
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:l+7eak3fSvJsni8xvEM/k7AvErsNZ6nApM0NYAMIX5gpP4hk7VyykRf:l+7lSSvJKXNuAjsaMWpgcWu
                                                                                                                                                                    MD5:F84806FC5D4F089BB7AD5D105A959FFD
                                                                                                                                                                    SHA1:52A32E77F00DEE59960E69F4DEAC026A108563DD
                                                                                                                                                                    SHA-256:237F5DE67C6607352771676742BC6971723784280D5118C4CCEC4FDE87914ABB
                                                                                                                                                                    SHA-512:33337C3B53BE0EE85D9FE7E120AFF680DFA7957947033D844C286D8CF2B0D5DF4C3758D69FBA2560E9C192059DAAA3E5DB1FB51E9F7B134673068DB44ECA4F83
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..!....c~.B.........*T(..........e!f..3.@.k;>....BQ.....Z.O+^.......R] F..".f...Z.%...89b.ST.QY.F.'...~...d2..D.Ew.Z....r7.....(...|....A...]>oY....IeR.......-+....:wqx..V+.c.._\..-....t.....^..H..m./aDC.j...G.@q.....R..P..p...a.8G-..I..,${.-}Q).n..B-.c. .C/.#..O..z.R..a...y..{....c.[......m.Krd......3...cz?..7....}v.....F.."D..B.....-.bC...*.......!..s..P<".....&.W...XC..|.mO......].../..65L,..h.Nqt....Z.a...KzMU...|V....K.."j....-...%.8...B:>.]..ZZM.1.Gyh ..9.T./.l..6..}|._.}.3'3....=.D.o....o...B...T.y_...h>..+r..`..^C..8...dS.Dtx`....F..K.O.`y....-.yY..;.^.....;]Dc.-6d[...CE...A.&l.Jm9r.M....F...Q.9..zl..C...8. .2.#N.N..6.q...'N...E..........g.O.5.O...k"."......X.^..}aF.K..E/.[..B..q...T...Ir.Aj#Z......]J.....Z)?3..'.u..<.1.s.........J{.q6.=...C..7z.\1j..2.v../c+...M+.....#}."...(S\...Q$..Z..w.....i........[...../.w..G...3...'. ....a3..nm/....5...t.qI....u".r7_6mQ@.....Dbz...9.[...Y=.......a..|._.....vu..p...J...x.|.;..b......T.*
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.839626789303985
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:8Bvf3VlTvQl3N33AFESZivkS4ZgCRlL6WyWgAu92p8g4VkRf:WHVaFQ6SZoSglWy5i
                                                                                                                                                                    MD5:C41FFDFB7BB05F041B4CED35CA3EF9FA
                                                                                                                                                                    SHA1:B59696BAC9E0E2A691589E7C85709C82DC88AA0C
                                                                                                                                                                    SHA-256:4FE481275ECAEC33983747F0541EF1414242BD2F6C8BB10149E0ACF67F55EFFB
                                                                                                                                                                    SHA-512:D35EF8C8D8200B68CA6564EC57EFFE8DC22C397FBF27B0BCCC7BEBF0B5328A682B56817738400D36C5C5A5A807A30983C4D588FD6E038C959E866A44240AB044
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:y(...I.68.,.$.wv...u._)WV .j.o....s...u.V...p...?.... ..0ttX......'...8..........:..w/,/U.S5.......N.J..~{MHY.N.IS....Y.xQ..5.."r....d..../M..c....;.-.U..o*.Z...4b./.q.nPH...5M;.=..N..1...]Y..a....@..b.Z..%...m..M%..Q.P. .:.i]q........*.k`b=........xq.../.fe..+..?G+x.>i..Q&.`.`0..Kx4%.`.....(.2U@[.E...:..,...C....W....x..:X..[k......]ZU......Y.I.1.%..d....Z..*]b.n.\.0^..t.F..IV..68...1..cl....M.........?..|m........T...3.`.i.?.#7^.R5U...U.a.....Ue&$.......-.....lk...zU...K..,.=..v...E.Zo.......NO...O.}.Ll.H%I..|..N:.y[.bV..e.=.m......53...T.1.~"Q.....o.....*2C.&x..8.N.(0-....L.4*..!i.'.L.h.>.3.`.H..`....R..K...@.hp....=6...}.$.h....#..r..>.R[....?.Lg...avGeED...j.6V..E;`..`8.aW....9.h|......m..fQ..../.i`..fe...E.N$p2.B...|/......#v..T....#..+,..n9g.....N....$.}....Z....Q5........C.....[.........89.../Hc.K.:..z....c..SA.+..j..1..>B.!.Ur...T>E."...D..5.:K.U...v.C8.(....NM...i......MG.CU[........X.w....#...}.F. .s........:@..._.".N
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.838807120866417
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:+PNk9iz4z0B2Sjj3SN5HserxsxyWzLhx31UI1vaAxxHVKMA/PxxOEX8J2FllZZk1:+PO9fYB2wz2uer8xfhxz1CeARxOE22FY
                                                                                                                                                                    MD5:4CBC6D67945D246CF13B85BB75700542
                                                                                                                                                                    SHA1:C63EC4DF3A8F1DE7817044F5719309AABC7FE289
                                                                                                                                                                    SHA-256:D0087A3CD0D54F86B6447C96D4F86DB6FFFAD6F2DE80AD829FA8CBADEA15AB0D
                                                                                                                                                                    SHA-512:73899870262BF4A0FE5D1C0B8F6B3A0B513AD0A0C8F3692595D58B8BDDD1A4991243FEE729DD9A5664085F682A018949894CAED97777C66068983BE3B43FB725
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.._..t......K..f.u.....z.h....]......[.4.\..Z.^.]E......e'W.f.[....%......aC..C..;7..H&l.T...2.J.....L.m.6..o.......t.;..7f.f...k.z....S..XmM8D..oH. .......m......Q..@.f. ..L...I.G.K.r......B...#.P.*.#..4...$.!E.).#.....,.T.fS5..$....G...HfC....n......D.......1...4...@..r-._C....K..N`.E.^........;..J....v.^..........94.,R...$..v.}bC..C<..?..NXb0.#../..S...u.4...(.......X&!..;....C&j.....Jx.... D..m+.&.C!.Z.Z!.a.....h.....%.n....o.9+&%.......W..1z..w.....4[.e...8..m..B~g..Z.t..x.DEb.o..*...f..+%.L..W.U.L..u.`.. .......]5.N......j...R....ta....p.yq..>...I.Ml..G.DX.$0...,.C....wav......n.......a.~QG..Y.,...=....\...m`.F..2.DB..1...?.n...@....e..j...;.|../cp.e.}..hz....\3..K.^..x....c.l..SfPT..T....l.4.ABF.I...~.,.*5W.....+.K.8.R.......1#...7L..g!/.[....H....I.......4.[\..+X.5L...]....@&j..X..{|....%H...6....`..B..!...,WP...k..L...<.'..S=.DFy..p..2...:...koX...L..,.1..aO.d.{....X.. .o.~/1..Z2...s.N.s..v.^.7y.%IdL..........R/.5|70.........1...O
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.866657120673097
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GGcPYC/l+/yBH7z8GWJOGev7UwYiwBHOQ9H9jpwNwgIZaDX3nsyVgfD558prikRf:ogC/y2bz8GWJOG2cuQ9H9jIwgIOnszra
                                                                                                                                                                    MD5:045ED825E9A41B29877E78ED3AD75188
                                                                                                                                                                    SHA1:FF9DD56322309A8093C0935FB2B4E015322F8E28
                                                                                                                                                                    SHA-256:E6F7981D173A75ACE19D0EE120B421691E85543DC31AFDCF928DA2672EE7F875
                                                                                                                                                                    SHA-512:13509E001301F0242C72A9B0FE8E1F549B3E0A84C9A04DC40F18EC8B1851757A83E685223821A70E006DDE62416BCCD8E9A75F04639C062896A39CF71D8EBD9D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:x..(.kBB..t..b.V..b.{..........E...N)g;.......,{....P....r...5>n?.Q.....=.y....]!K.].....=..W..*...s..hC..S.H....G.)i..k.>}.....E.......d'..%....~..a.v....vt.........^.x..5F..%....%.'u~...._.|../C.b,f...zW.._.M-o\$.H....c.!..1UP.m=!<..W..f.n.......0T. B..M._......p..^.....Y.C..*Y........PF+a..=..i!L...."}.s.R.#..3."..&^......:...'....y.N.as...Wo.L.@0..@......n.5..\..s...W.....F/f.._lht.....XT..q....i....*..S.e....VlF7.}P.=.K.......0...........B.s._..#..Pv..h.tSB....T.~....P.0).E.!.>.(.A7...I..."h...o..~y4B.w....5....`.....@.M...0.T.{ ...u.v.Gv.HBH..d.M{x2.IvR.:.+c..Mn.k..........F.4.........J...q+.N(d.8f..)....\...5EH..Z[W........Y...N).E+.......).>6...~f...!v;.gJ......XQ.d.....,..8b....9.pZ"a...8.F.B.A^..0.V..w..+f%<t...Q.:.CbY..Ig.D-.......t......,.~[....e...)..7...y..H.....U.....y.o.,8...iS..-z..|.I....$.SE........FK....U1DR4]...............{Z..5s.`.e........C....||..L.I.q..0u..<1.[R...e.9(..g..$`.."..a,..I.S..Od...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.833109835251868
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:BHkRSiUKj4U1wOVT2kxG0gfnhDHPHk2b+hz4sD0EbDdpmVhP1LhC6tAkRf:BeTUKjd6kx6nxvE2C0sDd4PRA+
                                                                                                                                                                    MD5:6245E32AB2B0FAE2281B00B9EC907B5E
                                                                                                                                                                    SHA1:26D94F76BD245D4877850516EA85F3EC0F9DBD4E
                                                                                                                                                                    SHA-256:8F57A255BB1B6B0D7758944D694980B3E9D8ABAE8C65C0B1BF05991FEBB08751
                                                                                                                                                                    SHA-512:323A87D460BE77A018357C25D551C6F628CAE13C27A790A9DB0A35494DDBBB5ABCA6380853560E92E6B0920F5BDAA512E4BA36F81CA84EDD419D09DF79AC8D28
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.i".........a....;..zVLGL..&[...%R...f..9z(.y.Q...[..@*...P0..j...:.H.^..v..0B.fOVKKuR.$)..Q.)..XR....LGn.Y\.G}..Yz.JNH..8.-...F.....L.@..6.;....3J........T....t=..,...s...a....i...L.1...,}..`...W..".f.}...Y7...U+.l.0..BU.B......W.M.dF..w.Q5./..NO^}.rk.U.PN......@"&5O......).j....\.{R.....g^.`..(...c7.5v^. ..p...W...P..i..L.4..L.(...Kp&.J......V.....WPz...0..K...".j/34l....O...{...3..TS..}.9.4O..,B...r...AB`....d..^..........J...^&M"..}...P.%q.Z7P.oxK..J..r..S....m....9t/.}u....r......G..lxN.Cu...e.&.5..<8.:.x.g|^.>"@3v.]..-.iz@..Y..D.:M&C....b/.#....q).U....\7.@O.x..<.L".cCK.W_...Y..#.9..[.+`h..4......|9...{...E.vF.....D..>...*D=.....@.49...B .T.8..T.....C......IvR.../...:..D.j.d...(|..14UZ.Lt...tz..9#..c.,v!.KMf....;......N...8..p/U./+....5......%fx...e.%.._.>.u$..?.1cG{'.@aD.0.....i{..m.0..V....Y1...k.Z.Pq..B. O`...L..(b.U.o6.qVC.{.K..e.i..........t.q,.,.k...V.....#X...pX...o.A...f`-.2..q.../b,...l..i`6...[~>.k.*.......6......_)Ql.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.835522870827269
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:p8WcYkTl2sJkCkEV8ShXjbuWFZICym5Zt0O1kKINpkk1odlFDkRf:EYkIsGCkE1hTbaCySSdKIokadTg
                                                                                                                                                                    MD5:ADBFD75ACDBAD01E08E650EF79F28083
                                                                                                                                                                    SHA1:7AF0C3CC022D118AB3413E248BBCB734359F8779
                                                                                                                                                                    SHA-256:179A7272E17EDF8BED733183F5AC3DA7740905C8345CD57F9B0DCFFAFADF5E4C
                                                                                                                                                                    SHA-512:4CA97B1185B3320CBA3C480C32EED36563AE92A745E443E7B3E4E6E3372A23E047CC26F36F5DB4C45C0483686AC7C9AFA25BB60AD8B2EF2FA6B126DD8AB0AC12
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....db..|..M.38&SP.....O.;W..)....g7.....q.xc...1.}...(<=..N\..mY[..........P*u.....~...s@.IP.....\...A.8...*<.G*......].+.Gl....p..W..#..G..>.K.S.}......u7..0.5...h.Q.).o.......%k.xk@.O1...!..Ge...%.\q.u...k.....- }...x.....l....NNz..PO.2N.C;5.h.....I}c.z....+f.m...M.D..."..8.}8....T.g.\.'..C..S...V....ji.X.....*8fk6BUh^t.j.w.D+....;.)N...y..qs......S.|(./.r.uj+.34.'..aq..U..N..i.!....m.....[..R.%.....R4.z..JX.:K;.._U.nR...r.N.R...r.5fX...B. .R.'~...Mn......1..^..c.jN=...8.B....B-...=.Do:....f.............>z.G...{.........*!J.....,.....H......l.F.9?w.....Xc....o!.oQ...N..W.yi_.7.$......S...3.Z.A../..'...DV....m.,%;S....JW........p.... B@=;.i....u.^OY.i/e..y..u..9.....>q@..G/x.O6...|.q3.......k......qL.I4..=.......aSSg.$dSTB^0.3..~..`.....d..$.J3e..^.._..thX.2..;..8pS. R.....D.u...A.]....iB.S.......M.I.? ~..L..u..m....~..w)dk.r.w.?S..m>f.A..RZ...x.smu....n1._1_..e..zg..;t~_&....b".5.F%)Hb..h.EM.......,T.:;........O.Onr.a!....<....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.84368242521219
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:+45axC4tCcuH4neJYdQRbmTmltq/7OlwbzdF+JEHE2OMykIS5LkRf:vaZtJeJYdQRbmD/pdFNHz3Zo
                                                                                                                                                                    MD5:CE5E5403B1DF69A2FCB616349E0076F7
                                                                                                                                                                    SHA1:846BCE48922D91E735A0F186BA40919B01618AD9
                                                                                                                                                                    SHA-256:60DD555A1E8D8883003AE6B44CB61C9AABC66314FEA4213F558E973A6DC0656B
                                                                                                                                                                    SHA-512:CDEF0823D47D3DE90F187D1157269278BF8F651B3740DCC1CF3249EEA0EB4400C2D9770C533D84815BEB9AE4377F0A06CF7F68E36C227894237EAD9BFF7C564F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:r..{.&........o..;.............;.W....o..]op}....."......r.[v}....?.....5...*........D.#.............jd9V,..p)K.".+.!v.#B...<<....3).....nJ.y.?.5..W..p=.."Mxkx.q.."...A..S'.KQ.+A..Q......k.e. ....AT.....(.*9...A]..X...x...5..=R...'6..Z.......2'/.\.g!...j..sf...K....7/-..%.GM..+.U....-^.+..V.........8)*W....:...p.."m...VP...V.F-...>....B.W...a..8W-...8..8....L=".q.:.k{......T_..Tm1fj....&@..k...$M....W2..0)..4Ee..17.HkZ*.i...)I1~kK.>d.C.o......v]C.>.L'j.M...)... +H6.:[.....'b./?...SX......bB.?.}...@...D..1..]PF....Y3...oT^..]..1.z.........\..-......g<JG..m.%?....=...c...7.....1"_ 1.#..O...V..........`|..F/$...*...t....' ...j..F...<m.....:>.4..w+.=aQ..*'..8m.1J..",............l.....q..o~I...k...v.p..r..h~...2. .$.V.wd..?.....H1"4...{.L....M *.Ds. .1G.Z.!.h.D......&.:. ...Jx/xt.Z.....N...K..Pi\K.B..2..jz....h....9..(.M.a..+...{8...5.jD.il(..Xq..i.1E.;...U.9.C..N*K.@..U...q....]6..e.[.5.3..AK.^x.wu..s....@...m8...s...*?<.......%?".
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.813637922666338
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:MLs97/3ePE9QY4q4NS0MhhxfioNH8TU2wRIFdyS1JtJnCPYjxKOnOkRf:d9ze+QlqMS55NUU2wRIF4u7nCPYdvZ
                                                                                                                                                                    MD5:1E3EDCDF20E60E01624907FB37FB5181
                                                                                                                                                                    SHA1:AE2D84EFCF5F7BC0C836AC65FDB49BAFE1F2986B
                                                                                                                                                                    SHA-256:FC36BBBDB0D8665B3C67125AF4D51488EE8DA64D2D27A858496327DD0CBE8D39
                                                                                                                                                                    SHA-512:0AD51D7A4CD4CA12D9E53EA20B0BE89497E7D0F4581F2C06B2F6521B5ED783FF65F6B9B6606741656C2AE0C44410E31C4E8F8C981FC94F04FEB262D62669EF8C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....<swt94.7..2..R.t.e.(_..M.....<.(j(..1U{../...6.SNYR..._.B0y0.X9.<.T.A.N)..7L....W>.M......B..})...W...0..{,.... ....`W...-..C.fU..6.+..3....Ygl....{....3).q..$..c.)...U[U.o..Yj...6.ga.i.e.........2!?.E..To.B.Q.....Hn...d.T.(....'.....0....;....).MQ.~R[...:z.E.Gg.<j.....!...K..W.....Bd).K.F..O>H..4.j;.N9...Y).Y.o5.....vj...;.....~..Oa(.A.'...a..U...?....zq...Z.K 4..Q.v.R.$....p.5..y]=./.w...|...1S.]..V.........Cr...x...c.....[2..Q&..u,V;2.I.a0.K...Pw.n.q@x....zyG.....s....?...Z..]/...W.5'....t.q.3.zd(...p..w....._...5:HM...6h....&Gh..].\.p..0..(..y.S...R.xt...B...31.@...(Z..h.|g...o....L0..R.3...#x....v...,.r.W.....X..p......Z....E.^...*........Y..v.M. .\S8.\B.2...6r.lz....6x+...j.~.Hp0...O.q.....d..u.<` qJ..z...)b...7.(....t...B.Y.e.....u.............P..6.I...o..#.....b....y..J..\..... .zH.D..#E..!X..K.....>..}a......:{.OU...3.i.``..._E...So..*.z&....C..*F.../.......C.?....|...d.y....?#.E ...*...{.JVlq..V...o..DSLpT?$....Bv...J...H.;Nz).\...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.841295271303159
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:GkKcJHpRZmnCo3LBX9TQuptm9LlzadCdawhXG1yGHpfytkRf:ucVpRZmnCkBZQNVlzW14IBHpfya
                                                                                                                                                                    MD5:95C31F4B68F9D981D746452368CAAAE8
                                                                                                                                                                    SHA1:E89FE53A52BF0B99CC6DD27B32FC99447B00C1FC
                                                                                                                                                                    SHA-256:520D5DE24B1CBE4352703AE0E5C90D7F17252A30CB406FABD4AB40B04BFD2C99
                                                                                                                                                                    SHA-512:385804BCD1F0E8FEEE6C6B82D62001ECDCD8961C58EC739943CD1B7323ECA850AAB248C0E96C1B9ED3D286F69DBB42FEC77802E5850FF24EB318323233558254
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:{).h....I.w..z%$m...[.hGJ..0.........M.j......3-.;I..p;.e..z........o........\.m..R...IK..b.wI}e=".@...H...S......9....#........t.9..l.*.U..v..l.U4O}!u....N.NI..x......k.f;{bI.[;.....FM.aP.K..-.R..o."Qm}F%..~......5..3.d....w.i..\..T.......tL)..$w#T..&....`.(@..3=}.).bT.b._T.G|J..Q..b.P........mv^...g..1...<C..T...N..3.....YS.H.=.z6g........d..q........r.[........V....WK..5..)Ztrk$./zvq.2.Mkn/.......CbI..0F..C".8.5.v.p.0...#jQ..o...'...k.e30AD.S6.....'.2>i.E.W..*..^..|z.8.,Gm.!...{..r..b'...`.@..X.GJ.._.2...pHaz.FvQH.&...4O...'.5.(.w.Wt`y..>2.j].K..D.......O.T..3.i.r.6h....O..r........?..o]..u.....:...sD_-..h...`~......e.9...g+bL.`.nJ...>..H.l./>.:.: oqau..1L....".:....z..\.4%.........@..X....L&..hv.x...,)"i.V....k.:u....h6.#....h........]../.....~.w..........8}.z=.....v..~/F.+..4.$L....s...I.. =.6 .N..e...8f...lz.A.8..B.k0.v. g=.q..F&_]#.~?...+..4.cW.ryn.. .PV..+2..A):.('i.c.....(U......W;..Qn.....B..a.1.)G.2...z...n#[x.0:.q#.C.n8..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1275
                                                                                                                                                                    Entropy (8bit):7.84328085990498
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:57DEq/JqDs89orfdG/C6p/9/ZvupEfWfrYqXUe9iX5kRf:5XBhqt/9rf9qEe9iG
                                                                                                                                                                    MD5:ADC711FDA5FBF94A5114CB8629958E64
                                                                                                                                                                    SHA1:43C30EFB36BCEEA281CE9FC74F2BB1EC8B5664D5
                                                                                                                                                                    SHA-256:B6CD5D0991FFB23B77EE6D5CB7F8DF15125F7F70C468559BA3D5615F9BD0B06D
                                                                                                                                                                    SHA-512:359D9DB9E3506FB346A0BEAE5D7B754EB6304CDD65ABD200D691A0DF843725BE97C4E2C0D1EE237533D0252B3F32086F0B5CA0B9E543158D3E9267FF0D506D05
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:s_y..b;7.I..m..#..:].$\m.g...=."..;.....9"5.}....E.H./..`7.f.>.T..3....uV........|4Y.t.3....).....=...c......ms...s.n.A.......]b-..1g.E.3...Zr?.C.D..H...K...%t&.X7y+C...p...V..!9E..].).5U..Y.._).F_.r.......n...8.~.*,.|.)...`..... h.9....~S.I..pQ!..#R..s^..[..t..+..Q....4..7.DS..D.KF..G .P..V.j....m....ii...'.p3X..P..y.[n..Fi.@4'y.PC.K...........w.P..q..j.e.......9...V3...u..X@..a..r.%...r.\.6..l...m...K..C.D..''..G.......f.sX..Z*...1O..Ue.W.5...+yb.X...G.!'B.KP4..&.X-.I!^...L..l..p...f.....V."..&..cY..T.....-..-<.+..]'.a......!.|E...[..44..?F.K.|...D..:.L..P..O.....+b4..Q.....|+.95..f......i.<4...]..&.w...w...O.[w.....a.R..T.Yl...2S.m..Y..XfQ......C....F..H;._.c..SW.;.D5>.............Ud.....z%;......a.........P.L...Ww/..)S&..0..c:..E...U..|..8{...7.~tr.C..{.W^.H#.G.v....>...dR........S.....?.+%...o.SCy%..8$/..k>L.R5E=..&.Q\...q.GU+.Q|Y%.p.l.!..o...kd...;C.g...q...~..E...M.....j..I.n...i.;...(.......oJ...WH...X.R...2)..-..1\Q.$Q...S..3..+.[..|.K".=
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1273
                                                                                                                                                                    Entropy (8bit):7.859415254326701
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:P7e1m914YMqU5IzDRJdBKDIqCjdVFNZQDSedMTYeIJ5p4KxKkRf:PNv4YiIzDRJACZUd5qe
                                                                                                                                                                    MD5:484768E2D3EB7B9298DFA7F0CFF95E9E
                                                                                                                                                                    SHA1:80F67754F2595F67984B96158324C37596906C01
                                                                                                                                                                    SHA-256:DFB6ACC130D6C6AD73F43CFF647B931E694C689F5CE0F0335FCFD0CD40219D19
                                                                                                                                                                    SHA-512:AB495EF90BD20DB3D82DDA1265692E80AE55F5FE36D4848B1E241E784FD8DD6DA40479974E21ABF098A85BD439FD97157507137C1780BDD9318DF09A25A1E2E6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.....A.?P.X....;.....T._....S..m..auVK..$,..U..a.)...V...E..m.;Y.....<.5.S.y....HR.$.#....nl.U|....9.\.c......zz. ..j.Q.\..{..o?.2.+...".9..1o.Og..j'...F...A..-N[.k.v........7.....,C.iP......;...Fy.Q...o......W...h.6z0d.o...K=eb.S..lF...L........D`C._.y...9.93.*rl...v..V|B.$.>.c..$.e.M.xL..T....m..!.......\_.!.r=..1.XT.....).O..a..........y....,.@).7Jc.r.F.8....%J......C9.>_.f.....E..1...g....H...+...l.-_..05$.8,(..&.,.d.....H.].URo.\..Ib..[h6(.v..r.{d.A.W.M^.D....D.........39q....o...p.."....`..p.I...V....{.E.7Z..(U.......hq.Z"+..2_..6..N......"a..{.B.QH..&@.nM...VLP..../.).....1.u.a.....2.. ..L.lT...A;..\...FG..TW.I...}{..y.G....?..e.F~.4MH.x"R...q_.t.O.......S;....y........^)....?..../.&.V.*...lm[.._..;.+.g.lt...d.[.......G.:.....Q6......8.4.:.^U0..c...L........y_....1T2..{u0N"...Nz...B'......U...G.....I.t..0.c.W.....1#.c...%.&....L.........b+........R....H.....Z.7....^....- ...>7..|.!.)P...5....[..&w.U.l.O..uG....s...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.848887962777633
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:VEk39NZNaKKOG3E5IaQ/e0TN9w8CdunRNcnDuYzkRf:VbtNZEJOgE5IaQ/9BWREWntQ
                                                                                                                                                                    MD5:BFE0C4642445E7B123CF50546A485837
                                                                                                                                                                    SHA1:15DBFB24B1F3F828E8913F8E12FFA08291A513A7
                                                                                                                                                                    SHA-256:BA5A3277855076687AB7E57B6BE06B1E860823E9BA2E46B1F70344175577931A
                                                                                                                                                                    SHA-512:8EE6702798938CB6AFF2788EBF47572B9244A319D99AAD479E404DEA529FB6E7FE8D5359D5C0BB4B8CCF8FD450C9409065F7E68B45E06D45D97920B31C070326
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...(..Y%."...(5:Y_..!(..Yr.....n...T...3..!....)....h].......v.p@2...s........>w&.....$.....k.zx1!...t.r.h..&.\.$7...4{..%s....sa...Z.!.@..h..-.:}..B.....&..r.'....N ..m".Rh.l}...=.|.Ys.... .j.9..h....^1...=...T.....p..$......j..g.l.%{..IM.OY|I....V.J.~....r...b#.].....j.<*.^...8.....2...La...V.e....YHY'....X..x.8.mM.....@..v'y..8M....(....?....C.....$-...........0d.:>c"~....Osd..;$[3h.MwC.2...<."..74.........Z.Rx.y.Q.e...~..o...q..L.}.K......d....N.{.....%nc.W.?\!...|.e;...4VP..o.y...N.o.9..._.]..{.q0hd........0ck'....W0=...|......3..UTm.W*.l.L.v".?L...2...f..hg..V6.....X..n...G...J.Lb.W{...XS.z..{...M./}.(0.:..u.s.u....V..j......S...y?..nG../....%..2>x<:.x*6...61. ..BV.....\.b........$."u..@.....Q..W.L..-.....B.B>K.Q.C............#..,H......D....e...Wc..{....y...bk#..U..>gb....tx..f.v=.......H....z..A..^U...z.3.vbv}.S.J...4pM...T3sthe..q.......a.R&1#.P..'............S.u..D- ..HUs...,...y..Oj..?....{.....}..5.b..v....pL...]..C..@...=..
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.812503130087354
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:zBM26rjvsjWZBc7MShDGZUZM6/vaFHQqUvFTtReGl1VUkmUjReIWrkRf:tMlsyZBgMSCU/v+HQqUvbRVrfQIWI
                                                                                                                                                                    MD5:DC403023F05ABCF363A44C273A30E046
                                                                                                                                                                    SHA1:D63208745142A8BDC6F3289A758E68CFB8973AB2
                                                                                                                                                                    SHA-256:4B91FE3190E5A3C2144C8335BDBCD04303B83C61E4C2041396F5C9B55B22F5D6
                                                                                                                                                                    SHA-512:AA2700ED0F46299FA6596B493BB17FBE7C8D06C99F5D12EABDA7FA7FE82D5B2B368B70DF33FE242096C4EEA60B5EA0CCC6191470A6F5B4F9B44AE8C1635F1E27
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:)..L..=..h...-.....b....y.vID 9.X............Sr.._./...tl.^`....^....]*.....V.S.%..3...i.t....f.1}2.^....~J.(;]..Z....4.^..b.....b's..Z.;.>i..h.X....oJ..~..uk.....-`.(......<.Z"V..??..`f...2.z+.. r0.*...b.G.......7S....w......!6.d...xi.3..v...hsW!.j.%.f.W....e=.|..~ ......g.x=..."..t...Kc.....4...Oc...v....I..M.jo....1}=.l..0.Z..Mm....2."'....`.,.SF..$...c.....yZ.L.9.q...V#../..F5..t.3 .g.,1..W......a9..@..)k..?.....gF+.+.?O........[..2...p.In.=..e..H.u.t..N.u7H).As..1...RX..!..I..>.?..L.g..)....-.]..5..(..D..C3.@.a.A.z?...5V.k...|..:......O).3.&.....n31.*..[...x.%...y@.P....A$.....T..3....aMi.1Uq....z.1s]..5!... .5...JJR....O+.......aqV..U0.F.f...:M.M.3...7!.\...*.....;;x..._C....x.........._.....fp'....o .o.."8li.......I..t.8.....q4A5...5.j...6..9.k)....*.[=/3.].U....S...d..W.....B.........G....Z../.;xw.g..k..c.LO.j..?.j.;.O..e.K...5j.5..>pI...|]i.<kD..e-.f........Ow....p..je..../.....g...... v.....IS....X./.v.K4,....O~.....
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1269
                                                                                                                                                                    Entropy (8bit):7.820319019736752
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:WzJNoi30oCWZRVJUeVAEYn0NhEByg++D3p0orJH0k8C8X9pAblqn/QUj7+cikRf:WzJN9koCoRVJUeVrDNWBLTGk49Kwmct
                                                                                                                                                                    MD5:074DCB759261A74C56BC44EC649FAC2A
                                                                                                                                                                    SHA1:CF826193FC1F99277EA89DBC991AAA100EA2F575
                                                                                                                                                                    SHA-256:2241FEB96FD977C207C526286A902B920C6F37E8115277A02171049220BDE292
                                                                                                                                                                    SHA-512:FFD42D0E8CF8C0748BA4104ED1CA47A117C3CD427AD536E3B267EA823AA6F286C64E98A240D3D1B9F0A14FC3634F3A0EF086A50D71BBDC5907442E1B2FEC2EF6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.?.~&D...k........."J......u...]...O.......c.j.t....v.!...+((.9..}.t....bC.]M.H.. x9.,...p).l..w"..La..,.H3.7z..5.;,.i5Vu...!...e@w.2.Oxak.>b.0......zy26d..[dGy....Z..(.....m.z!....`.P.w....2..>..?....h.&E../.E......k....g7..7....6...R..W......'G....*....Anq..ho..... .\0...B...2C...|X.3"r...C'R4....E.iBU.u.=h..v.;..............iP..'....C.L.......9...M C4UM~..zy...w.33=...W.cI.#.m3.1..?sm..}..._/...N4.$^..D.....@.HB..&..7..6.*.....<...sN.+...}..35s....*.{m..A?*.8..2@T+.).y..A..c/....y........(..,x...)?...[.49.)'.W.#.q!M.L...i..,}-.M..jyPYAG.(V$@|.KJ...N.9...In.H.By..*p..@.1...`..+..}A.........m..L...^)S....,V...h.A..Kx8..x..6.._..|ld!.C..B..8..4..<..k.Z.......=/.L..F..(E..~.7..}....OwV.J..u.;1....nF.j..n.c^.u.)..x..3Lf{..i.x.8....ye....^....d.N.../f.E...2.;.n....p#....c.....x..\^z.O.u%..j~........\.._.L.1Qn..'...-....c*..5.m.@.^6..._..F.Vt..j.....8.....$....y .O.."a..5M.f/.x...z...h..*.E..]y9.Y...~..D..XA.r/.X.\5.v...s......=....#t.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.84102118750448
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:l7z3O8LmlKyjljH/gMF1KdEB8agrrLMCtU9KwK5+Rb9IIk+PhpncjxLkRf:lXRmlKri4/LMCtfMR9mghpgo
                                                                                                                                                                    MD5:71CACB5B8C567086A6247985B5054D89
                                                                                                                                                                    SHA1:BF3450BC2EEC151626F6A81C069358319691F68B
                                                                                                                                                                    SHA-256:39032282770E3183E3DCB72877D3C312B7C913CF8104309A0F77CD8F73D2784F
                                                                                                                                                                    SHA-512:C31CE5EDCBE7BB5F43B383C58B5F069B84AE57ADFC9741023170EBDFF102D107B86DCC49133036EE7DCB94E41B09EAA062368E243938FDDDA201B838A3CC8D4F
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:3.......j.D^Ka`.x..sH....3.(T9.1..<..'.n.]..X..X.\5........>...<...>........).......b..[U....M....S.....|..."#......_.|..K."9<..~<.v..f1.e.I(`..H._[.......>..(....[...d....)....r....W...ZS..=..............Q... .oH..6....@d....W....._.s3Wl........[6..j.65.T9M]....[..q.~VL..H...X.?>..s.^..I.j..md,.....M....T..Y......`l..........xu=.%P..-Q...50Y.s............h....Z<.u.....z.8..Z..`.9_..rr..{VJ.i.. 1.P..-~x..{.Yc...*..:r...sO.X..P..W.i..s.3....v...i'.+...&..FU. ..N...Q...O..........x..B......s.f.}..Hr....O...9.=A..Rh..m.sg,....Y.(.._8....VT.......x.` K..6...C.L]..@.A.QR..F.9.q.Af..P.k...$KuU2...0...aS<wo"K....B.. ..`.\.k.6.3.ZD.Tx..+..Ioa.........'m.Y.M...f.>3@).v..2p....W.Z.w...AXL#..+.G..`.aY..9d>.8xD..X(.t...B!.y..\.j..`.j.E0.h......V)7.3.o...*..:D.6..h`....A.z.G..._.lyu.S.....9jT.5_\....PZ4.I8..z/.;.Q......9. .Xx-u........Y...=....Yo...<v})"x..L.-d...+.E..#QgF!.t.{...<..]...$...V...?....x....K..{.I....#Y..h...Ts..y..Zr.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.843856177073275
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:o7RyjSvygn+VJmwRmiN0pE3FeLf6fTsQ7jHKkOd9D+GooX1Ewi7kRf:oa87+VJXcTS/7jqD+GoU/
                                                                                                                                                                    MD5:C6E87D21046CABDA63661F88428E4C46
                                                                                                                                                                    SHA1:9C59B3F21E6683FA246CF9058D52F712C297ACAC
                                                                                                                                                                    SHA-256:7E0490AA0AB2167752BBBB2D06B8B82FBA01C3CA39C4DDB058BCE58B3A3E0067
                                                                                                                                                                    SHA-512:5D9CA30653A4FC129310A95232DFA26ECA19BCBD4B7D4C04D813E18D3985BDBCFBDE1F218AE6E8F6AC1B188E224EE31AE5F90BB9D004C21B4B1E4F5D5A18162D
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....<..D..5nt/.....h"v....=.Y....-1X..C.{.=. ..."....\.v%G...dq..~:.J....kD..W&.u.!.+F...B..;T.@.p~~.F.c.q:..d....b.....(.J:T.....R.......( e...)&..<...%.3.v..d..)%..0..Z\.........../la..'.......V....b.Q....S.l@...h,..}.b..'..e0Dhu....~_JmH.$g3J.3<x.....P..f...^4...~...E...N.0.r.....v.*.. @.M.~q.Ktf.....P.-"]Y@#_..2...f%..y..WW.........N4p..sN.i..[f.....m....G.j.S...O..mXv.b..-{R`....C.W........../.B..}..u..qS..._...).....'.~.d....M..a..+j.:.....Yz..)._...j.`.....i.M...&.....)z...R..vK....nv93..|.9~G.3....-i..D..3...Y......B..D...d..`.|...;.+.,<.;.%S..<....a6.@....`\q.I.y.c.gku.<.......:eM..v.xgo..~F.T.C..p~P.|..Qb./..w....x.-.)...[...@...?.N..RX:......2. h.'...|.."....T.^;.il?\.!.X.N......FL+..+;`..yG..=Z;CB.....@..?.Jn'..I.8.O.. ...a.=..p..@4.cj.....1.a....D..[7.g..9t.v..*..`?.....N....).;......>eMK.........M.S.POG..C.......!-.6.O\.M.)|:.ht...u..ymM:.b.r.G......pO...3!GX..n+Ic....5....b...+.Z...5.~.<.].u.L ....r.-\..2A..8_....`t
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1271
                                                                                                                                                                    Entropy (8bit):7.831752564140541
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:P9WdWckiBbppTXzVaWOsrU2tKSJ8G1wdKK9PEcN11Jp8wIYhbcbykRf:FuCixnVvOCDh8XdKKhEcN10kbq9
                                                                                                                                                                    MD5:A0F536F1B5FB042F92F3849237B9E063
                                                                                                                                                                    SHA1:E3FC88A9E0F4F2A053A53FD0C658C32799D19294
                                                                                                                                                                    SHA-256:FA4D2E40F60EC2731E40C82411D417C0ABC64D63E4DC9F22B67659155F10E734
                                                                                                                                                                    SHA-512:8F9502C4C0454A14D9353BC8067393B090920EE6B1246EF0B10A0BC9B1EED0EFB324794EC39FED0B996E5D897EBA59A8735C6411A121142CD6A3FC51C15B6381
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:8.WE.C.~.a..3....h.\....}. ..6.%.7...`x..9...4..o^..F..(.Y2....di.z*.....ivIQ2..C...3..'......w.....>....8...odu..h.........{.48../].=...".-....53..h@.Fy........B.B.&7.q.(..P.?.<[.d/.v..C"G.#nB.;.....s.&.n..R.(p..+pN&.....N........tS.8..Hl.i...h.v.1..J.`1b2.....W.............J."....).. ....W......Z..._.....S.E.Q.gsOY..B.S-l....]..P..<...q.T..e....q._pu.0..W`... .....g4..m*.;[!hu..@...<....M...Rb.C...3~.m:..%...T{.....R..jM.+.k.....X.F^..Jo...[.~.c..3o.@h..s.....:..~..|T......kS.......Z.O..@..tq.p.0U.K.....Z..z..ye=X...>...W.u..|.C.Z.e|.........Rz.V.^..%..f..0..q.=>w.M.&;.k..K.[|......A....9...gE/...2..A.8..s.r.I.f.<.2....uU.:.8.e@.K...wY...5,....uM..~@........ft..?.`}.<?....YHv...).t.l..X(.T......e.;y.w[.~A.S.6......j...0Q. r....H......of'..1.^.)..{.....M.#.f.....H....w...+..k.k....T..Z{Y./:{.. Z.sY7..:S.e2...X.?5..).d.-...p.r,.9...../.uh.4>....+C.X..2..a!3..../9..`.G...;=.HyW.....<........)..~...f...-.'h{m. AZ......./....V.........0....o
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.865586648265319
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:Pi/0KumHA85dp9YoQSloBk1JZtoPm4b3fYdoC3d9hQDT9LwYgikjUX2kRf:K8KumA8fIMTfoPDTYP31QF+Yh
                                                                                                                                                                    MD5:980D0DF23EEF2D190E505B9C45986896
                                                                                                                                                                    SHA1:B1EC16AEB96059E183D932F17B38FA0430E67103
                                                                                                                                                                    SHA-256:B64D2B3B687B24DFDCD5E429483C580D8EEC0226DE4F99B4E2B33D81AF6D6646
                                                                                                                                                                    SHA-512:8504BABB54C9DA2C5601E85B9B11C820DCB6CE109F8002535C5C77027E1FA3D942ABAFD150BEB5BF7BFA6BDC33DC1F77664FF5AA95B440A85FE5479EABE913A0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:h....A..E..V4>K%. ..v.(.....u..b.M.e8I..}$.>vm...Ve...#.+.E .Av...c"M...W.[.N.6~UTH.!.<.E_....X..l@.V#......2.....%.......P+ M....at...JvE2o...@..r.0.X....Y.......as .18>.*.._.k....me...R\F...;B...6....P9..{...N...*...[.....+^.:;......J...|.w..c.-..ei...)..a.-.A`....".xt.X..!4z..?...>.....J=.Y...K.Vt}$Ucg.$...........v7W.XNK....in..u.=P.............Fn.F..h..]......c8.mK.b...Q...GcM....^.1_b..r*_....H..L..z.p.h.0s...(.`.!.#$...ad...n=......h..L..O...a...h.`.....i<)........H...."...|.X....oc..6..:..$-....M>..3k..U..w.%.f....Cv..KJ..<C.)v........j..|X.9..yM....0..I.>se.g.?h>..iA..".g.U.fQ...?..Qj....;..ze.._.:..[..,+k;4=...`..b..cM....#h......j.q.`.../S.M.p...R...w.y:.......0....w.1wR.;..Td)...i...aoM|_/(..7G.0......A?>.R.>..`.i+H..."._.p.s.k.Ji..{..ax.7w..].....r.9.....^.....V'f.U.). ..x<.L.....6Zi.]0.W.._..C....i..nG.I6.N]T....<V..G.Z.S..?I.D.....X..z...k.@......2,f.Qkw%...eI..g..Wq.......R..3.....(..:...."....K;.=.DE....1.....Pco-
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.848416124310428
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:bBrlQtYhqIyC60o2DtJ3Jbws32del0GTYvkz9gt++s66e3QKd7kRf:bvQtY0tRutJZbwsmBJkzyP53nq
                                                                                                                                                                    MD5:AE15326FEC07EDE176BFEBB3EFC5F3FD
                                                                                                                                                                    SHA1:5DA3B2DE02B15D2AC2B567E39F97D61434CF5400
                                                                                                                                                                    SHA-256:52B56D528112FDBE146160862D8620B20C50D1208C486A41C52D8E1C4046AC54
                                                                                                                                                                    SHA-512:EB9DE658BA364A20582CDFE540636A6A53101CC7DE378BBABA7AC9A1BA8AE32FAF95242A90C4046CFCCED7F8F5ABB76A595B5A765A48214785C1710BC3B2912C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:E}...........'B#H...,.DgP.V..*%.[.....q...T...?"..w{w!6n>5..J.4i...<"w.. 9...o.Qw....aZA...I...QC.5.=..*.Io.%..J.o..qv....X/?.Z...Q)..mT...0s.....#.`....../.{..}....o%..P.-.<.C...>.e.a.&d....$..>^M..O.9...{.n..z.ny....dU......P."'.i3.B...5..D..I.%`S.F.....S.JM....hEvni...X...H..."t.`...;......d.V...."s...=....\.@...].....I.......fZ.<y..).$)C...j...j.......r..e..V..G1..!$..k....urR..v..........V.GM.I.............+.-...xD.{...R....q0...wO......)e#..@...Mq...D..z...t...J.....a..q:..()!~........G...r..8...R)..$........u......}.....Z9...z......4.V....X?M@1S6.w...*..-b.4..L.~T.S9....z8%....Z..xW*....DY..w..Ncgh:........-...$...s.... ..f...../.l..a.......yd.......R.....s..\6.~R..0...@E......:.q.Am'.?.yf4..\.}l.u..... ..#.V.W.&...0<.K+..........N.hzb...V2.&T.,.m'q.pz.....8C.<<.U2.<w.|kl.G.\.........d.u..o........_.W.%...6.S;../.."i../Z...<Q....Y..2=..-..,C.........{...m..X..KP...c.c.u!..._j.(}...[..oZ..... .].t...P.....|.>.?.oe{...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.8382425771954365
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:+jBdEKDiu0vOBzV8zlj4K/o0AYNUC5WC9cfhjVwb2WzGCsBcSVkRf:+XEJqa5j4K/oWrKpVc2Qsxi
                                                                                                                                                                    MD5:CB64BE34D1527FE3C560F61062D970DF
                                                                                                                                                                    SHA1:C0629AB501B79C33B6565A24E4359D7EB1716B77
                                                                                                                                                                    SHA-256:BAF5A54282C1B322AFAE7C485AED3CB541DA7BC672AADC46441976F9AEE81288
                                                                                                                                                                    SHA-512:51EAA0932E236B5492C9FA1CCEC1D4B2D54CE6B1CFF3E771C8D703879C860C3DD9377FB103BDA9FEF3E4B0B4157AFEAB04F1C5907160B64F3F04F30DD1844239
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:zc..9+..l.._.$.N.vvp[...k.z...h[ax\.<....X..z\.X....Ha...A.d...J#Q..l...}./...x...8.<..z9.s..mNRd..\......Q=.T.,I.....Q.E.X..RE...>..p..h.VkF......,.......nCf...\.=@..E..{?.....Y.........^.`..~.....y.6...;.a..@..N....QJ.=F...a./U.."H.,........n..8........#jb.<...5./.:......p@.7.X.0.A..sy..<..s.r.B..oJ..eV...F..%sY.......].F....2]..!.....y*&..y..4.+..k].T.do6.w.]....#.<..'....q.~....g..]h..C..Y..$.Sf.G&....6............JI.7]......hO.%..v.."..<M...9q(..........4....._._.,s.....7.X&.H.~aX-.s...{...AcD.9b....."+...:r..eE.>C.......7L...5...^nl...qj'.)....C.!R2.A.C...X..DG.4.o.X.Q.2.($...F.......mu.=1...-.3.....Eu.......@.1b1s_<j.&Z....2B......gu#e...w..K.x......P.[.<..T...OQ)!E..h...\........9,s.{...z.G..e.n^E...o".....Y.C4.c.t.fR{.\.....)r..#.2I.:B....{iZ...Y......Xa.....S.j...*.v,.~....l.i..a...}.k.i......."..9.o..QC.Oe....y..\u..D&.$......f....,..{xF.Q.b..y/..r]X__C...y.pz(.2.....s3.F.~G...B...3....2)......8.....'..%.m:~.4P... ......s.oa..]e.".%.p
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.843955202105419
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:okLBBzMo6IAmi9tDkEZgWlV5RvQKdzKY4ybPA89ge2D1xI4v9lSkRf:XLBBzMifotDkJy5a4uYBAhrmwd
                                                                                                                                                                    MD5:85F4DB00875FF127F5D6547E0544C6E8
                                                                                                                                                                    SHA1:8DF914D7A92433785FBE7495CAEA9082D36A29AE
                                                                                                                                                                    SHA-256:59002A505B82C8DE9A1ACA0BA6EB5EB9DA2002400405B4C505B81620EBB8463F
                                                                                                                                                                    SHA-512:D88B0DD7E7AE00FEBF8E5F35C9EB6894A2012DF78B777BEEB03EE78CA885AFBE854D21FADF607255E9813994E435A9176F2D989137C0FAE7B592A0DDB68ED2A4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.Aq..A..~..A.S...G.]..X..wp..X.s...iU.~.../O.g...e......^5.P#;..6Ue.%ZE<.W.:i..@..2<@c.3*......+..J..@mW...=...+Z;..".w..j..Tx?&|fm...*.n........tf7..+.8...lY8..>...&.Q...f.%rT*.5.......K.UH|.P2R[....9.....J../OjQ..o.@a...o8+....V.b...v.5......U....R..1.lL^..{.m"..;..Q...L..?Eagi.......t......9........>...+...VN.....T...K.>..$../.#...r..........<.h...d..<+..........i.d..n..SL8&.pk;. ga...=m..~:..H...D.../..P..&.0..1...M.aO...#.F|..V....D5...1...........r...M0.ol.s....0l"a%.?..L.^...V.&~7.N.PA.i..".n.a..3[..............#.~.....F..n........kS..>./.h}.g:....8a.._ ....^*@m...i.#...ny.u.g..2.n.,...T...&p.>.~Ig!.....,O.&..T ...g5V[.......!.6G.d..Ax.-.2.s..R;.Oc.....\...6]...N.B8vf..v94...q.....8.1.....D....MkF....o.....(.).QZ.j..^^.I}\=L..$...........<P).fuu*....R-@......)Y*..9J.s.B...-.0<.X.{U..];...(O...Q..L......V...3H.e.....`(.'E.V.\:...D.(6.A)sv.p.BO.F_....Y...I.._...WB..?... kW..a".....y..W6%...kP..?..F..z.X.m.L..$z.....Q.h.f...4QB...
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1272
                                                                                                                                                                    Entropy (8bit):7.845022311082852
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:TL5oi9T9KUi9WavXPo0Jui2cYQEKgjHF4CVkM4ljOWz/kRf:TL7bK79NXPohi2cY4aF4g2ljD4
                                                                                                                                                                    MD5:A91AC2FF818903D5C275BC271198CABB
                                                                                                                                                                    SHA1:48F4EB6A53F1B0BBE11A253B60ED76A010FFCB37
                                                                                                                                                                    SHA-256:F4520797E297973368287B57BD93418222A38CD884BC57C1B99CD2D96CB23C36
                                                                                                                                                                    SHA-512:7F54A5DED527DD42D6D1199A01CC67DB4775224E92889396D1FA9C448307062CF0828A8A6636122CA3920EA0CA9A3DA339F6205E288C5F4E3052646EB1833F1C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:*..h....R.>...1?.....l..Z2..X...3.YF).7...7}.i.......%y..5....!.i8...?..{..K....z.....{9.......5.X....&.[.W>.N.....`.Mun.L..._....)..NA....!.7...ivv...e.%.......z~....|..8M6....B....[Y....G.wr<...2.&...R.x....+r.......u..B..S..IZK..Iph..a..#.s...u....\Ti.5]2.<..T.=.1.._V.|..T..J6[.+.H .T.\A,Ab...8.^5l8.?=.WW...P......LkS.ap....!........H.[..W...:...V1.a....!....^.3.....L.L^WDi./....R....<o...........P....g=.[.}m 6...5)d.g...X..4!c..S..s..&n!.....X......... .7.._..x.:......K.>...Q_.WA.....Lh.....{9.|..{[.^a@.#s..].32'F.h....C..pv4L.E.=.....SJM.....TH.6W...B<q.GN....9'..........Y....+.k.....5..4Z.....o.@....x....~.7..6m...u..kew.Q.2.6..|.......A..C+..;l.y+;-Z..P.2W.^7.[...|b./mX_..#..$I4...n...c49.S9.$9...1..t.|#VG.H....#.g.....7P........I......3g..7....;...../OC..=....|....`PU....5.*m..ECX..e|.;.E!...^.W."D./.....Xk..o..R......a.H=..,).....5..*e'.......nj.4.......e.0i...0!t.D..tI..o.@..5.....&..Q.R<_.b.6Q.g5"....B+....'..c.
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1270
                                                                                                                                                                    Entropy (8bit):7.85672580497306
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:ny57SoNw5SNbkgZhE7LtYUescpJRl2z1p2HEJErWNIcZbQmeOhU7kRf:ny5mSNbkg/E7LtIfpJRl2z8SxbQo
                                                                                                                                                                    MD5:A0EA80EF41CED9E2C4EFC28047BED3E8
                                                                                                                                                                    SHA1:5A5ED2DF73C4869837E63C6457BBEB2254957CB4
                                                                                                                                                                    SHA-256:536DC9E2F63F24F6C322B2E6A8AEB490618290DF82C894EE4860C19967A924C3
                                                                                                                                                                    SHA-512:96D8F2B64C40B856FBD43D5F79D3F6386849B60FF6425FF470F379918751E926B8C5E7C9372D314F12E7E58BFD07D82FA231E9B229359A4DF7A8E2987DBDF6A4
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:^w...KrGr5...I...Kx... )Ye......U.....}.Y.k.U.Mm......O....F...........h".`.Us...t...<.../C..).j..R.].i.y.hkk...I........C.dD?W.8...e.._....g1......mP.B&...jp.)...3gZ$.C.?(....\.T.1-....w..e..Au}..|r...M._...9..2.9Q.sCbmB_W...8..b.....{.m..S..d.ty...?..;.'wud}rCm/|B'%s.....{..E.$s+l.9X..]a.L......Ke...|%L*.!L.7.>=.......W&.V$.1[..P.."N./..L..|.F..8..yG)..*...C......q.b.....D..A..ZC..I.>./.&.*I...Q...W......Y..s....p.3..|.zy!....,.}J..8c.,....0..6......#...,e.i;....G...4....E.x..@.tqL#O..Z..(...(.....3.q.aP./.?...U....:..vI.{&..y.X....4.h.. ,..N."..j...:b.9/...C{.C.L.W...)_.x|.N.....e....l...^...<..,.v;..-.F&2<..V#H.^/."....H..y......7...........8.@..I...1C.Z..O.:^.s.B]5~\.i...t...s1.....>Q..X...$....o..C..kz~.ZD..R...>.<.T......6.......R'.kgE....{6....t....m.EFlC.."?\..A..e.]S...S..Yy.bL|.d.....v.r.... h..[.|.-8/.D.F..4..k..'$.O] b..]..>..,...D\.}.<.lh.7"..1..]E/O...@.ve..L.=..|.......{.t.z......5)..5.....7V.L.M.:.].R.[h].%..} .6=V,......
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                    Entropy (8bit):7.415151701786783
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:L1Co/IwByUUW6g7SY1cFl07kzoPFkvP4hxbLHSCL18FRdkctPqW7GTeDsn:xCdOyBWtLxkzoPHPLHS7dkctyWFsn
                                                                                                                                                                    MD5:69685C3B4C5E0AAB972D67C84B933A48
                                                                                                                                                                    SHA1:BFA88434ADA2B307CC63453FFD1CCB4989C9CAEE
                                                                                                                                                                    SHA-256:49125733226039EDD3C716F3164C03A51823B46BA4259F561EB8FB0252DAD8DD
                                                                                                                                                                    SHA-512:4FA3BD75520A02CF13DD3090F6DCCE324ABB7CA8A17BDBE239C47DCA1C83B825F87DFA6F3909ECFFAA20B1F029EA0196304156DAB9FA3F6DDB301B7284372CA7
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..Sd.....@.m.(T.........FtU..1/=y..O*....W.L..VY.m.2p.f...|.. .O.6\..$<O....W...5.(..G..?.....H.M.D.z.3X.8.G7..$.:...N._-...=...z}.-bd....cIV.....h..u.TE..F....D......_.{.B.2j...|.lH...Bep...x..j[......b4...i.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:DOS executable (COM)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):443
                                                                                                                                                                    Entropy (8bit):7.561652364849396
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:iEDzjtTtrAt0pfRaBOckhqbBBgRZS7dkctyWFsn:iEDzjtI0pf4B9AAkRf
                                                                                                                                                                    MD5:AE4C28213CEABFF79668E08B90E8C574
                                                                                                                                                                    SHA1:8CAE9282251FAF93399FC321B050BB0D0E988536
                                                                                                                                                                    SHA-256:AD9A8C9AE207BA846D0EB5188188B30D7CB88879AAC4C9D15FE4C45DDF416B60
                                                                                                                                                                    SHA-512:494D893BB6D40FD9EA2165AA27B05316DBBE926E546465F356B2FA43A9F621BDAABC55C550696D9CA14CA75C81FC9AC8603653247B586B506A643D02AD65404E
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.<........t...7:...X.T..wT.W.o[.3-...K.J....|......{..t.e..m.......C\Ybf.....x8W..~.....r!8.v.q=)8R.^.._.)]...5...{.f._..n..`.5....Q.?.......|..@.B..|...%.'..#.H......d....W...w.f..Pa..6......?...U.. .5.....D-....lh....hbd....cIV.......c.+..ecEJ...*\.=Qm|[....1T..r.e..#:V....~|.Q......;.Mx^.V..e.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):355
                                                                                                                                                                    Entropy (8bit):7.340404105920841
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:g0k2uuD+2AmlDJv3KuLxeLAdO4vFM6RbHu9ieSCL18FRdkctPqW7GTeDsn:gcxTDJPDL4L4zvFMKu9ieS7dkctyWFsn
                                                                                                                                                                    MD5:28EF0DFFC31281A3ED5B9DD128116DFA
                                                                                                                                                                    SHA1:72033436D60E7BB013F7A5E9B2684B547B87330C
                                                                                                                                                                    SHA-256:6672FC46FFEF60AB9FBE89130CE408D68AC598747605D44CC32EF03DFB085775
                                                                                                                                                                    SHA-512:57AA34A691B9E2DA050B35CEE09DC01768C88E7C2F11D3D0BE807D12E9CBEEF6C3D9F5E9AAE8FF90C31A86BCE07B36802C87E853E10D1834C27D58AC5FA1C58B
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:w.B.m....../...h~....`..rj..x..N.WL`...C....XZ...I9Y.6.9".|..;....x..X4..l.9P.-.>D...lJ.....M....q.e->.Q.B....(.8...C.^..b.IA.f{...8bd....1IV.....h....uD.........T..._m..a..lM.7..5...X.H@.},.!..@..EH:h...W3..:<..l.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):347
                                                                                                                                                                    Entropy (8bit):7.42328187402375
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:C+rxnVOIsgW+OA5JUfSHWOofuqozyu0eefW6EcP9DBzSCL18FRdkctPqW7GTeDsn:VxVOKP5JUfVOc8yukuxcFDBzS7dkctyf
                                                                                                                                                                    MD5:08B8406E4B12A588E4F82C9D51633D21
                                                                                                                                                                    SHA1:5BFE3652279AF066C4EE639ED8DB158A28A58C8E
                                                                                                                                                                    SHA-256:BA3821305CED34F4717451C6B4C55FA43941684B683C15A5A4DC253E301445D2
                                                                                                                                                                    SHA-512:84FAF64910492A79771B518906F268EFC240EFEB0F09F6B3FDCEAAB9F173E9B18540281A419A8714FAFD97D785694C93774CC3C6FA8D9FD3AD8D34F0C3A19DAF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..._}X$..4;.F.8O,......~....X...#%......z..)0l.......a.U.....P..!.....E...%<f.e..6!...PT.^.f..4%}:.4=.-qz......&.^.h`/i?.|..Z.j....:0d....`IV.....R.$...:[...0@....!...SX._.s{bY..!...o.a.....#.t..../.J.i.f.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):344
                                                                                                                                                                    Entropy (8bit):7.354036975617422
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:eEu2qYye7jccif8VtY0PFbauyYszyBVzQsUjkqbBxzSCL18FRdkctPqW7GTeDsn:eEuUDe4tnYO/jdsxzS7dkctyWFsn
                                                                                                                                                                    MD5:0B23EAB572B312665D4F867BFC2DE7DF
                                                                                                                                                                    SHA1:55E8E57B2DD11BC1F89BF2FCEA746EE994C9D6A5
                                                                                                                                                                    SHA-256:E2B164CEBF1AC0578E08B96A9DDBCAEADC14386121EF1BE62802D8E95049C244
                                                                                                                                                                    SHA-512:A2A9353F9D5A41537CCED55FD98203028A74E164B42E31364ECD5CBEECE14BAFB6CF50CC295CC9478BDC51DBF35C04A9585CA8070069FAC34CA06984D66C92E8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:d..'P..Qdla...z%o..z.XU.o...,.S^.Vm...!..1.4.&.._.$..vL"...'....$........Y}.}(..,.Y.M....E...k9_d..b.._... .-.....D-....lh....hbd....cIV......"..d.j .>..^ I......!...>.^...rx..._[.....g...-[..G.[......e.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):353
                                                                                                                                                                    Entropy (8bit):7.3585957460614395
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:SEHFvo7Wcq2/mmkuhYktrwrIMMJmaAiVCCHSCL18FRdkctPqW7GTeDsn:WqWm4trwrIMMJ5AwCCHS7dkctyWFsn
                                                                                                                                                                    MD5:9C1550FF8BAF47B96174DB0E5AF9F3A5
                                                                                                                                                                    SHA1:432F98D7CD5BC29A1708D4943C949ADD57FA73E4
                                                                                                                                                                    SHA-256:93E85DE086343686C444EE7C975EE4EEF133CAC9E1AE68BABF4E5586615A2EB6
                                                                                                                                                                    SHA-512:BEBD5C59C77704BCAED7712381337A725BFDA13420ADB6CBA51F3C7BA9952E3D80692CF87822DA1E9DB63592B910B6130D17FFDCA67D4035ED300D56D54F6F11
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:C.V...|.t..+1.X....ld.d+...a^s{.~...U..NR.#....|....i.n..T._f....e3.g[..o-.uU**...N1q...6b...)gl.]..O. ..........L.T-..:...R8b}...cIV..|..h...U.qy\..y!._......x...L.}.=.9.>.\;d....O{..]=.....aYC..u.k.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                    Entropy (8bit):7.341996471400385
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:2+cQj1HI0Fg1TtkEd6+FQe5Av5NcATG5XGpquSCL18FRdkctPqW7GTeDsn:ZcQxw1xkI6+FQe5Kze9uS7dkctyWFsn
                                                                                                                                                                    MD5:7770FEC72ADBFCD4F3A579188FED5291
                                                                                                                                                                    SHA1:6E488F2FF9693D35E21FB9BD34708438FADF4992
                                                                                                                                                                    SHA-256:DF2C0EED64B39C1D0652A8A9438857704234FCFA015CD6D66F8DF7206EC42FDB
                                                                                                                                                                    SHA-512:12CB807201C9FC5B416EABD4E42DAF48D03C4B35F261DBA192ED2E379B205D78E3AB228FDC5103CB0C34C464100E255D9A050877C4068AF8524583110615BF8C
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:%6...!.BK.......83.%.........H./.2T.?.>.~62.n]......H.......=....N.}V.J.....Y..Ri.@6.u.K..f!..P..q9*.}....,.?.ce/x?.|..A.s....:bd^...cIU.....h....|;z....9r....@.C.5...E.y.g6rn....K!...*.......:X.".#...h.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                    Entropy (8bit):7.408866756243304
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:D8q7RdKupxveb7v5Ny+ejoK9sXmouqlSCL18FRdkctPqW7GTeDsn:D19Uupxvezy+dK9sWo1S7dkctyWFsn
                                                                                                                                                                    MD5:E45C6C2AD96CBB240FE64BF4D0C07582
                                                                                                                                                                    SHA1:C870C3A76F5A442795009BD42602691D949C264C
                                                                                                                                                                    SHA-256:19D04DA520BB6E533378BB63403C929F1DA066500769C55AEE2211D2CE5E9C13
                                                                                                                                                                    SHA-512:B6F2D0E14BC87449234F01216C8A33E5FB85B623FB99EE295E34D8456FE4EE1FA82C423FC7051C69FABAEE1C86EC4B48D90559C1339CE3D9C5BFD1DCCF7E6130
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:\W.~.Q.......".L..x...........2..%p.F(EQ......A...3>~/.u...^.l..)....g....[kC..(.........E.{JF*.9}......>.2...$i?..'..B......:bd^...cIU.....h..'....K...omBkmVz..I........>..A.Gg-.-.C.7...]S...:...b/#..1.]h.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):356
                                                                                                                                                                    Entropy (8bit):7.3324064042533434
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:oz1Iejhf8sJ6VYOVG31TBfZnaVlC3K9FzjEQ4kLrpvt+rB/8JeSCL18FRdkctPqf:C6S584dFTpZeliK7GkLdkrBUJeS7dkca
                                                                                                                                                                    MD5:82CEBFAC6F2E4680C423B74B64FECE1B
                                                                                                                                                                    SHA1:87F6FAC6908233F1DA24B66E3FB9A518E4BF3263
                                                                                                                                                                    SHA-256:407418FFC4B92DFBDA9D8D2C97CF2692A32213EC66312AD73F839A3CD9C8123B
                                                                                                                                                                    SHA-512:13D9B86044B0B7FEDB46C170DC9B5504540F27D16D42AFA07A5EBD7800229C8BFAE3FC95504C2046AACE00B2AEDDDC4D9B932323DDD385D0D0A467BED7FB64D5
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.qu#..:.B@.I.a.....J.k3N..-.o.1.:T.gIV..CZ.q.Z-l5{...;.{<..JS#...b..<..}...w...*wJ..+Tk~."UX..d...$m..,U>.q... .0.o|/i=..h@I...{*...`d....1IV.....h....a\.>.v...;.Uu....xe'b..h.[O....fV.........%. ....a..tK...TPP.l.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                    Entropy (8bit):7.347649836342672
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:bX+/93zjvaicgIwNEDLWaucwv5N5nWRk4AprZSCL18FRdkctPqW7GTeDsn:b+xzjvaicNSsD65nP4AjS7dkctyWFsn
                                                                                                                                                                    MD5:DFA0F1E96BDCBB167FCC42AA0C19D03B
                                                                                                                                                                    SHA1:E700EAB5885110ED5C75A9B46BD3E2EC00F9F741
                                                                                                                                                                    SHA-256:F557F74833345ACF8FFE52A8CDCE8BA8A9131517A69BEABD4CD72F4CBDD4365C
                                                                                                                                                                    SHA-512:B6EA94160A731ED6A0936B262681A4041B5058D467D2B2DDB5EF8FA8A58031F9271F35C1BA7DA61B2259219EA44E9B93C755FF2A5B0A694AD35867CEB343C651
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:...UY..r....M...~...>g.......Z....:..G......\z..'..?r..C.3.I.......#.cv.G...a...C...`..Y..k+..m...:S....&.....(n?..'.........:bd^...cIU.....h.X..qa.H.].#.8!P.....=.....yanQ..ob..qT..9+Pb%.3..Q..R.J..h..h.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1174
                                                                                                                                                                    Entropy (8bit):7.859002271264254
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:xEdC0IH0YFkPHq06J4xgXwKVPIZuy3wdz76AtrSbLikRf:VdUYUK06JGpKVPquA09KZ
                                                                                                                                                                    MD5:54B7D8AA37FBD340EC2E3530289A785B
                                                                                                                                                                    SHA1:D1CB487D8E9B5617B70A568CA97951AB96877EC8
                                                                                                                                                                    SHA-256:18BB566C405216E27260F3E881574309B051EEA7AEA6AEB7B71BD1BF06FC341D
                                                                                                                                                                    SHA-512:E121755B61A75CCB252CF4832FB89392AF85706DC91404E609C211EA2149B0B97AF4397560768BC883CF916BA19B2B27A94924BB85F519405B8B4F0FE07051F0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....:q.M6.....[..Q"..Hx~.p...nA.$..$.D+.H.m....9j=..m..L...8...r.p7....f....\....4~.{5...ng..h.0P.7l..$..=.S.i...)(.?n....oj^........K.......k...9.l.;"e#..).m...Qo.(j...r.RP.......;2.+.t1..Sa.Y.N.......y.vU.......}X.....1Z|B........U..0.Y?...@.5.E..{.n.7.i.Zk.:...J"..D...x!."....6.s....q.6Z*AY.,....ij..x#.YkV..@.X...d^.o.3B.1g.~_.R.m.............!..C.T.r.......b(....th3....x....bCm..[.im..e.\..O.........H.f........UZU?.9....#!'......|..$..sG...$&H..DO.KcX..5<}D....."I.D..u:z.....'.......Ky..h....DWC..(.......7.R...L.3...eS.8V.5.S.....p....I.pQ....%.p.w?`R....(.....ANT.......v].`..c+.....KzL.5S.c.#H5.1)..dH...fH..6...f.*...;.....;EN&.,.,.?.k'x6..*v".~E.......Ne..s.if......q..G..3tKV.........?d.V-.`.=..=.*.r.....}z..}.%..\..h..`Z.n...H\.'....t..5........J.WB.x...6.....q..>.1..j.A...zC..o...M."I....J.. .5...U....r.4B_.....0......{^\S=G.[......G...B.E4..0.~M>$.P.......b..[p......t..3.#\t/.A..g..Y....=.&|.=3..w.d7.C...0.C...0z=w
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):239
                                                                                                                                                                    Entropy (8bit):7.048198582126522
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:c9PpmmxoQv+zjtMGsug7fseSCL18FRdkctPqW7GTeDsn:c9RmM+vtMGLgTHS7dkctyWFsn
                                                                                                                                                                    MD5:A9022DBE676BE879CBCFEAD3755CD714
                                                                                                                                                                    SHA1:84D4BAC32B058DF87936E4365DD394F2C3D1ABCA
                                                                                                                                                                    SHA-256:9786E6EBC1E0FE1DF24E9F4E6534A845ECE7D142F6C33B8B2B11DD6516FDA094
                                                                                                                                                                    SHA-512:A0853690318126173AF112C0C6C72AEA622ED85E0627D4BE7C79DA850E614D19B3849A5A6DAD74FB1D15059F1EDACBC875A6ABD91406A992B622EC6AE5159279
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:..@.......*.....M.8....hOnh[...:bg....cIV..<..<f>..jx.(K~j$K.}.IK1..XcL!I.w...fp.......><.$......R2.a.>~....n.+....3..y.7....0...)z.g..I..%.%#.2.....n1.-.v.qN...'..;~.?..3.q...K....y........"./...x...(..(.q%Wr.Bi4m.w.X..HT.+K
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Windows\splwow64.exe
                                                                                                                                                                    File Type:Microsoft OOXML
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):13755576
                                                                                                                                                                    Entropy (8bit):7.893473469380151
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:196608:BEoUROHVBIwG5m4MLCy9NqfB4cnaIST903EBp:e5gVjG4k5SmW
                                                                                                                                                                    MD5:A4A6FF62D512602E0DFA6E9BC1505163
                                                                                                                                                                    SHA1:BC07AD6ECF130E555D3BB41AE63EF0596C916753
                                                                                                                                                                    SHA-256:A31C0531FB82BF54981272B5BBEA3D296850BFF160C85C882411ED28078F711B
                                                                                                                                                                    SHA-512:E83974E1396B2C520DB3F033A03B80D594A0D77C01E013D494E3A4971A2CCF53DDE558BFA2E550F9EEC962D54C94686C3D944A4051445DA87FC39A430C520E81
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:PK.........r.X................[Content_Types].xml/[0].piece.....0..W..o.x .....e.(....Ql!..<...S^.MMw....#Nr.9....p..:..J.z..`3..DM....T.n..J..-c...3....&a#......PK....X.j...q...PK.........r.X................[Content_Types].xml/[1].piece..1..0....eE$....{e.C.&..X.........H\., .....o.T..i.."...K.s..4..VW...i+.Ak.....}....\.+..O?PK..K..jb...l...PK.........r.X................_rels/.rels/[0].pieceM.A..!.E.B.w...1.....9@...C!...?,].......f..4.qp.,.._^I...y?\`.....Cc.jF". .^...#g.T.A.e.c.........3.....PK...BpJl...y...PK.........r.X................_rels/.rels/[1].piece..K..0....9@&.....nk/.....O3S...s....L/'.UN...'.......P....UO:....=X......B..gD...c]...[..[..3..9.9a.... .....N.PK..4...u.......PK.........r.X................[Content_Types].xml/[2].piece-.A.. .F....p.u.q.&....!...m..[.n_^..kA.......>|.......f....`........}..F..(v.6.t...0-.n.C|@.N-.Z...PK....[Pm...{...PK.........r.X............%...FixedDocumentSequence.fdseq/[0].pieceU.M..0.F..fo&.....H.`..2.....H.o..p
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1474
                                                                                                                                                                    Entropy (8bit):5.021836500560776
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:PpwZi4kEVluhAdFfqQxXNP3ak/VVtLoHghKY/qqykKd8bTTxFixFJM:Wi4bUCXxaSVVtLPiqynyTixF6
                                                                                                                                                                    MD5:229210D8AB829BD8D8E03B8895449CB7
                                                                                                                                                                    SHA1:79AA037968BB8EDEF45570F1D1E0EB005FA36181
                                                                                                                                                                    SHA-256:484B2E44DE4683C20F2C34218C52EB0F3DFF2477C40BF9B252D3D7F02E08724B
                                                                                                                                                                    SHA-512:93DE2613745F0562365818708B8398BE4F2FEB53225D6DFDC1EAB01314E03B6BB4F65AB24C950681F7F10E73B2881AF58942F6CEA67D93326BEBD9BFA1B1FFE0
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview:.########################################################################################..Your files are safe! Only modified. (RSA+AES)....ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE..WILL PERMANENTLY CORRUPT IT...DO NOT MODIFY ENCRYPTED FILES...DO NOT RENAME ENCRYPTED FILES.....No software available on internet can help you. We are the only ones able to..solve your problem.....We gathered highly confidential/personal data. These data are currently stored on..a private server. This server will be immediately destroyed after your payment...If you decide to not pay, we will release your data to public or re-seller...So you can expect your data to be publicly available in the near future......We only seek money and our goal is not to damage your reputation or prevent..your business from running.....You will can send us 2-3 non-important files and we will decrypt it for free..to prove we are able to give your files back....... ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YO
                                                                                                                                                                    Process:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                    Entropy (8bit):3.73345859334435
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:5UlOzI2Y1AnS3zXl8FRR:KlPGSjXKRR
                                                                                                                                                                    MD5:11684065A2AAFDF3391CED9A046F6E00
                                                                                                                                                                    SHA1:131E95A6772F3FF6254EF275EA353FB5583DCD71
                                                                                                                                                                    SHA-256:9CF475D2F5B48F1F070C6E7AF6401AD482AFBD87A2656EA43742A2DFEA4AB3BA
                                                                                                                                                                    SHA-512:2F2B0DDAE65AECB50F32D64455B9D93E4C89EAD7EDF4AB380C4CE2D00E433E07D908C5B8961AD4F5801AB4B09308E901EA62671D441CD5A51557F77258F7B0E8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:....8.4.1.6.1.8.....\MAILSLOT\NET\GETDCD02BD8C7............ ....
                                                                                                                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):22
                                                                                                                                                                    Entropy (8bit):3.9705730958116843
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:otlYi:otB
                                                                                                                                                                    MD5:E9DD4D20196BA68C77A3F1A24A7D8BFA
                                                                                                                                                                    SHA1:B8207AAB2C4582C483243365696D67FE5AFE390D
                                                                                                                                                                    SHA-256:2FE88BC6887E5F18D9301D098C879BD080950B4613D6E0C549668EDDD4BF27F9
                                                                                                                                                                    SHA-512:73F2AF4010C8FE9B021F27B03F6BD25FE72C7B809C83BDC8D177A24B39CAB651773F3FEBECF63B0CF80044771A175E027B161F48318564F459CB4F64608847FA
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:C:\PROGRA~3\ECC3.tmp..
                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Entropy (8bit):7.2002576329341235
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                    File name:98ST13Qdiy.exe
                                                                                                                                                                    File size:151'040 bytes
                                                                                                                                                                    MD5:12450f3dba7ad4bb8f8fa4988011b913
                                                                                                                                                                    SHA1:b58b07405615dd7c0e1cd159409bab656e507c10
                                                                                                                                                                    SHA256:cd727c8fc0303b9a77641cc43061fa6ae9de3a0af40fd525c4a745c1dcdd5965
                                                                                                                                                                    SHA512:6e5ebdfbfed98fb9acafa9878d3a77d0c387873eb8746e6266e57a734b7ee72bf621c3210e34a4fa05d84b8e78776e9fbf06894b2b6ef19faec8ef1f338b5f47
                                                                                                                                                                    SSDEEP:1536:WzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDI55UgdcGiALUK8P3g9bOcbrvfT:tqJogYkcSNm9V7D4BxidzQtOcbr3T
                                                                                                                                                                    TLSH:B7E37C21F25EE0B3D47B18F12726B17DB3EA4D2C0AA66843D6D40F48BCA49632F4595F
                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!c............................o.............@.......................................@...........@....................
                                                                                                                                                                    Icon Hash:90cececece8e8eb0
                                                                                                                                                                    Entrypoint:0x41946f
                                                                                                                                                                    Entrypoint Section:.itext
                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                    Time Stamp:0x632112B1 [Tue Sep 13 23:30:57 2022 UTC]
                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                    File Version Major:5
                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                    Import Hash:914685b69f2ac2ff61b6b0f1883a054d
                                                                                                                                                                    Instruction
                                                                                                                                                                    nop
                                                                                                                                                                    nop word ptr [eax+eax+00000000h]
                                                                                                                                                                    call 00007F0C3C7C1595h
                                                                                                                                                                    nop word ptr [eax+eax+00000000h]
                                                                                                                                                                    call 00007F0C3C7AE922h
                                                                                                                                                                    nop word ptr [eax+eax+00h]
                                                                                                                                                                    call 00007F0C3C7B1EDBh
                                                                                                                                                                    nop word ptr [eax+eax+00000000h]
                                                                                                                                                                    call 00007F0C3C7BF920h
                                                                                                                                                                    nop word ptr [eax+eax+00000000h]
                                                                                                                                                                    push 00000000h
                                                                                                                                                                    call dword ptr [004255C8h]
                                                                                                                                                                    nop dword ptr [eax+eax+00h]
                                                                                                                                                                    call 00007F0C3C7C1279h
                                                                                                                                                                    call 00007F0C3C7C127Ah
                                                                                                                                                                    call 00007F0C3C7C125Dh
                                                                                                                                                                    call 00007F0C3C7C125Eh
                                                                                                                                                                    call 00007F0C3C7C1277h
                                                                                                                                                                    call 00007F0C3C7C126Ch
                                                                                                                                                                    call 00007F0C3C7C1255h
                                                                                                                                                                    call 00007F0C3C7C126Eh
                                                                                                                                                                    call 00007F0C3C7C1257h
                                                                                                                                                                    call 00007F0C3C7C1252h
                                                                                                                                                                    call 00007F0C3C7C1235h
                                                                                                                                                                    call 00007F0C3C7C1206h
                                                                                                                                                                    call 00007F0C3C7C121Fh
                                                                                                                                                                    call 00007F0C3C7C1202h
                                                                                                                                                                    call 00007F0C3C7C1215h
                                                                                                                                                                    call 00007F0C3C7C1216h
                                                                                                                                                                    call 00007F0C3C7C11F9h
                                                                                                                                                                    call 00007F0C3C7C120Ch
                                                                                                                                                                    call 00007F0C3C7C11FBh
                                                                                                                                                                    call 00007F0C3C7C11F0h
                                                                                                                                                                    call 00007F0C3C7C11F7h
                                                                                                                                                                    call 00007F0C3C7BFD48h
                                                                                                                                                                    call 00007F0C3C7BFD55h
                                                                                                                                                                    call 00007F0C3C7BFD62h
                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000xfcc.reloc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                    .text0x10000x17d460x17e0057ad8095d0d1b2e0663fbd3ef4405410False0.48270819698952877data6.613530972543989IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .itext0x190000x5690x6000adcc204eb91a7bbe4f95e6c65202fe1False0.255859375data3.0389614741823974IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .rdata0x1a0000x4b20x6009264ea7f335858b063b39397d3c51d14False0.3821614583333333data3.6588662154359954IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .data0x1b0000xadc80xa0009116c540022294c1018eb3568389d627False0.982861328125SysEx File -7.985683065252334IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .pdata0x260000xe210x1000bdfb41392760eb655d116a56010cdf2cFalse0.89697265625data7.5153075371349365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                    .reloc0x270000xfcc0x100068a4352eca889669f544bd64baa3f961False0.8427734375GLS_BINARY_LSB_FIRST6.728533295109IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    DLLImport
                                                                                                                                                                    gdi32.dllSetPixel, GetPixel, SelectPalette, SelectObject, GetTextColor, BitBlt, GetDeviceCaps, CreateSolidBrush, CreateFontW, CreateDIBitmap
                                                                                                                                                                    USER32.dllLoadMenuW, LoadImageW, CreateDialogParamW, CreateWindowExW, DefWindowProcW, GetDlgItem, IsDlgButtonChecked
                                                                                                                                                                    KERNEL32.dllGetLastError, GetProcAddress, GetModuleHandleA, GetLocaleInfoW, FreeLibrary, GetFileAttributesW, GetCommandLineW, GetCommandLineA
                                                                                                                                                                    No network behavior found

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Target ID:0
                                                                                                                                                                    Start time:14:06:55
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\Users\user\Desktop\98ST13Qdiy.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\98ST13Qdiy.exe"
                                                                                                                                                                    Imagebase:0x730000
                                                                                                                                                                    File size:151'040 bytes
                                                                                                                                                                    MD5 hash:12450F3DBA7AD4BB8F8FA4988011B913
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Yara matches:
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.1876829701.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1633756524.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1875675549.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1875675549.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1708235011.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1719080714.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1875303206.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1875303206.0000000000A24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.1876829701.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    Target ID:1
                                                                                                                                                                    Start time:14:07:02
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\Windows\splwow64.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                                                    Imagebase:0x7ff73be80000
                                                                                                                                                                    File size:163'840 bytes
                                                                                                                                                                    MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    Target ID:5
                                                                                                                                                                    Start time:14:07:19
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\ProgramData\ECC3.tmp
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\ProgramData\ECC3.tmp"
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:14'336 bytes
                                                                                                                                                                    MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                    • Detection: 83%, ReversingLabs
                                                                                                                                                                    • Detection: 83%, Virustotal, Browse
                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    Target ID:6
                                                                                                                                                                    Start time:14:07:20
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\ECC3.tmp >> NUL
                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    Target ID:7
                                                                                                                                                                    Start time:14:07:20
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high
                                                                                                                                                                    Has exited:true

                                                                                                                                                                    Target ID:8
                                                                                                                                                                    Start time:14:07:20
                                                                                                                                                                    Start date:06/05/2024
                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:/insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{11654E24-2203-4A9E-B419-2712D31E0D54}.xps" 133594708232220000
                                                                                                                                                                    Imagebase:0xc0000
                                                                                                                                                                    File size:2'191'768 bytes
                                                                                                                                                                    MD5 hash:0061760D72416BCF5F2D9FA6564F0BEA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                    Has exited:false

                                                                                                                                                                    Reset < >

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:19.2%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                      Signature Coverage:15%
                                                                                                                                                                      Total number of Nodes:1927
                                                                                                                                                                      Total number of Limit Nodes:7
                                                                                                                                                                      execution_graph 11301 73a9f0 11303 73aa13 11301->11303 11302 73aaff 11303->11302 11304 736830 RtlAllocateHeap 11303->11304 11305 73aad3 11304->11305 11305->11302 11306 73684c RtlFreeHeap 11305->11306 11306->11302 11307 73def0 11314 73ddeb 11307->11314 11308 73de3e 11309 73de4d ReadFile 11309->11314 11310 73e006 WriteFile 11310->11314 11311 73e0ac NtClose 11311->11314 11312 73684c RtlFreeHeap 11312->11314 11313 73df8d WriteFile 11313->11314 11314->11308 11314->11309 11314->11310 11314->11311 11314->11312 11314->11313 11158 73fe37 11162 73fcae 11158->11162 11159 7369a8 RtlAllocateHeap 11159->11162 11160 73f4f8 NtSetInformationThread NtClose 11160->11162 11161 73fecd 11163 73ff37 11161->11163 11164 73684c RtlFreeHeap 11161->11164 11162->11159 11162->11160 11162->11161 11168 73f634 NtSetInformationThread NtClose 11162->11168 11170 73684c RtlFreeHeap 11162->11170 11171 73b390 2 API calls 11162->11171 11165 73684c RtlFreeHeap 11163->11165 11167 73ff45 11163->11167 11164->11163 11165->11167 11166 73ff53 11167->11166 11169 73684c RtlFreeHeap 11167->11169 11168->11162 11169->11166 11170->11162 11171->11162 11172 738f36 11173 738f38 RtlAdjustPrivilege 11172->11173 11174 7397a8 4 API calls 11173->11174 11175 738f70 11174->11175 11176 739850 NtClose 11175->11176 11177 738fe0 11175->11177 11179 738f7e 11176->11179 11178 739005 11177->11178 11180 738e9c 4 API calls 11177->11180 11179->11177 11181 738f87 NtSetInformationThread 11179->11181 11180->11178 11181->11177 11182 738f9b 11181->11182 11183 738d78 5 API calls 11182->11183 11184 738fb0 11183->11184 11184->11177 11185 739850 NtClose 11184->11185 11186 738fbe 11185->11186 11186->11177 11187 738bb0 2 API calls 11186->11187 11187->11177 11518 7474b2 11529 747487 11518->11529 11519 747580 11523 741fb8 15 API calls 11519->11523 11520 74758d 11521 7475a2 11520->11521 11522 747593 11520->11522 11525 7475b2 11521->11525 11526 7475a8 11521->11526 11524 739b80 15 API calls 11522->11524 11557 747588 11523->11557 11530 747598 11524->11530 11527 7475d1 11525->11527 11528 7475b8 11525->11528 11531 747308 16 API calls 11526->11531 11533 7475d7 11527->11533 11534 7475e1 11527->11534 11532 746efc 5 API calls 11528->11532 11529->11519 11529->11520 11535 741e50 122 API calls 11530->11535 11531->11557 11536 7475bd 11532->11536 11537 743868 5 API calls 11533->11537 11538 747634 11534->11538 11539 7475e7 11534->11539 11535->11557 11540 746b18 2 API calls 11536->11540 11537->11557 11541 747643 11538->11541 11542 74763a 11538->11542 11543 747616 11539->11543 11548 746d04 2 API calls 11539->11548 11540->11557 11545 73a308 2 API calls 11541->11545 11544 746b18 2 API calls 11542->11544 11546 740410 14 API calls 11543->11546 11543->11557 11544->11557 11547 747654 11545->11547 11546->11557 11549 747678 11547->11549 11551 73a308 2 API calls 11547->11551 11548->11543 11550 742384 11 API calls 11549->11550 11549->11557 11550->11557 11552 747667 11551->11552 11552->11549 11553 74766c 11552->11553 11554 739b80 15 API calls 11553->11554 11555 747671 11554->11555 11556 746f90 122 API calls 11555->11556 11556->11557 11108 74017c 11122 740079 11108->11122 11109 7401e9 11110 73684c RtlFreeHeap 11109->11110 11112 7401f7 11109->11112 11110->11112 11111 7369a8 RtlAllocateHeap 11111->11122 11113 74026f 11112->11113 11115 73684c RtlFreeHeap 11112->11115 11114 74027d 11113->11114 11116 73684c RtlFreeHeap 11113->11116 11117 74028b 11114->11117 11119 73684c RtlFreeHeap 11114->11119 11115->11113 11116->11114 11118 73f634 NtSetInformationThread NtClose 11118->11122 11119->11117 11120 73b390 2 API calls 11120->11122 11121 73684c RtlFreeHeap 11121->11122 11122->11109 11122->11111 11122->11118 11122->11120 11122->11121 11331 7377fa 11332 7377fc CoInitialize 11331->11332 11333 737831 11332->11333 11188 73ac38 11189 73ac20 11188->11189 11190 73ac53 11189->11190 11191 736868 RtlReAllocateHeap 11189->11191 11195 73ac36 11189->11195 11192 73684c RtlFreeHeap 11190->11192 11191->11189 11192->11195 11193 73684c RtlFreeHeap 11194 73ad80 11193->11194 11195->11193 11351 7397e1 11353 7397e3 11351->11353 11352 7397c9 NtQuerySystemInformation 11352->11353 11357 7397df 11352->11357 11353->11352 11354 7397fc 11353->11354 11355 736868 RtlReAllocateHeap 11353->11355 11356 73684c RtlFreeHeap 11354->11356 11355->11353 11356->11357 11358 73684c RtlFreeHeap 11357->11358 11359 739842 11358->11359 11196 73dd26 11198 73dcdd 11196->11198 11197 73dd4c 11199 73dd99 11197->11199 11200 73684c RtlFreeHeap 11197->11200 11201 736868 RtlReAllocateHeap 11198->11201 11202 73dcf9 11198->11202 11200->11199 11201->11198 11202->11197 11203 73daec NtTerminateProcess 11202->11203 11204 73dbbc NtTerminateProcess 11202->11204 11203->11202 11204->11202 11360 73d7e6 11361 73d7e8 11360->11361 11380 73cc60 11361->11380 11364 73ce38 RtlAllocateHeap 11366 73d827 11364->11366 11365 73d928 11368 73d936 11365->11368 11369 73684c RtlFreeHeap 11365->11369 11374 736db0 RtlAllocateHeap 11366->11374 11375 73d81d 11366->11375 11367 73684c RtlFreeHeap 11367->11365 11370 73684c RtlFreeHeap 11368->11370 11372 73d944 11368->11372 11369->11368 11370->11372 11371 73d952 11372->11371 11373 73684c RtlFreeHeap 11372->11373 11373->11371 11376 73d87d 11374->11376 11375->11365 11375->11367 11376->11375 11377 736830 RtlAllocateHeap 11376->11377 11378 73d8d0 11377->11378 11378->11375 11379 73cf28 2 API calls 11378->11379 11379->11375 11381 736db0 RtlAllocateHeap 11380->11381 11382 73ccb2 11381->11382 11414 73ccbb 11382->11414 11415 73c5b4 11382->11415 11385 73cdcc 11388 73cdda 11385->11388 11389 73684c RtlFreeHeap 11385->11389 11387 73684c RtlFreeHeap 11387->11385 11390 73cde8 11388->11390 11392 73684c RtlFreeHeap 11388->11392 11389->11388 11393 73cdf6 11390->11393 11395 73684c RtlFreeHeap 11390->11395 11392->11390 11396 73ce04 11393->11396 11398 73684c RtlFreeHeap 11393->11398 11394 73c820 2 API calls 11397 73ccd5 11394->11397 11395->11393 11400 73ce12 11396->11400 11402 73684c RtlFreeHeap 11396->11402 11450 73c884 11397->11450 11398->11396 11403 73ce20 11400->11403 11405 73684c RtlFreeHeap 11400->11405 11401 73ccdd 11455 73ca7c 11401->11455 11402->11400 11404 73ce2e 11403->11404 11406 73684c RtlFreeHeap 11403->11406 11404->11364 11404->11375 11405->11403 11406->11404 11410 73ccf5 11411 736830 RtlAllocateHeap 11410->11411 11412 73cd75 11411->11412 11413 736868 RtlReAllocateHeap 11412->11413 11412->11414 11413->11414 11414->11385 11414->11387 11416 73a458 6 API calls 11415->11416 11417 73c5e8 11416->11417 11418 736830 RtlAllocateHeap 11417->11418 11428 73c5ee 11417->11428 11419 73c600 11418->11419 11422 73a458 6 API calls 11419->11422 11419->11428 11420 73c78e 11423 73684c RtlFreeHeap 11420->11423 11424 73c79c 11420->11424 11421 73684c RtlFreeHeap 11421->11420 11427 73c61d 11422->11427 11423->11424 11425 73c7aa 11424->11425 11426 73684c RtlFreeHeap 11424->11426 11441 73c7b4 11425->11441 11426->11425 11427->11428 11429 736db0 RtlAllocateHeap 11427->11429 11428->11420 11428->11421 11430 73c632 11429->11430 11430->11428 11431 736db0 RtlAllocateHeap 11430->11431 11432 73c64a 11431->11432 11432->11428 11433 736830 RtlAllocateHeap 11432->11433 11434 73c67b 11433->11434 11434->11428 11435 736830 RtlAllocateHeap 11434->11435 11439 73c6a4 11435->11439 11436 73a190 6 API calls 11436->11439 11438 73c75b 11440 736868 RtlReAllocateHeap 11438->11440 11439->11428 11439->11436 11439->11438 11462 73a51c 11439->11462 11440->11428 11466 73a0d8 11441->11466 11444 736830 RtlAllocateHeap 11445 73c7e9 11444->11445 11446 73c810 11445->11446 11447 73a0d8 2 API calls 11445->11447 11446->11394 11448 73c804 11447->11448 11448->11446 11449 73684c RtlFreeHeap 11448->11449 11449->11446 11451 736c60 RtlFreeHeap 11450->11451 11454 73c8ad 11451->11454 11452 736830 RtlAllocateHeap 11453 73c8b1 11452->11453 11453->11401 11454->11452 11454->11453 11456 73cb37 11455->11456 11457 736830 RtlAllocateHeap 11456->11457 11458 73cbe4 11456->11458 11457->11458 11459 73cc10 11458->11459 11460 736830 RtlAllocateHeap 11459->11460 11461 73cc22 11460->11461 11461->11410 11463 73a55f 11462->11463 11464 73b390 2 API calls 11463->11464 11465 73a579 11463->11465 11464->11465 11465->11439 11467 73a10f 11466->11467 11468 73b390 2 API calls 11467->11468 11469 73a129 11467->11469 11468->11469 11469->11444 11205 73b624 11206 73b671 11205->11206 11207 73b676 11206->11207 11208 73b678 RtlAdjustPrivilege 11206->11208 11208->11206 9282 74946f 9283 749480 9282->9283 9290 73639c 9283->9290 9285 74948f 9337 739960 9285->9337 9287 74949a 9376 7473b4 9287->9376 9421 735afc 9290->9421 9293 7363b6 RtlCreateHeap 9294 7363d1 9293->9294 9336 73653c 9293->9336 9295 735afc 3 API calls 9294->9295 9296 7363e1 9295->9296 9296->9336 9429 735db0 9296->9429 9299 735db0 8 API calls 9300 73640d 9299->9300 9301 735db0 8 API calls 9300->9301 9302 73641e 9301->9302 9303 735db0 8 API calls 9302->9303 9304 73642f 9303->9304 9305 735db0 8 API calls 9304->9305 9306 736440 9305->9306 9307 735db0 8 API calls 9306->9307 9308 736451 9307->9308 9309 735db0 8 API calls 9308->9309 9310 736462 9309->9310 9311 735db0 8 API calls 9310->9311 9312 736473 9311->9312 9313 735db0 8 API calls 9312->9313 9314 736484 9313->9314 9315 735db0 8 API calls 9314->9315 9316 736495 9315->9316 9317 735db0 8 API calls 9316->9317 9318 7364a6 9317->9318 9319 735db0 8 API calls 9318->9319 9320 7364b7 9319->9320 9321 735db0 8 API calls 9320->9321 9322 7364c8 9321->9322 9323 735db0 8 API calls 9322->9323 9324 7364d9 9323->9324 9325 735db0 8 API calls 9324->9325 9326 7364ea 9325->9326 9327 735db0 8 API calls 9326->9327 9328 7364fb 9327->9328 9329 735db0 8 API calls 9328->9329 9330 73650c 9329->9330 9331 735db0 8 API calls 9330->9331 9332 73651d 9331->9332 9333 735db0 8 API calls 9332->9333 9334 73652e 9333->9334 9435 747694 9334->9435 9336->9285 9338 739965 9337->9338 9478 736f10 9338->9478 9340 7399a7 9511 736d08 9340->9511 9342 7399b6 9343 7399c4 9342->9343 9514 73bacc 9342->9514 9343->9287 9344 73996a 9344->9340 9560 73b458 9344->9560 9347 7399d0 9517 73b664 9347->9517 9355 7399e3 9356 739a6f 9355->9356 9530 73b17c 9355->9530 9361 73b5d0 NtQueryInformationToken 9356->9361 9371 739aae 9356->9371 9359 7399f9 9359->9355 9572 73ae44 9359->9572 9367 739a9c 9361->9367 9367->9371 9595 743144 9367->9595 9368 739a41 9368->9356 9370 73684c RtlFreeHeap 9368->9370 9372 739a59 9370->9372 9544 73c354 9371->9544 9373 73684c RtlFreeHeap 9372->9373 9374 739a64 9373->9374 9375 73684c RtlFreeHeap 9374->9375 9375->9356 9377 7473de 9376->9377 9378 7473ff 9377->9378 9382 7473f4 35 API calls 9377->9382 9385 74740e 9377->9385 9659 739b80 9378->9659 9383 747580 9728 741fb8 9383->9728 9384 74758d 9386 7475a2 9384->9386 9387 747593 9384->9387 9385->9383 9385->9384 9390 7475b2 9386->9390 9391 7475a8 9386->9391 9389 739b80 15 API calls 9387->9389 9394 747598 9389->9394 9392 7475d1 9390->9392 9393 7475b8 9390->9393 9808 747308 9391->9808 9397 7475d7 9392->9397 9398 7475e1 9392->9398 9819 746efc 9393->9819 9779 741e50 9394->9779 9846 743868 9397->9846 9402 747634 9398->9402 9403 7475e7 9398->9403 9405 747643 9402->9405 9406 74763a 9402->9406 9407 747616 9403->9407 9853 746d04 9403->9853 9899 73a308 9405->9899 9408 746b18 2 API calls 9406->9408 9407->9382 9867 740410 9407->9867 9408->9382 9413 747678 9413->9382 9903 742384 9413->9903 9415 73a308 2 API calls 9416 747667 9415->9416 9416->9413 9417 74766c 9416->9417 9418 739b80 15 API calls 9417->9418 9419 747671 9418->9419 9420 746f90 122 API calls 9419->9420 9420->9382 9422 735b0e 9421->9422 9425 735b28 9421->9425 9423 735afc 3 API calls 9422->9423 9423->9425 9424 735afc 3 API calls 9427 735b50 9424->9427 9425->9424 9425->9427 9426 735c1a 9426->9293 9426->9336 9427->9426 9440 735a94 9427->9440 9455 735c34 9429->9455 9431 735ddb 9431->9299 9432 735afc 3 API calls 9433 735deb RtlAllocateHeap 9432->9433 9434 735dc5 9433->9434 9434->9431 9434->9432 9470 736830 9435->9470 9437 747745 9437->9336 9438 7476b5 9438->9437 9473 73684c 9438->9473 9441 735af2 9440->9441 9442 735ac0 9440->9442 9441->9427 9442->9441 9447 735a30 9442->9447 9444 735ad4 9444->9441 9445 735ae8 9444->9445 9450 7359e4 9445->9450 9448 735a47 9447->9448 9449 735a75 LdrLoadDll 9448->9449 9449->9444 9451 7359f3 9450->9451 9452 735a14 LdrGetProcedureAddress 9450->9452 9454 7359ff LdrGetProcedureAddress 9451->9454 9453 735a26 9452->9453 9453->9441 9454->9453 9456 735c47 9455->9456 9457 735c61 9455->9457 9458 735afc 3 API calls 9456->9458 9459 735c89 9457->9459 9460 735afc 3 API calls 9457->9460 9458->9457 9461 735afc 3 API calls 9459->9461 9464 735cb1 9459->9464 9460->9459 9461->9464 9462 735cf9 FindFirstFileW 9462->9464 9463 735d6a 9463->9434 9464->9462 9464->9463 9465 735d47 FindNextFileW 9464->9465 9466 735d29 FindClose 9464->9466 9465->9464 9468 735d5b FindClose 9465->9468 9467 735a30 LdrLoadDll 9466->9467 9469 735d40 9467->9469 9468->9464 9469->9434 9476 7310ac 9470->9476 9472 736838 RtlAllocateHeap 9472->9438 9477 7310ac 9473->9477 9475 736854 RtlFreeHeap 9475->9437 9476->9472 9477->9475 9599 736db0 9478->9599 9480 736f28 9481 7371ff 9480->9481 9482 736830 RtlAllocateHeap 9480->9482 9481->9344 9486 736f45 9482->9486 9483 7371f7 9484 73684c RtlFreeHeap 9483->9484 9484->9481 9485 73684c RtlFreeHeap 9485->9483 9486->9483 9487 736fc8 9486->9487 9488 736830 RtlAllocateHeap 9486->9488 9510 7371e9 9486->9510 9489 736830 RtlAllocateHeap 9487->9489 9490 736ffb 9487->9490 9488->9487 9489->9490 9491 736830 RtlAllocateHeap 9490->9491 9497 73702e 9490->9497 9491->9497 9492 736830 RtlAllocateHeap 9494 737061 9492->9494 9493 7370fa 9501 736830 RtlAllocateHeap 9493->9501 9502 737131 9493->9502 9495 737094 9494->9495 9496 736830 RtlAllocateHeap 9494->9496 9498 736830 RtlAllocateHeap 9495->9498 9499 7370c7 9495->9499 9496->9495 9497->9492 9497->9494 9498->9499 9499->9493 9500 736830 RtlAllocateHeap 9499->9500 9500->9493 9501->9502 9503 736830 RtlAllocateHeap 9502->9503 9502->9510 9504 73716c 9503->9504 9504->9510 9602 736eac 9504->9602 9506 737194 9507 736830 RtlAllocateHeap 9506->9507 9508 7371b3 9507->9508 9509 73684c RtlFreeHeap 9508->9509 9508->9510 9509->9510 9510->9485 9512 736830 RtlAllocateHeap 9511->9512 9513 736d1d 9512->9513 9513->9342 9515 736830 RtlAllocateHeap 9514->9515 9516 73badd 9515->9516 9516->9347 9518 73b671 9517->9518 9519 7399da 9518->9519 9520 73b678 RtlAdjustPrivilege 9518->9520 9521 73b5d0 9519->9521 9520->9518 9522 73b5e7 9521->9522 9523 73b5eb NtQueryInformationToken 9522->9523 9524 7399df 9522->9524 9523->9524 9524->9355 9525 73b358 9524->9525 9611 7397a8 9525->9611 9527 73b375 9528 73b383 9527->9528 9621 739850 9527->9621 9528->9359 9531 73b19a 9530->9531 9532 736830 RtlAllocateHeap 9531->9532 9534 73b1a5 9532->9534 9533 739a28 9533->9356 9589 73b514 9533->9589 9534->9533 9535 73684c RtlFreeHeap 9534->9535 9538 73b1c6 9535->9538 9536 73b320 9537 73684c RtlFreeHeap 9536->9537 9537->9533 9538->9536 9629 736de0 9538->9629 9540 73b2d6 9541 736de0 RtlAllocateHeap 9540->9541 9542 73b2fb 9541->9542 9543 736de0 RtlAllocateHeap 9542->9543 9543->9536 9545 739ac3 9544->9545 9546 73c374 9544->9546 9554 73e214 9545->9554 9547 736db0 RtlAllocateHeap 9546->9547 9548 73c385 9547->9548 9548->9545 9549 736830 RtlAllocateHeap 9548->9549 9553 73c3a1 9549->9553 9550 73c5a1 9551 73684c RtlFreeHeap 9550->9551 9551->9545 9552 73684c RtlFreeHeap 9552->9550 9553->9550 9553->9552 9555 73e230 9554->9555 9632 73e2ac 9555->9632 9557 73e286 9558 73684c RtlFreeHeap 9557->9558 9559 739ac8 9557->9559 9558->9559 9559->9287 9561 73b46d 9560->9561 9562 736830 RtlAllocateHeap 9561->9562 9563 73999e 9561->9563 9565 73b4a6 9562->9565 9563->9340 9566 73ba18 9563->9566 9564 73684c RtlFreeHeap 9564->9563 9565->9563 9565->9564 9568 73ba2d 9566->9568 9567 73bac2 9567->9340 9568->9567 9636 739710 9568->9636 9571 73684c RtlFreeHeap 9571->9567 9573 73ae8f 9572->9573 9584 73b044 9573->9584 9640 73abf8 9573->9640 9575 73ae9d 9576 73af8b 9575->9576 9577 73b09f 9575->9577 9575->9584 9579 736db0 RtlAllocateHeap 9576->9579 9576->9584 9578 736db0 RtlAllocateHeap 9577->9578 9577->9584 9580 73b0ce 9578->9580 9581 73afbe 9579->9581 9582 73684c RtlFreeHeap 9580->9582 9580->9584 9583 73684c RtlFreeHeap 9581->9583 9581->9584 9582->9584 9585 73afe0 9583->9585 9584->9355 9585->9584 9586 736db0 RtlAllocateHeap 9585->9586 9587 73b026 9586->9587 9587->9584 9588 73684c RtlFreeHeap 9587->9588 9588->9584 9591 73b529 9589->9591 9590 73b5b3 9590->9368 9591->9590 9592 736830 RtlAllocateHeap 9591->9592 9594 73b562 9592->9594 9593 73684c RtlFreeHeap 9593->9590 9594->9590 9594->9593 9596 743154 9595->9596 9598 7431b2 9596->9598 9649 742eb4 9596->9649 9598->9371 9600 736830 RtlAllocateHeap 9599->9600 9601 736dc1 9600->9601 9601->9480 9603 736ed3 9602->9603 9608 736e54 9603->9608 9605 736ef3 9606 73684c RtlFreeHeap 9605->9606 9607 736f07 9606->9607 9607->9506 9609 736830 RtlAllocateHeap 9608->9609 9610 736e77 9609->9610 9610->9605 9612 736830 RtlAllocateHeap 9611->9612 9614 7397c6 9612->9614 9613 7397c9 NtQuerySystemInformation 9613->9614 9618 7397df 9613->9618 9614->9613 9615 7397fc 9614->9615 9625 736868 9614->9625 9617 73684c RtlFreeHeap 9615->9617 9617->9618 9618->9527 9619 73684c RtlFreeHeap 9618->9619 9620 739842 9619->9620 9620->9527 9624 739875 9621->9624 9622 739947 9622->9528 9623 73993e NtClose 9623->9622 9624->9622 9624->9623 9628 7310ac 9625->9628 9627 736870 RtlReAllocateHeap 9627->9614 9628->9627 9630 736830 RtlAllocateHeap 9629->9630 9631 736df2 9630->9631 9631->9540 9633 73e2b8 9632->9633 9635 73e2c5 9632->9635 9634 736830 RtlAllocateHeap 9633->9634 9633->9635 9634->9635 9635->9557 9637 739722 9636->9637 9639 73974a 9636->9639 9638 736830 RtlAllocateHeap 9637->9638 9638->9639 9639->9571 9641 736830 RtlAllocateHeap 9640->9641 9642 73ac1d 9641->9642 9643 73ac53 9642->9643 9644 736868 RtlReAllocateHeap 9642->9644 9648 73ac36 9642->9648 9645 73684c RtlFreeHeap 9643->9645 9644->9642 9645->9648 9646 73684c RtlFreeHeap 9647 73ad80 9646->9647 9647->9575 9648->9575 9648->9646 9650 742ec5 9649->9650 9652 743053 9650->9652 9653 73b390 9650->9653 9652->9598 9654 73b3a2 9653->9654 9655 73b39f 9653->9655 9654->9655 9656 73b3e9 NtSetInformationThread 9654->9656 9655->9652 9657 73b3ff NtClose 9656->9657 9658 73b3fe 9656->9658 9657->9655 9658->9657 9660 739b93 9659->9660 9661 739c2e 9659->9661 9940 737f8c 9660->9940 9668 746f90 KiUserCallbackDispatcher 9661->9668 9664 739be1 9665 739c01 CreateMutexW 9664->9665 9944 7368b4 9665->9944 9666 740410 14 API calls 9666->9664 9669 74705b 9668->9669 9678 746fb5 9668->9678 9670 747076 CreateThread 9669->9670 9671 7470a1 CreateThread CreateThread 9669->9671 9670->9671 9673 747091 9670->9673 10438 738f38 RtlAdjustPrivilege 9670->10438 9674 7470df 9671->9674 9675 7470da 9671->9675 10431 737438 GetLogicalDriveStringsW 9671->10431 10436 7377fc CoInitialize 9671->10436 9672 747018 9672->9669 9681 739c34 3 API calls 9672->9681 9673->9671 9676 747100 9674->9676 9677 7470e8 CreateThread 9674->9677 9950 737c74 OpenSCManagerW 9675->9950 9686 74717d 9676->9686 9958 73b690 9676->9958 9677->9676 10418 737e28 9677->10418 9678->9672 10051 739c34 9678->10051 9681->9669 9684 7471c7 NtTerminateThread 9685 7471db 9684->9685 9688 7471e4 CreateThread 9685->9688 9689 7471ff 9685->9689 9686->9684 9686->9685 9688->9689 10426 7395f8 9688->10426 9691 7472ee 9689->9691 9692 74721f 9689->9692 10094 741890 9691->10094 9694 747228 CreateThread 9692->9694 9717 747243 9692->9717 9693 74715d 9697 73e214 2 API calls 9693->9697 9699 747170 9693->9699 9694->9717 10389 73bfc0 9694->10389 9702 74716b 9697->9702 9710 73e214 2 API calls 9699->9710 9700 747295 9703 73b5d0 NtQueryInformationToken 9700->9703 10008 73fbe4 9702->10008 9708 74729a 9703->9708 9705 73e214 2 API calls 9706 74714e 9705->9706 9980 740994 9706->9980 9712 7472a5 9708->9712 9713 74729e 9708->9713 9710->9686 10076 738200 9712->10076 10072 738930 9713->10072 9717->9700 10030 73d95c 9717->10030 9719 7472ec 9719->9382 9720 7472a3 9720->9719 10045 739610 9720->10045 9721 73e214 2 API calls 9722 747158 9721->9722 9984 740b40 9722->9984 9727 740410 14 API calls 9727->9719 9729 7368fc RtlAllocateHeap 9728->9729 9731 741fd0 9729->9731 9730 742069 9730->9382 9731->9730 9732 742001 9731->9732 9733 741ff2 9731->9733 10613 7373f8 9732->10613 10587 73ff5c 9733->10587 9737 742061 9738 73684c RtlFreeHeap 9737->9738 9738->9730 9739 736830 RtlAllocateHeap 9770 742046 9739->9770 9740 74207e 9741 73684c RtlFreeHeap 9740->9741 9741->9730 9742 7420f2 9745 73684c RtlFreeHeap 9742->9745 9743 73a308 2 API calls 9743->9770 9744 73a250 NtSetInformationThread NtClose 9744->9770 9745->9730 9746 7422cb 9748 73684c RtlFreeHeap 9746->9748 9747 7421ea 9749 73684c RtlFreeHeap 9747->9749 9748->9730 9749->9730 9750 7421fd 10625 73a3ac 9750->10625 9751 7421cd 9757 73684c RtlFreeHeap 9751->9757 9752 7422fd 9755 73694c RtlAllocateHeap 9752->9755 9753 742221 9762 74227f 9753->9762 9763 742289 9753->9763 9754 7422de 9754->9752 9758 7422f3 9754->9758 9759 742356 9755->9759 9757->9730 9765 73684c RtlFreeHeap 9758->9765 9766 73684c RtlFreeHeap 9759->9766 9768 73694c RtlAllocateHeap 9762->9768 10629 736a3c 9763->10629 9765->9730 9771 74235f 9766->9771 9767 742214 9772 73684c RtlFreeHeap 9767->9772 9769 742287 9768->9769 9773 73684c RtlFreeHeap 9769->9773 9770->9730 9770->9737 9770->9739 9770->9740 9770->9742 9770->9743 9770->9744 9770->9746 9770->9747 9770->9750 9770->9751 9770->9752 9770->9753 9770->9754 9774 73ab38 NtSetInformationThread NtClose 9770->9774 9777 73684c RtlFreeHeap 9770->9777 10619 73a928 9770->10619 9771->9730 9776 7408c8 10 API calls 9771->9776 9772->9730 9775 74229a 9773->9775 9774->9770 9775->9730 10633 7408c8 9775->10633 9776->9730 9777->9770 9780 741c84 2 API calls 9779->9780 9781 741e5e 9780->9781 9782 741e62 9781->9782 9783 741e83 9781->9783 9784 741e7e 9782->9784 9786 740410 14 API calls 9782->9786 9785 739610 2 API calls 9783->9785 9784->9382 9787 741e88 9785->9787 9786->9784 9788 741e8c 9787->9788 9794 741e96 9787->9794 9789 746f90 122 API calls 9788->9789 9790 741e91 9789->9790 9790->9382 9791 741fb2 9791->9382 9792 741f11 9793 741f5a 9792->9793 9797 739c34 3 API calls 9792->9797 10642 740d8c 9793->10642 9794->9791 9794->9792 9796 739c34 3 API calls 9794->9796 9796->9792 9797->9793 9802 741f87 9802->9791 10690 7410cc 9802->10690 9805 738200 2 API calls 9806 741fab 9805->9806 9807 741608 2 API calls 9806->9807 9807->9791 10729 741b44 9808->10729 9811 738200 2 API calls 9812 74731b 9811->9812 9813 73b5d0 NtQueryInformationToken 9812->9813 9814 747334 9813->9814 9815 7473ac 9814->9815 9816 739610 2 API calls 9814->9816 9815->9382 9817 74738c 9816->9817 9818 740410 14 API calls 9817->9818 9818->9815 9820 7438b0 RtlAllocateHeap 9819->9820 9824 746f0e 9820->9824 9821 746f7d 9822 746f8b 9821->9822 9823 73684c RtlFreeHeap 9821->9823 9834 746b18 9822->9834 9823->9822 9824->9821 9825 746f52 9824->9825 10742 7463ec 9824->10742 10760 743dfc 9825->10760 9831 746f73 9832 743dfc 2 API calls 9831->9832 9832->9821 9835 746b2c 9834->9835 9836 746cfb 9834->9836 9837 7438b0 RtlAllocateHeap 9835->9837 9836->9382 9838 746b3c 9837->9838 9839 746be2 9838->9839 9843 736830 RtlAllocateHeap 9838->9843 9840 746ced 9839->9840 9841 73684c RtlFreeHeap 9839->9841 9840->9836 9842 73684c RtlFreeHeap 9840->9842 9841->9840 9842->9836 9844 746c04 9843->9844 9844->9839 11068 7465e4 9844->11068 9847 7438b0 RtlAllocateHeap 9846->9847 9848 74387a 9847->9848 9849 74389e 9848->9849 11078 7436e0 9848->11078 9850 7438ac 9849->9850 9851 73684c RtlFreeHeap 9849->9851 9850->9382 9851->9850 9854 746d20 9853->9854 9855 736db0 RtlAllocateHeap 9854->9855 9856 746e31 9855->9856 9857 736db0 RtlAllocateHeap 9856->9857 9866 746e3a 9856->9866 9858 746e4b 9857->9858 9864 736db0 RtlAllocateHeap 9858->9864 9858->9866 9859 746ed7 9861 73684c RtlFreeHeap 9859->9861 9863 746ee5 9859->9863 9860 73684c RtlFreeHeap 9860->9859 9861->9863 9862 746ef3 9862->9407 9863->9862 9865 73684c RtlFreeHeap 9863->9865 9864->9866 9865->9862 9866->9859 9866->9860 9868 740445 9867->9868 9869 736db0 RtlAllocateHeap 9868->9869 9870 7404be 9869->9870 9871 736830 RtlAllocateHeap 9870->9871 9872 7404c7 9870->9872 9873 7404de 9871->9873 9874 73684c RtlFreeHeap 9872->9874 9875 74088c 9872->9875 9873->9872 11096 740294 9873->11096 9874->9875 9876 74089a 9875->9876 9878 73684c RtlFreeHeap 9875->9878 9879 7408a8 9876->9879 9881 73684c RtlFreeHeap 9876->9881 9878->9876 9882 7408b6 9879->9882 9883 73684c RtlFreeHeap 9879->9883 9880 74050f 9880->9872 9884 740530 GetTempFileNameW CreateFileW 9880->9884 9881->9879 9882->9382 9883->9882 9884->9872 9885 740575 WriteFile 9884->9885 9885->9872 9886 740591 CreateProcessW 9885->9886 9886->9872 9888 7405fb NtQueryInformationProcess 9886->9888 9888->9872 9889 74061f NtReadVirtualMemory 9888->9889 9889->9872 9890 740646 9889->9890 9891 736db0 RtlAllocateHeap 9890->9891 9892 740650 9891->9892 9892->9872 9893 7406b4 NtProtectVirtualMemory 9892->9893 9893->9872 9894 7406e0 NtWriteVirtualMemory 9893->9894 9894->9872 9895 7406fa 9894->9895 9895->9872 9896 74075d NtDuplicateObject 9895->9896 9896->9872 9897 740785 CreateNamedPipeW 9896->9897 9897->9872 9898 7407f1 ResumeThread ConnectNamedPipe 9897->9898 9898->9872 9900 73a32b 9899->9900 9901 73b390 2 API calls 9900->9901 9902 73a345 9900->9902 9901->9902 9902->9413 9902->9415 9904 7368fc RtlAllocateHeap 9903->9904 9934 74239c 9904->9934 9905 73a250 NtSetInformationThread NtClose 9905->9934 9906 73a308 2 API calls 9906->9934 9907 742518 9909 73684c RtlFreeHeap 9907->9909 9908 742437 9910 73684c RtlFreeHeap 9908->9910 9938 742422 9909->9938 9910->9938 9911 74244a 9917 73a3ac 2 API calls 9911->9917 9912 74241a 9918 73684c RtlFreeHeap 9912->9918 9913 74254a 9916 73694c RtlAllocateHeap 9913->9916 9914 74246e 9922 7424d6 9914->9922 9923 7424cc 9914->9923 9915 74252b 9915->9913 9919 742540 9915->9919 9920 7425a3 9916->9920 9921 74245d 9917->9921 9918->9938 9924 73684c RtlFreeHeap 9919->9924 9925 73684c RtlFreeHeap 9920->9925 9921->9914 9926 742461 9921->9926 9928 736a3c RtlAllocateHeap 9922->9928 9927 73694c RtlAllocateHeap 9923->9927 9924->9938 9930 7425ac 9925->9930 9931 73684c RtlFreeHeap 9926->9931 9929 7424d4 9927->9929 9928->9929 9933 73684c RtlFreeHeap 9929->9933 9936 7408c8 10 API calls 9930->9936 9930->9938 9931->9938 9932 73ab38 NtSetInformationThread NtClose 9932->9934 9935 7424e7 9933->9935 9934->9905 9934->9906 9934->9907 9934->9908 9934->9911 9934->9912 9934->9913 9934->9914 9934->9915 9934->9932 9937 73684c RtlFreeHeap 9934->9937 9934->9938 9935->9938 9939 7408c8 10 API calls 9935->9939 9936->9938 9937->9934 9938->9382 9939->9938 9941 737fa5 9940->9941 9943 73805e 9941->9943 9947 736888 9941->9947 9943->9664 9943->9666 9945 73684c RtlFreeHeap 9944->9945 9946 7368c3 9945->9946 9946->9661 9948 736830 RtlAllocateHeap 9947->9948 9949 73689e 9948->9949 9949->9943 9951 737ca2 9950->9951 9952 737daa 9950->9952 9954 736830 RtlAllocateHeap 9951->9954 9953 737dc7 9952->9953 9955 73684c RtlFreeHeap 9952->9955 9953->9674 9956 737cd1 9954->9956 9955->9953 9956->9952 10123 73dbbc 9956->10123 9959 736888 RtlAllocateHeap 9958->9959 9960 73b698 9959->9960 9961 73b6e0 9960->9961 9962 73b69e NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 9960->9962 9964 73e144 9961->9964 9963 7368b4 RtlFreeHeap 9962->9963 9963->9961 9967 73e151 9964->9967 9965 73e1b6 9965->9686 9965->9693 9969 73a65c 9965->9969 9966 73e186 CreateThread 9966->9967 10127 73ddd4 SetThreadPriority 9966->10127 9967->9965 9967->9966 9968 73e1a7 NtClose 9967->9968 9968->9967 9970 73a683 GetVolumeNameForVolumeMountPointW 9969->9970 9972 73a6c6 FindFirstVolumeW 9970->9972 9973 73a917 9972->9973 9979 73a6e2 9972->9979 9973->9705 9974 73a6fb GetVolumePathNamesForVolumeNameW 9974->9979 9975 73a72c GetDriveTypeW 9975->9979 9976 73a7cd CreateFileW 9977 73a7f3 DeviceIoControl 9976->9977 9976->9979 9977->9979 9978 73a5d0 6 API calls 9978->9979 9979->9973 9979->9974 9979->9975 9979->9976 9979->9978 9982 7409ee 9980->9982 9981 740a68 9981->9721 9982->9981 10135 73694c 9982->10135 9985 740b55 9984->9985 10139 73a458 CreateThread 9985->10139 9987 740b67 9988 736830 RtlAllocateHeap 9987->9988 10007 740b6d 9987->10007 9990 740b7f 9988->9990 9989 740d66 9992 740d74 9989->9992 9995 73684c RtlFreeHeap 9989->9995 9994 73a458 6 API calls 9990->9994 9990->10007 9991 73684c RtlFreeHeap 9991->9989 9993 740d82 9992->9993 9996 73684c RtlFreeHeap 9992->9996 9993->9693 9997 740b9c 9994->9997 9995->9992 9996->9993 9998 736830 RtlAllocateHeap 9997->9998 9997->10007 9999 740bb7 9998->9999 10000 736830 RtlAllocateHeap 9999->10000 9999->10007 10006 740bd2 10000->10006 10002 73694c RtlAllocateHeap 10003 740c2e CreateThread 10002->10003 10003->10006 10157 73f264 GetFileAttributesW 10003->10157 10004 73694c RtlAllocateHeap 10004->10006 10005 73b390 2 API calls 10005->10006 10006->10002 10006->10004 10006->10005 10006->10007 10147 73a190 CreateThread 10006->10147 10007->9989 10007->9991 10009 73fc10 10008->10009 10010 736830 RtlAllocateHeap 10009->10010 10011 73fc1d 10010->10011 10025 73fc26 10011->10025 10317 73f788 CoInitialize 10011->10317 10013 73ff37 10016 73ff45 10013->10016 10017 73684c RtlFreeHeap 10013->10017 10015 73684c RtlFreeHeap 10015->10013 10018 73ff53 10016->10018 10020 73684c RtlFreeHeap 10016->10020 10017->10016 10018->9699 10019 736830 RtlAllocateHeap 10021 73fc53 10019->10021 10020->10018 10022 736830 RtlAllocateHeap 10021->10022 10021->10025 10029 73fc6e 10022->10029 10023 73f4f8 NtSetInformationThread NtClose 10023->10029 10025->10013 10025->10015 10026 73f634 NtSetInformationThread NtClose 10026->10029 10027 73b390 2 API calls 10027->10029 10028 73684c RtlFreeHeap 10028->10029 10029->10023 10029->10025 10029->10026 10029->10027 10029->10028 10323 7369a8 10029->10323 10327 73ce38 10030->10327 10032 73d99e 10033 73dac6 10032->10033 10034 73684c RtlFreeHeap 10032->10034 10035 73dad4 10033->10035 10037 73684c RtlFreeHeap 10033->10037 10034->10033 10038 73dae2 10035->10038 10040 73684c RtlFreeHeap 10035->10040 10036 73d995 10036->10032 10039 736db0 RtlAllocateHeap 10036->10039 10037->10035 10038->9700 10041 73d9eb 10039->10041 10040->10038 10041->10032 10042 736830 RtlAllocateHeap 10041->10042 10043 73da21 10042->10043 10043->10032 10331 73cf28 10043->10331 10048 739639 10045->10048 10046 739705 10046->9727 10047 73684c RtlFreeHeap 10047->10046 10050 739668 10048->10050 10370 73c820 10048->10370 10050->10046 10050->10047 10053 739c66 10051->10053 10052 739c6a 10052->9672 10053->10052 10376 7438b0 10053->10376 10055 73a01a 10057 73a02e 10055->10057 10059 73684c RtlFreeHeap 10055->10059 10056 73684c RtlFreeHeap 10056->10055 10058 73a042 10057->10058 10060 73684c RtlFreeHeap 10057->10060 10061 73a056 10058->10061 10062 73684c RtlFreeHeap 10058->10062 10059->10057 10060->10058 10061->9672 10062->10061 10063 739de1 10064 73b5d0 NtQueryInformationToken 10063->10064 10068 739df0 10063->10068 10065 739eb2 10064->10065 10066 736db0 RtlAllocateHeap 10065->10066 10065->10068 10067 739ef5 10066->10067 10067->10068 10069 736db0 RtlAllocateHeap 10067->10069 10068->10055 10068->10056 10070 739f15 10069->10070 10070->10068 10071 736db0 RtlAllocateHeap 10070->10071 10071->10068 10073 738941 10072->10073 10074 73b390 2 API calls 10073->10074 10075 738b3c 10073->10075 10074->10075 10075->9720 10081 738260 10076->10081 10093 73825b 10076->10093 10077 7388d9 10079 73684c RtlFreeHeap 10077->10079 10080 7388e7 10077->10080 10078 73684c RtlFreeHeap 10078->10077 10079->10080 10080->9720 10082 736830 RtlAllocateHeap 10081->10082 10081->10093 10083 73839f 10082->10083 10084 7383d1 10083->10084 10085 7383b7 10083->10085 10083->10093 10087 736db0 RtlAllocateHeap 10084->10087 10086 736db0 RtlAllocateHeap 10085->10086 10088 7383c1 10086->10088 10087->10088 10089 738404 10088->10089 10091 738418 10088->10091 10088->10093 10090 73684c RtlFreeHeap 10089->10090 10090->10093 10091->10093 10379 736c60 10091->10379 10093->10077 10093->10078 10095 736db0 RtlAllocateHeap 10094->10095 10097 7418c3 10095->10097 10096 741a04 10100 73684c RtlFreeHeap 10096->10100 10102 741a12 10096->10102 10108 7418cc 10097->10108 10383 741814 10097->10383 10098 73684c RtlFreeHeap 10098->10096 10100->10102 10101 741a20 10111 741c84 10101->10111 10102->10101 10103 73684c RtlFreeHeap 10102->10103 10103->10101 10104 741900 10105 7368fc RtlAllocateHeap 10104->10105 10104->10108 10106 74191b 10105->10106 10107 736db0 RtlAllocateHeap 10106->10107 10106->10108 10109 741981 10107->10109 10108->10096 10108->10098 10110 73684c RtlFreeHeap 10109->10110 10110->10108 10112 741d88 10111->10112 10115 741db6 10112->10115 10386 741b90 10112->10386 10114 741e47 10117 741608 10114->10117 10115->10114 10116 73684c RtlFreeHeap 10115->10116 10116->10114 10118 741620 10117->10118 10119 736db0 RtlAllocateHeap 10118->10119 10120 74165a 10119->10120 10121 741663 10120->10121 10122 73684c RtlFreeHeap 10120->10122 10121->9719 10122->10121 10124 73dc16 10123->10124 10125 73dc2e 10124->10125 10126 73dc1a NtTerminateProcess 10124->10126 10125->9956 10126->10125 10133 73ddeb 10127->10133 10128 73de3e 10129 73de4d ReadFile 10129->10133 10130 73e006 WriteFile 10130->10133 10131 73e0ac NtClose 10131->10133 10132 73684c RtlFreeHeap 10132->10133 10133->10128 10133->10129 10133->10130 10133->10131 10133->10132 10134 73df8d WriteFile 10133->10134 10134->10133 10136 736964 10135->10136 10137 736830 RtlAllocateHeap 10136->10137 10138 73697a 10136->10138 10137->10138 10138->9981 10140 73a4f4 10139->10140 10141 73a498 10139->10141 10155 73a440 GetLogicalDriveStringsW 10139->10155 10140->9987 10142 73a4ca ResumeThread 10141->10142 10143 73b390 2 API calls 10141->10143 10145 73a4de GetExitCodeThread 10142->10145 10144 73a4a9 10143->10144 10144->10142 10146 73a4ad 10144->10146 10145->10140 10146->9987 10148 73a21f 10147->10148 10150 73a1c3 10147->10150 10156 73a180 GetDriveTypeW 10147->10156 10148->10006 10149 73a1f5 ResumeThread 10152 73a209 GetExitCodeThread 10149->10152 10150->10149 10151 73b390 2 API calls 10150->10151 10153 73a1d4 10151->10153 10152->10148 10153->10149 10154 73a1d8 10153->10154 10154->10006 10158 73f2db SetThreadPriority 10157->10158 10159 73f27d 10157->10159 10163 73f2ea 10158->10163 10160 73f2cd 10159->10160 10239 73a064 FindFirstFileExW 10159->10239 10161 73684c RtlFreeHeap 10160->10161 10164 73f2d5 10161->10164 10166 736830 RtlAllocateHeap 10163->10166 10182 73f309 10166->10182 10167 73f2a7 10169 73c0f8 10 API calls 10167->10169 10170 73f2b1 10169->10170 10172 73eec8 13 API calls 10170->10172 10174 73f2c7 10172->10174 10173 73684c RtlFreeHeap 10175 73f339 FindFirstFileExW 10173->10175 10175->10182 10176 73684c RtlFreeHeap 10176->10182 10177 73f4a8 10178 73684c RtlFreeHeap 10177->10178 10181 73f4cb 10178->10181 10179 73f470 FindNextFileW 10180 73f488 FindClose 10179->10180 10179->10182 10180->10182 10182->10173 10182->10176 10182->10177 10182->10179 10183 73f124 RtlAllocateHeap 10182->10183 10185 73c0f8 10182->10185 10204 73f0c0 10182->10204 10208 73eec8 10182->10208 10183->10182 10186 73c114 10185->10186 10203 73c10f 10185->10203 10242 7368fc 10186->10242 10189 73c12c GetFileAttributesW 10190 73c13c 10189->10190 10191 73c181 10190->10191 10192 73c19a 10190->10192 10195 73c1e8 5 API calls 10191->10195 10193 73c1a2 10192->10193 10194 73c1b1 GetFileAttributesW 10192->10194 10246 73c1e8 CreateFileW 10193->10246 10197 73c1ca CopyFileW 10194->10197 10198 73c1be 10194->10198 10199 73c189 10195->10199 10201 73684c RtlFreeHeap 10197->10201 10200 73684c RtlFreeHeap 10198->10200 10202 73684c RtlFreeHeap 10199->10202 10200->10193 10201->10203 10202->10203 10203->10182 10205 73f0d8 10204->10205 10206 73f0ee 10205->10206 10207 736830 RtlAllocateHeap 10205->10207 10206->10182 10207->10206 10209 73f0b1 10208->10209 10210 73eee9 10208->10210 10209->10182 10257 73e308 10210->10257 10213 73f0a9 10214 73684c RtlFreeHeap 10213->10214 10214->10209 10216 73ef01 10216->10213 10217 73ef15 10216->10217 10218 73ef28 10216->10218 10290 73eb5c 10217->10290 10294 73ec40 10218->10294 10221 73ef43 MoveFileExW 10222 73ef55 10221->10222 10227 73ef23 10221->10227 10226 73efad CreateFileW 10222->10226 10235 73efd1 10222->10235 10223 73ef90 10225 73684c RtlFreeHeap 10223->10225 10224 73684c RtlFreeHeap 10224->10227 10225->10222 10228 73efd6 10226->10228 10226->10235 10227->10213 10227->10221 10227->10222 10227->10223 10227->10224 10229 73ec40 RtlAllocateHeap 10227->10229 10270 73ec8c 10228->10270 10229->10227 10230 73684c RtlFreeHeap 10230->10213 10233 73efff CreateIoCompletionPort 10234 73f016 10233->10234 10237 73f038 10233->10237 10236 73684c RtlFreeHeap 10234->10236 10235->10213 10235->10230 10236->10235 10237->10235 10238 73684c RtlFreeHeap 10237->10238 10238->10235 10240 73a0b5 10239->10240 10241 73a095 FindClose 10239->10241 10240->10160 10240->10167 10241->10240 10243 736912 10242->10243 10244 736929 10243->10244 10245 736830 RtlAllocateHeap 10243->10245 10244->10189 10244->10203 10245->10244 10247 73c349 10246->10247 10248 73c219 10246->10248 10247->10203 10249 73c251 WriteFile 10248->10249 10250 73c276 10249->10250 10251 73c288 WriteFile 10249->10251 10250->10203 10252 73c2c1 WriteFile 10251->10252 10253 73c2af 10251->10253 10254 73c2e6 10252->10254 10255 73c2f8 WriteFile 10252->10255 10253->10203 10254->10203 10255->10248 10256 73c31f 10255->10256 10256->10203 10258 73e321 SetFileAttributesW CreateFileW 10257->10258 10260 73e367 10258->10260 10261 73e34f 10258->10261 10260->10213 10262 73e3b8 SetFileAttributesW CreateFileW 10260->10262 10261->10258 10261->10260 10298 73dda4 10261->10298 10263 73e3f8 SetFilePointerEx 10262->10263 10265 73e464 10262->10265 10264 73e417 ReadFile 10263->10264 10263->10265 10264->10265 10266 73e436 10264->10266 10265->10216 10267 73e2ac RtlAllocateHeap 10266->10267 10268 73e447 10267->10268 10268->10265 10269 73684c RtlFreeHeap 10268->10269 10269->10265 10271 73ecbc 10270->10271 10272 73eced 10271->10272 10273 73e214 2 API calls 10271->10273 10274 736830 RtlAllocateHeap 10272->10274 10273->10272 10276 73ecf9 10274->10276 10275 73ee95 10278 73eea3 10275->10278 10279 73684c RtlFreeHeap 10275->10279 10282 736830 RtlAllocateHeap 10276->10282 10289 73ee40 10276->10289 10277 73684c RtlFreeHeap 10277->10275 10280 73eeb1 10278->10280 10281 73684c RtlFreeHeap 10278->10281 10279->10278 10280->10233 10280->10235 10281->10280 10283 73ed56 10282->10283 10284 736830 RtlAllocateHeap 10283->10284 10283->10289 10285 73ed85 10284->10285 10286 736830 RtlAllocateHeap 10285->10286 10285->10289 10287 73ee37 10286->10287 10288 73684c RtlFreeHeap 10287->10288 10287->10289 10288->10289 10289->10275 10289->10277 10291 73eb69 10290->10291 10292 7368fc RtlAllocateHeap 10291->10292 10293 73eb75 10292->10293 10293->10227 10295 73ec4e 10294->10295 10296 7368fc RtlAllocateHeap 10295->10296 10297 73ec5d 10296->10297 10297->10227 10299 73ddaf 10298->10299 10300 73ddbc 10299->10300 10302 73dc40 10299->10302 10300->10261 10305 73dc77 10302->10305 10303 73dd4c 10304 73dd99 10303->10304 10306 73684c RtlFreeHeap 10303->10306 10304->10300 10305->10303 10307 736830 RtlAllocateHeap 10305->10307 10306->10304 10308 73dcd0 10307->10308 10308->10303 10309 736868 RtlReAllocateHeap 10308->10309 10310 73dcf9 10308->10310 10309->10308 10310->10303 10312 73dbbc NtTerminateProcess 10310->10312 10313 73daec 10310->10313 10312->10310 10315 73db0c 10313->10315 10314 73db89 10314->10310 10315->10314 10316 73dbbc NtTerminateProcess 10315->10316 10316->10314 10318 73f96e 10317->10318 10320 73f7c5 10317->10320 10318->10019 10318->10025 10319 736830 RtlAllocateHeap 10319->10320 10320->10319 10321 73f84a 10320->10321 10321->10318 10322 736830 RtlAllocateHeap 10321->10322 10322->10321 10324 7369c1 10323->10324 10325 736830 RtlAllocateHeap 10324->10325 10326 7369e1 10325->10326 10326->10029 10329 73ce54 10327->10329 10328 73ced9 10328->10036 10329->10328 10330 736830 RtlAllocateHeap 10329->10330 10330->10328 10332 73cf80 10331->10332 10333 73cf7b 10331->10333 10332->10333 10335 736830 RtlAllocateHeap 10332->10335 10334 73d3ba 10333->10334 10336 73684c RtlFreeHeap 10333->10336 10337 73d3c8 10334->10337 10338 73684c RtlFreeHeap 10334->10338 10342 73cfc1 10335->10342 10336->10334 10339 73d3d6 10337->10339 10340 73684c RtlFreeHeap 10337->10340 10338->10337 10341 73d3e4 10339->10341 10343 73684c RtlFreeHeap 10339->10343 10340->10339 10344 73d3f2 10341->10344 10347 73684c RtlFreeHeap 10341->10347 10342->10333 10358 73d5d8 10342->10358 10343->10341 10345 73d400 10344->10345 10348 73684c RtlFreeHeap 10344->10348 10345->10032 10347->10344 10348->10345 10349 73cfea 10349->10333 10362 73d40c 10349->10362 10351 73cffd 10351->10333 10366 73d594 10351->10366 10354 736db0 RtlAllocateHeap 10355 73d028 10354->10355 10355->10333 10356 736830 RtlAllocateHeap 10355->10356 10357 73684c RtlFreeHeap 10355->10357 10356->10355 10357->10355 10359 73d603 10358->10359 10360 736830 RtlAllocateHeap 10359->10360 10361 73d700 10360->10361 10361->10349 10363 73d49c 10362->10363 10364 736830 RtlAllocateHeap 10363->10364 10365 73d4da 10364->10365 10365->10351 10367 73d5b3 10366->10367 10368 736db0 RtlAllocateHeap 10367->10368 10369 73d010 10368->10369 10369->10333 10369->10354 10371 73c841 10370->10371 10372 736830 RtlAllocateHeap 10371->10372 10373 73c851 10372->10373 10374 73684c RtlFreeHeap 10373->10374 10375 73c873 10373->10375 10374->10375 10375->10050 10377 736830 RtlAllocateHeap 10376->10377 10378 7438c7 10377->10378 10378->10063 10380 736c83 10379->10380 10381 736cec 10380->10381 10382 73684c RtlFreeHeap 10380->10382 10381->10093 10382->10381 10384 736830 RtlAllocateHeap 10383->10384 10385 74182a 10384->10385 10385->10104 10387 736830 RtlAllocateHeap 10386->10387 10388 741baa 10387->10388 10388->10115 10390 736db0 RtlAllocateHeap 10389->10390 10391 73bfdc 10390->10391 10392 73c0c7 10391->10392 10394 736830 RtlAllocateHeap 10391->10394 10393 73c0d5 10392->10393 10395 73684c RtlFreeHeap 10392->10395 10396 73c0e3 10393->10396 10397 73684c RtlFreeHeap 10393->10397 10400 73bff3 10394->10400 10395->10393 10398 73c0f1 10396->10398 10399 73684c RtlFreeHeap 10396->10399 10397->10396 10399->10398 10400->10392 10401 73684c RtlFreeHeap 10400->10401 10402 73c021 10401->10402 10403 736830 RtlAllocateHeap 10402->10403 10404 73c031 10403->10404 10404->10392 10405 736eac 2 API calls 10404->10405 10406 73c047 10405->10406 10407 73684c RtlFreeHeap 10406->10407 10408 73c064 10407->10408 10453 73bef0 10408->10453 10410 73c0a6 10413 73bef0 8 API calls 10410->10413 10412 73b390 2 API calls 10412->10410 10414 73c0b1 10413->10414 10415 73bef0 8 API calls 10414->10415 10416 73c0bc 10415->10416 10417 73bef0 8 API calls 10416->10417 10417->10392 10425 737e30 10418->10425 10419 736830 RtlAllocateHeap 10419->10425 10420 737e42 NtQuerySystemInformation 10420->10425 10421 736868 RtlReAllocateHeap 10421->10425 10422 73684c RtlFreeHeap 10422->10425 10423 73684c RtlFreeHeap 10424 737f10 Sleep 10423->10424 10424->10425 10425->10419 10425->10420 10425->10421 10425->10422 10425->10423 10484 739198 10426->10484 10428 7395fd 10429 73960c 10428->10429 10501 73908c 10428->10501 10432 737483 10431->10432 10434 73745b 10431->10434 10433 737464 GetDriveTypeW 10433->10434 10434->10432 10434->10433 10513 73748c 10434->10513 10437 737831 10436->10437 10439 7397a8 4 API calls 10438->10439 10440 738f70 10439->10440 10441 739850 NtClose 10440->10441 10442 738fe0 10440->10442 10444 738f7e 10441->10444 10443 739005 10442->10443 10584 738e9c 10442->10584 10444->10442 10446 738f87 NtSetInformationThread 10444->10446 10446->10442 10447 738f9b 10446->10447 10573 738d78 10447->10573 10450 739850 NtClose 10451 738fbe 10450->10451 10451->10442 10578 738bb0 10451->10578 10454 73bf15 10453->10454 10455 73bfab 10454->10455 10456 736830 RtlAllocateHeap 10454->10456 10457 73bfb9 10455->10457 10459 73684c RtlFreeHeap 10455->10459 10458 73bf27 10456->10458 10457->10410 10457->10412 10458->10455 10462 73be2c 10458->10462 10467 73bb94 10458->10467 10459->10457 10463 7368fc RtlAllocateHeap 10462->10463 10466 73be48 10463->10466 10464 73bee6 10464->10458 10465 73684c RtlFreeHeap 10465->10464 10466->10464 10466->10465 10468 73bbbc 10467->10468 10471 736830 RtlAllocateHeap 10468->10471 10480 73bbc0 10468->10480 10469 73be06 10472 73be14 10469->10472 10473 73684c RtlFreeHeap 10469->10473 10470 73bdfd DeleteDC 10470->10469 10474 73bbe9 10471->10474 10472->10458 10473->10472 10475 73bc3c CreateDCW 10474->10475 10474->10480 10476 73bc59 10475->10476 10475->10480 10477 73bcfa StartDocW 10476->10477 10477->10480 10481 73bd2a 10477->10481 10478 73bd48 10479 73bdc8 EndDoc 10478->10479 10479->10480 10480->10469 10480->10470 10481->10478 10482 73bd74 DrawTextA 10481->10482 10483 73bdb6 EndPage 10482->10483 10483->10479 10483->10481 10485 739279 10484->10485 10486 73943d RegCreateKeyExW 10485->10486 10488 739497 RegCreateKeyExW 10486->10488 10494 739471 RegEnumKeyW 10486->10494 10490 7395b2 10488->10490 10491 73958c RegEnumKeyW 10488->10491 10490->10428 10491->10490 10496 7395b4 OpenEventLogW 10491->10496 10492 73949c RegCreateKeyExW 10492->10494 10495 7394ca RegSetValueExW 10492->10495 10494->10488 10494->10492 10495->10494 10497 7394ec RegSetValueExW 10495->10497 10496->10491 10498 7395cc ClearEventLogW 10496->10498 10497->10494 10499 73950a OpenEventLogW 10497->10499 10498->10491 10499->10494 10500 739522 ClearEventLogW 10499->10500 10500->10494 10508 73900c RtlAdjustPrivilege 10501->10508 10503 739164 10504 739185 10503->10504 10505 73917c CloseServiceHandle 10503->10505 10504->10429 10505->10504 10506 7390a5 10506->10503 10507 73dbbc NtTerminateProcess 10506->10507 10507->10503 10509 7397a8 4 API calls 10508->10509 10510 739044 10509->10510 10511 739850 NtClose 10510->10511 10512 739052 10510->10512 10511->10512 10512->10506 10521 737560 10513->10521 10515 7374a4 10516 7374d6 FindFirstFileExW 10515->10516 10518 737550 10515->10518 10516->10518 10519 7374fe 10516->10519 10517 73753c FindNextFileW 10517->10518 10517->10519 10518->10434 10519->10517 10527 73763c 10519->10527 10522 737580 FindFirstFileExW 10521->10522 10524 737632 10522->10524 10526 7375de FindClose 10522->10526 10524->10515 10526->10524 10528 73765e 10527->10528 10529 7377f2 10528->10529 10530 736830 RtlAllocateHeap 10528->10530 10529->10517 10534 737676 10530->10534 10531 7377cd 10532 7377e4 10531->10532 10533 73684c RtlFreeHeap 10531->10533 10532->10529 10535 73684c RtlFreeHeap 10532->10535 10533->10532 10534->10531 10536 7376ae FindFirstFileExW 10534->10536 10535->10529 10536->10531 10541 7376d6 10536->10541 10537 7377b5 FindNextFileW 10537->10531 10537->10541 10538 736830 RtlAllocateHeap 10538->10541 10539 737750 GetFileAttributesW 10539->10541 10541->10537 10541->10538 10541->10539 10542 73763c 12 API calls 10541->10542 10543 73684c RtlFreeHeap 10541->10543 10544 736654 10541->10544 10542->10541 10543->10541 10545 73666a 10544->10545 10545->10545 10546 73a064 2 API calls 10545->10546 10547 736681 10546->10547 10548 736691 CreateFileW 10547->10548 10563 736791 10547->10563 10549 7366b9 10548->10549 10548->10563 10550 7366be NtAllocateVirtualMemory 10549->10550 10561 7366ef 10549->10561 10550->10549 10550->10561 10551 7367c0 NtFreeVirtualMemory 10551->10563 10552 7367e5 10553 7367f4 10552->10553 10554 7367eb NtClose 10552->10554 10564 736544 10553->10564 10554->10553 10557 73674f WriteFile 10559 736769 SetFilePointerEx 10557->10559 10557->10561 10558 73680d 10560 736822 10558->10560 10562 73684c RtlFreeHeap 10558->10562 10559->10557 10559->10561 10560->10541 10561->10557 10561->10563 10562->10560 10563->10551 10563->10552 10565 7368fc RtlAllocateHeap 10564->10565 10566 73655e 10565->10566 10567 736567 10566->10567 10568 7368fc RtlAllocateHeap 10566->10568 10569 73660c DeleteFileW 10567->10569 10570 73684c RtlFreeHeap 10567->10570 10571 736576 10568->10571 10569->10558 10570->10569 10571->10567 10572 7365cd MoveFileExW 10571->10572 10572->10567 10572->10571 10574 7397a8 4 API calls 10573->10574 10575 738da3 10574->10575 10576 738db0 OpenSCManagerW 10575->10576 10577 738dc9 10575->10577 10576->10577 10577->10442 10577->10450 10579 738be1 10578->10579 10581 736830 RtlAllocateHeap 10579->10581 10583 738c1d 10579->10583 10580 738d6c 10580->10442 10581->10583 10582 73684c RtlFreeHeap 10582->10580 10583->10580 10583->10582 10585 7397a8 4 API calls 10584->10585 10586 738eb5 10585->10586 10586->10443 10638 73f4f8 10587->10638 10590 73f4f8 2 API calls 10591 73ffdc 10590->10591 10594 740004 10591->10594 10598 73f4f8 2 API calls 10591->10598 10592 74026f 10593 74027d 10592->10593 10596 73684c RtlFreeHeap 10592->10596 10597 74028b 10593->10597 10600 73684c RtlFreeHeap 10593->10600 10599 736830 RtlAllocateHeap 10594->10599 10608 74002d 10594->10608 10595 73684c RtlFreeHeap 10595->10592 10596->10593 10597->9382 10598->10594 10601 740024 10599->10601 10600->10597 10602 736830 RtlAllocateHeap 10601->10602 10601->10608 10603 74003f 10602->10603 10604 73e144 8 API calls 10603->10604 10603->10608 10612 740052 10604->10612 10605 7369a8 RtlAllocateHeap 10605->10612 10606 7401e9 10607 73684c RtlFreeHeap 10606->10607 10606->10608 10607->10608 10608->10592 10608->10595 10609 73f634 NtSetInformationThread NtClose 10609->10612 10610 73684c RtlFreeHeap 10610->10612 10611 73b390 2 API calls 10611->10612 10612->10605 10612->10606 10612->10609 10612->10610 10612->10611 10614 737403 10613->10614 10615 7368fc RtlAllocateHeap 10614->10615 10617 737411 10615->10617 10616 737434 10616->9770 10617->10616 10618 73684c RtlFreeHeap 10617->10618 10618->10616 10620 73a953 10619->10620 10621 73a458 6 API calls 10620->10621 10623 73a96a 10621->10623 10622 73a999 10622->9770 10623->10622 10624 736830 RtlAllocateHeap 10623->10624 10624->10622 10626 73a3cf 10625->10626 10627 73b390 2 API calls 10626->10627 10628 73a3e9 10626->10628 10627->10628 10628->9753 10628->9767 10630 736a55 10629->10630 10631 736830 RtlAllocateHeap 10630->10631 10632 736a6b 10630->10632 10631->10632 10632->9769 10634 73e144 8 API calls 10633->10634 10635 7408d3 10634->10635 10636 73b390 2 API calls 10635->10636 10637 740924 10635->10637 10636->10637 10637->9730 10639 73f552 10638->10639 10640 73b390 2 API calls 10639->10640 10641 73f56c 10639->10641 10640->10641 10641->10590 10641->10594 10643 740da4 10642->10643 10644 740de9 10642->10644 10645 73c820 2 API calls 10643->10645 10644->9791 10648 74135c 10644->10648 10647 740da9 10645->10647 10646 73684c RtlFreeHeap 10646->10644 10647->10644 10647->10646 10700 74119c 10648->10700 10650 74139d 10651 736db0 RtlAllocateHeap 10650->10651 10652 7413a1 10650->10652 10659 7413b0 10651->10659 10653 74153c 10652->10653 10654 73684c RtlFreeHeap 10652->10654 10655 74154a 10653->10655 10656 73684c RtlFreeHeap 10653->10656 10654->10653 10657 741558 10655->10657 10658 73684c RtlFreeHeap 10655->10658 10656->10655 10660 741566 10657->10660 10661 73684c RtlFreeHeap 10657->10661 10658->10657 10659->10652 10722 74156d 10659->10722 10660->9791 10677 7416bc 10660->10677 10661->10660 10664 736db0 RtlAllocateHeap 10665 7413f7 10664->10665 10665->10652 10666 74156d RtlFreeHeap 10665->10666 10667 741430 10666->10667 10668 736db0 RtlAllocateHeap 10667->10668 10669 74143a 10668->10669 10669->10652 10670 74156d RtlFreeHeap 10669->10670 10671 74147d 10670->10671 10672 736db0 RtlAllocateHeap 10671->10672 10673 741487 10672->10673 10673->10652 10674 74156d RtlFreeHeap 10673->10674 10675 7414c7 10674->10675 10676 736db0 RtlAllocateHeap 10675->10676 10676->10652 10678 736db0 RtlAllocateHeap 10677->10678 10682 7416ed 10678->10682 10679 7417ec 10681 7417fa 10679->10681 10683 73684c RtlFreeHeap 10679->10683 10680 73684c RtlFreeHeap 10680->10679 10681->9802 10684 741814 RtlAllocateHeap 10682->10684 10686 7416f6 10682->10686 10683->10681 10685 74172a 10684->10685 10685->10686 10687 736db0 RtlAllocateHeap 10685->10687 10686->10679 10686->10680 10688 741765 10687->10688 10689 73684c RtlFreeHeap 10688->10689 10689->10686 10691 7410ec 10690->10691 10692 736db0 RtlAllocateHeap 10691->10692 10699 7410f1 10691->10699 10697 7410fd 10692->10697 10693 741175 10695 741183 10693->10695 10696 73684c RtlFreeHeap 10693->10696 10694 73684c RtlFreeHeap 10694->10693 10695->9805 10696->10695 10698 736db0 RtlAllocateHeap 10697->10698 10697->10699 10698->10699 10699->10693 10699->10694 10701 7411cb 10700->10701 10704 7411de 10700->10704 10703 736db0 RtlAllocateHeap 10701->10703 10701->10704 10702 74126b 10702->10650 10705 7411e9 10703->10705 10704->10702 10726 741028 10704->10726 10705->10704 10706 736db0 RtlAllocateHeap 10705->10706 10708 741201 10706->10708 10708->10704 10710 741210 10708->10710 10709 741292 10711 7368fc RtlAllocateHeap 10709->10711 10712 736db0 RtlAllocateHeap 10710->10712 10713 7412a1 10711->10713 10714 741219 10712->10714 10713->10702 10715 7368fc RtlAllocateHeap 10713->10715 10714->10650 10716 7412d3 10715->10716 10716->10702 10717 741319 10716->10717 10718 73684c RtlFreeHeap 10716->10718 10719 741327 10717->10719 10720 73684c RtlFreeHeap 10717->10720 10718->10717 10719->10702 10721 73684c RtlFreeHeap 10719->10721 10720->10719 10721->10702 10723 741573 10722->10723 10725 7413ed 10722->10725 10724 73684c RtlFreeHeap 10723->10724 10724->10725 10725->10664 10727 736830 RtlAllocateHeap 10726->10727 10728 74103e 10727->10728 10728->10709 10730 741b4b 10729->10730 10733 741aac 10730->10733 10732 741b63 10732->9811 10734 736830 RtlAllocateHeap 10733->10734 10735 741ac3 10734->10735 10736 741adc 10735->10736 10737 741af9 10735->10737 10738 736868 RtlReAllocateHeap 10735->10738 10736->10732 10740 73684c RtlFreeHeap 10736->10740 10739 73684c RtlFreeHeap 10737->10739 10738->10735 10739->10736 10741 741b3c 10740->10741 10741->10732 10745 746412 10742->10745 10743 74654c 10743->9825 10744 73684c RtlFreeHeap 10744->10743 10759 74642a 10745->10759 10794 746080 10745->10794 10759->10743 10759->10744 10761 743f00 10760->10761 10764 743f31 10761->10764 11055 743cf4 10761->11055 10763 743fc2 10763->9821 10766 744464 10763->10766 10764->10763 10765 73684c RtlFreeHeap 10764->10765 10765->10763 10767 74448a 10766->10767 10785 74448e 10767->10785 11058 742a54 10767->11058 10770 7445e0 10771 7445ee 10770->10771 10774 73684c RtlFreeHeap 10770->10774 10775 7445fc 10771->10775 10777 73684c RtlFreeHeap 10771->10777 10772 736830 RtlAllocateHeap 10776 7444af 10772->10776 10773 73684c RtlFreeHeap 10773->10770 10774->10771 10775->9831 10786 744604 10775->10786 10778 739610 2 API calls 10776->10778 10776->10785 10777->10775 10779 7444c2 10778->10779 10780 73f788 2 API calls 10779->10780 10781 7444db 10780->10781 10782 736830 RtlAllocateHeap 10781->10782 10781->10785 10783 7444f9 10782->10783 10784 736830 RtlAllocateHeap 10783->10784 10783->10785 10784->10785 10785->10770 10785->10773 10787 744615 10786->10787 10788 744816 10787->10788 10789 739610 2 API calls 10787->10789 10788->9831 10790 744623 10789->10790 10790->10788 10791 736db0 RtlAllocateHeap 10790->10791 10792 74463d 10791->10792 10792->10788 10793 73684c RtlFreeHeap 10792->10793 10793->10788 11026 746004 10794->11026 10796 7460c8 10797 7463ac 10796->10797 10798 73684c RtlFreeHeap 10796->10798 10799 7463ba 10797->10799 10801 73684c RtlFreeHeap 10797->10801 10798->10797 10802 7463c8 10799->10802 10803 73684c RtlFreeHeap 10799->10803 10801->10799 10804 7463d6 10802->10804 10805 73684c RtlFreeHeap 10802->10805 10803->10802 10806 7463e4 10804->10806 10808 73684c RtlFreeHeap 10804->10808 10805->10804 10806->10759 10817 745c84 10806->10817 10807 736830 RtlAllocateHeap 10809 746104 10807->10809 10808->10806 10809->10796 10810 736830 RtlAllocateHeap 10809->10810 10811 7461a5 10810->10811 10811->10796 10812 736830 RtlAllocateHeap 10811->10812 10813 7461f5 10812->10813 10813->10796 10814 736830 RtlAllocateHeap 10813->10814 10815 7462a0 10814->10815 10815->10796 10816 73684c RtlFreeHeap 10815->10816 10816->10796 10818 745ceb 10817->10818 10819 736db0 RtlAllocateHeap 10818->10819 10821 745d00 10818->10821 10820 745d77 10819->10820 10820->10821 10826 736db0 RtlAllocateHeap 10820->10826 10822 745feb 10821->10822 10823 73684c RtlFreeHeap 10821->10823 10824 745ff9 10822->10824 10825 73684c RtlFreeHeap 10822->10825 10823->10822 10824->10759 10827 744bbc 10824->10827 10825->10824 10826->10821 10828 736830 RtlAllocateHeap 10827->10828 10829 744bef 10828->10829 10833 736830 RtlAllocateHeap 10829->10833 10839 744bf8 10829->10839 10830 744d77 10832 744d85 10830->10832 10834 73684c RtlFreeHeap 10830->10834 10831 73684c RtlFreeHeap 10831->10830 10835 744d93 10832->10835 10836 73684c RtlFreeHeap 10832->10836 10837 744c22 10833->10837 10834->10832 10835->10759 10840 7459e0 10835->10840 10836->10835 10838 736830 RtlAllocateHeap 10837->10838 10837->10839 10838->10839 10839->10830 10839->10831 10841 736830 RtlAllocateHeap 10840->10841 10843 745a39 10841->10843 10842 745c06 10845 745c14 10842->10845 10847 73684c RtlFreeHeap 10842->10847 10876 745a42 10843->10876 11032 7448d8 10843->11032 10844 73684c RtlFreeHeap 10844->10842 10848 745c22 10845->10848 10849 73684c RtlFreeHeap 10845->10849 10847->10845 10850 745c30 10848->10850 10853 73684c RtlFreeHeap 10848->10853 10849->10848 10851 745c3e 10850->10851 10854 73684c RtlFreeHeap 10850->10854 10855 745c4c 10851->10855 10856 73684c RtlFreeHeap 10851->10856 10852 745a6a 10852->10876 11035 74498c 10852->11035 10853->10850 10854->10851 10857 745c5a 10855->10857 10858 73684c RtlFreeHeap 10855->10858 10856->10855 10859 745c68 10857->10859 10860 73684c RtlFreeHeap 10857->10860 10858->10857 10859->10759 10879 745710 10859->10879 10860->10859 10862 745a96 10863 73684c RtlFreeHeap 10862->10863 10862->10876 10864 745ab8 10863->10864 10865 74498c RtlAllocateHeap 10864->10865 10866 745ad1 10865->10866 10866->10876 11038 744a04 10866->11038 10868 745b19 10868->10876 11041 744b64 10868->11041 10871 736830 RtlAllocateHeap 10872 745b4e 10871->10872 10873 736db0 RtlAllocateHeap 10872->10873 10872->10876 10874 745b66 10873->10874 10875 736830 RtlAllocateHeap 10874->10875 10874->10876 10877 745b8f 10875->10877 10876->10842 10876->10844 10877->10876 10878 73684c RtlFreeHeap 10877->10878 10878->10877 10880 736830 RtlAllocateHeap 10879->10880 10881 745758 10880->10881 10882 736830 RtlAllocateHeap 10881->10882 10903 745761 10881->10903 10893 745770 10882->10893 10883 74597e 10885 74598c 10883->10885 10886 73684c RtlFreeHeap 10883->10886 10884 73684c RtlFreeHeap 10884->10883 10887 74599a 10885->10887 10888 73684c RtlFreeHeap 10885->10888 10886->10885 10889 7459a8 10887->10889 10890 73684c RtlFreeHeap 10887->10890 10888->10887 10891 73684c RtlFreeHeap 10889->10891 10892 7459b6 10889->10892 10890->10889 10891->10892 10892->10759 10904 744dac 10892->10904 10894 736830 RtlAllocateHeap 10893->10894 10893->10903 10895 74589f 10894->10895 10896 736db0 RtlAllocateHeap 10895->10896 10895->10903 10897 7458b7 10896->10897 10898 73684c RtlFreeHeap 10897->10898 10897->10903 10899 745900 10898->10899 10900 736830 RtlAllocateHeap 10899->10900 10901 745919 10900->10901 10902 736db0 RtlAllocateHeap 10901->10902 10901->10903 10902->10903 10903->10883 10903->10884 10905 736830 RtlAllocateHeap 10904->10905 10909 744df4 10905->10909 10906 744fc1 10908 744fcf 10906->10908 10911 73684c RtlFreeHeap 10906->10911 10907 73684c RtlFreeHeap 10907->10906 10912 744fdd 10908->10912 10913 73684c RtlFreeHeap 10908->10913 10910 7448d8 RtlAllocateHeap 10909->10910 10941 744dfd 10909->10941 10923 744e25 10910->10923 10911->10908 10914 744feb 10912->10914 10915 73684c RtlFreeHeap 10912->10915 10913->10912 10916 744ff9 10914->10916 10917 73684c RtlFreeHeap 10914->10917 10915->10914 10918 745007 10916->10918 10919 73684c RtlFreeHeap 10916->10919 10917->10916 10920 745015 10918->10920 10921 73684c RtlFreeHeap 10918->10921 10919->10918 10922 745023 10920->10922 10924 73684c RtlFreeHeap 10920->10924 10921->10920 10922->10759 10943 74503c 10922->10943 10923->10941 11046 74487c 10923->11046 10924->10922 10926 744e51 10927 73684c RtlFreeHeap 10926->10927 10926->10941 10928 744e73 10927->10928 10929 74487c RtlAllocateHeap 10928->10929 10930 744e8c 10929->10930 10931 744a04 RtlAllocateHeap 10930->10931 10930->10941 10932 744ed4 10931->10932 10933 744b64 RtlAllocateHeap 10932->10933 10932->10941 10934 744ee9 10933->10934 10935 736830 RtlAllocateHeap 10934->10935 10934->10941 10936 744f09 10935->10936 10937 736db0 RtlAllocateHeap 10936->10937 10936->10941 10938 744f21 10937->10938 10939 736830 RtlAllocateHeap 10938->10939 10938->10941 10940 744f4a 10939->10940 10940->10941 10942 73684c RtlFreeHeap 10940->10942 10941->10906 10941->10907 10942->10940 10944 736830 RtlAllocateHeap 10943->10944 10954 74509f 10944->10954 10945 745677 10947 745685 10945->10947 10948 73684c RtlFreeHeap 10945->10948 10946 73684c RtlFreeHeap 10946->10945 10949 745693 10947->10949 10950 73684c RtlFreeHeap 10947->10950 10948->10947 10951 7456a1 10949->10951 10952 73684c RtlFreeHeap 10949->10952 10950->10949 10953 7456af 10951->10953 10955 73684c RtlFreeHeap 10951->10955 10952->10951 10956 7456bd 10953->10956 10957 73684c RtlFreeHeap 10953->10957 10966 736830 RtlAllocateHeap 10954->10966 11005 7450a8 10954->11005 10955->10953 10958 7456cb 10956->10958 10959 73684c RtlFreeHeap 10956->10959 10957->10956 10960 7456d9 10958->10960 10961 73684c RtlFreeHeap 10958->10961 10959->10958 10962 7456e7 10960->10962 10964 73684c RtlFreeHeap 10960->10964 10961->10960 10963 7456f5 10962->10963 10965 73684c RtlFreeHeap 10962->10965 10963->10759 10964->10962 10965->10963 10967 74515b 10966->10967 10968 7448d8 RtlAllocateHeap 10967->10968 10967->11005 10969 74518c 10968->10969 10969->11005 11049 744820 10969->11049 10971 7451b8 10972 73684c RtlFreeHeap 10971->10972 10971->11005 10973 7451da 10972->10973 10974 744820 RtlAllocateHeap 10973->10974 10975 7451f3 10974->10975 10976 744a04 RtlAllocateHeap 10975->10976 10975->11005 10977 74523b 10976->10977 10978 744b64 RtlAllocateHeap 10977->10978 10977->11005 10979 745250 10978->10979 10980 736830 RtlAllocateHeap 10979->10980 10979->11005 10981 745299 10980->10981 10982 736db0 RtlAllocateHeap 10981->10982 10981->11005 10983 7452b1 10982->10983 10984 736830 RtlAllocateHeap 10983->10984 10983->11005 10985 7452dd 10984->10985 10986 73684c RtlFreeHeap 10985->10986 10985->11005 10987 745383 10986->10987 10988 745391 10987->10988 10989 73684c RtlFreeHeap 10987->10989 10990 7453a6 10988->10990 10991 73684c RtlFreeHeap 10988->10991 10989->10988 10992 7453bb 10990->10992 10994 73684c RtlFreeHeap 10990->10994 10991->10990 10993 7453d0 10992->10993 10995 73684c RtlFreeHeap 10992->10995 10996 7453e5 10993->10996 10997 73684c RtlFreeHeap 10993->10997 10994->10992 10995->10993 10998 7453fa 10996->10998 10999 73684c RtlFreeHeap 10996->10999 10997->10996 11000 74540f 10998->11000 11002 73684c RtlFreeHeap 10998->11002 10999->10998 11001 745424 11000->11001 11003 73684c RtlFreeHeap 11000->11003 11004 736830 RtlAllocateHeap 11001->11004 11002->11000 11003->11001 11006 74544b 11004->11006 11005->10945 11005->10946 11006->11005 11007 7448d8 RtlAllocateHeap 11006->11007 11008 74547c 11007->11008 11008->11005 11052 74491c 11008->11052 11010 7454a8 11010->11005 11011 73684c RtlFreeHeap 11010->11011 11012 7454d5 11011->11012 11013 74491c RtlAllocateHeap 11012->11013 11014 7454e3 11013->11014 11014->11005 11015 744a04 RtlAllocateHeap 11014->11015 11016 74552b 11015->11016 11016->11005 11017 744b64 RtlAllocateHeap 11016->11017 11018 745540 11017->11018 11018->11005 11019 736830 RtlAllocateHeap 11018->11019 11020 7455b7 11019->11020 11020->11005 11021 736db0 RtlAllocateHeap 11020->11021 11022 7455cf 11021->11022 11022->11005 11023 736830 RtlAllocateHeap 11022->11023 11024 7455f8 11023->11024 11024->11005 11025 73684c RtlFreeHeap 11024->11025 11025->11005 11027 746024 11026->11027 11028 7368fc RtlAllocateHeap 11027->11028 11031 746064 11027->11031 11029 74604d 11028->11029 11030 7368fc RtlAllocateHeap 11029->11030 11029->11031 11030->11031 11031->10796 11031->10807 11033 736830 RtlAllocateHeap 11032->11033 11034 7448e1 11033->11034 11034->10852 11036 736830 RtlAllocateHeap 11035->11036 11037 744998 11036->11037 11037->10862 11039 736830 RtlAllocateHeap 11038->11039 11040 744a14 11039->11040 11040->10868 11042 736830 RtlAllocateHeap 11041->11042 11044 744b83 11042->11044 11043 736830 RtlAllocateHeap 11043->11044 11044->11043 11045 744bb0 11044->11045 11045->10871 11045->10876 11047 736830 RtlAllocateHeap 11046->11047 11048 744888 11047->11048 11048->10926 11050 736830 RtlAllocateHeap 11049->11050 11051 74482c 11050->11051 11051->10971 11053 736830 RtlAllocateHeap 11052->11053 11054 744928 11053->11054 11054->11010 11056 736830 RtlAllocateHeap 11055->11056 11057 743d0e 11056->11057 11057->10764 11061 742a7d 11058->11061 11059 742a81 11059->10772 11061->11059 11062 7428b0 11061->11062 11063 7428d7 11062->11063 11064 7397a8 4 API calls 11063->11064 11065 7428e7 11064->11065 11066 7397a8 4 API calls 11065->11066 11067 7428fb 11065->11067 11066->11067 11067->11059 11069 746612 11068->11069 11074 736db0 RtlAllocateHeap 11069->11074 11077 746670 11069->11077 11070 746b00 11072 746b0e 11070->11072 11073 73684c RtlFreeHeap 11070->11073 11071 73684c RtlFreeHeap 11071->11070 11072->9839 11073->11072 11075 746748 11074->11075 11076 736830 RtlAllocateHeap 11075->11076 11075->11077 11076->11077 11077->11070 11077->11071 11079 743703 11078->11079 11080 742a54 4 API calls 11079->11080 11095 743707 11079->11095 11081 74371e 11080->11081 11083 736830 RtlAllocateHeap 11081->11083 11082 743845 11085 743853 11082->11085 11086 73684c RtlFreeHeap 11082->11086 11088 743728 11083->11088 11084 73684c RtlFreeHeap 11084->11082 11087 743861 11085->11087 11089 73684c RtlFreeHeap 11085->11089 11086->11085 11087->9849 11090 73f788 2 API calls 11088->11090 11088->11095 11089->11087 11091 743740 11090->11091 11092 736830 RtlAllocateHeap 11091->11092 11091->11095 11093 74375e 11092->11093 11094 736830 RtlAllocateHeap 11093->11094 11093->11095 11094->11095 11095->11082 11095->11084 11097 7402ac 11096->11097 11098 736830 RtlAllocateHeap 11097->11098 11099 7402cd 11098->11099 11099->9880 11470 735ee8 11474 735dd3 11470->11474 11471 735ddb 11472 735afc 3 API calls 11473 735deb RtlAllocateHeap 11472->11473 11473->11474 11474->11470 11474->11471 11474->11472 11475 73d7e8 11476 73cc60 13 API calls 11475->11476 11477 73d814 11476->11477 11478 73ce38 RtlAllocateHeap 11477->11478 11489 73d81d 11477->11489 11484 73d827 11478->11484 11479 73d928 11481 73684c RtlFreeHeap 11479->11481 11483 73d936 11479->11483 11480 73684c RtlFreeHeap 11480->11479 11481->11483 11482 73d944 11486 73d952 11482->11486 11487 73684c RtlFreeHeap 11482->11487 11483->11482 11485 73684c RtlFreeHeap 11483->11485 11488 736db0 RtlAllocateHeap 11484->11488 11484->11489 11485->11482 11487->11486 11490 73d87d 11488->11490 11489->11479 11489->11480 11490->11489 11491 736830 RtlAllocateHeap 11490->11491 11492 73d8d0 11491->11492 11492->11489 11493 73cf28 2 API calls 11492->11493 11493->11489 11137 737e5a 11141 737e30 11137->11141 11138 737e42 NtQuerySystemInformation 11138->11141 11139 736868 RtlReAllocateHeap 11139->11141 11140 73684c RtlFreeHeap 11140->11141 11141->11138 11141->11139 11141->11140 11142 73684c RtlFreeHeap 11141->11142 11144 736830 RtlAllocateHeap 11141->11144 11143 737f10 Sleep 11142->11143 11143->11141 11144->11141 11562 73969d 11563 73967f 11562->11563 11564 739705 11563->11564 11565 73684c RtlFreeHeap 11563->11565 11565->11564 11502 7430c4 11503 7430db 11502->11503 11504 742a54 4 API calls 11503->11504 11505 74312a 11503->11505 11504->11505 11506 743fcc 11511 744010 11506->11511 11507 74443e 11509 74444c 11507->11509 11510 73684c RtlFreeHeap 11507->11510 11508 73684c RtlFreeHeap 11508->11507 11512 74445a 11509->11512 11513 73684c RtlFreeHeap 11509->11513 11510->11509 11514 736db0 RtlAllocateHeap 11511->11514 11517 74402e 11511->11517 11513->11512 11515 7440e2 11514->11515 11516 736830 RtlAllocateHeap 11515->11516 11515->11517 11516->11517 11517->11507 11517->11508 11145 73dd4e 11150 73dd3a 11145->11150 11146 73dd4c 11147 73dd99 11146->11147 11148 73684c RtlFreeHeap 11146->11148 11148->11147 11149 73daec NtTerminateProcess 11149->11150 11150->11146 11150->11149 11151 73dbbc NtTerminateProcess 11150->11151 11151->11150 11582 73ef8e 11599 73ef57 11582->11599 11583 73ef43 MoveFileExW 11593 73ef55 11583->11593 11583->11599 11584 73efad CreateFileW 11586 73efd1 11584->11586 11594 73efd6 11584->11594 11585 73ef90 11590 73684c RtlFreeHeap 11585->11590 11587 73f0a9 11586->11587 11591 73684c RtlFreeHeap 11586->11591 11588 73684c RtlFreeHeap 11587->11588 11592 73f0b1 11588->11592 11589 73684c RtlFreeHeap 11589->11599 11590->11593 11591->11587 11593->11584 11593->11586 11595 73ec8c 2 API calls 11594->11595 11597 73efeb 11595->11597 11596 73ec40 RtlAllocateHeap 11596->11599 11597->11586 11598 73efff CreateIoCompletionPort 11597->11598 11600 73f016 11598->11600 11602 73f038 11598->11602 11599->11583 11599->11585 11599->11589 11599->11593 11599->11596 11601 73684c RtlFreeHeap 11600->11601 11601->11586 11602->11586 11603 73684c RtlFreeHeap 11602->11603 11603->11586 11152 73f84c 11154 73f82e 11152->11154 11153 736830 RtlAllocateHeap 11153->11154 11154->11153 11156 73f84a 11154->11156 11155 73f96e 11156->11155 11157 736830 RtlAllocateHeap 11156->11157 11157->11156 11604 73e38c 11606 73e34f 11604->11606 11605 73e321 SetFileAttributesW CreateFileW 11605->11606 11608 73e367 11605->11608 11606->11605 11607 73dda4 4 API calls 11606->11607 11606->11608 11607->11606

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Create$Load$ErrorImageLast$CapsColorCommandDeviceFontFreeLibraryLineMenuPixelProcSelectTextWindow$AddressAttributesBitmapBrushButtonCheckedDialogExitFileHandleHeapInfoItemLocaleModuleObjectPaletteParamProcessSolid
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 901569772-0
                                                                                                                                                                      • Opcode ID: f3ad50d8eaa46448bee7eb3053c961b58246a02de0a613f5d06c21f8af426f7e
                                                                                                                                                                      • Instruction ID: 1937ab4674fba4c05daeb40bf5bfbcd804972c99312076e4205a5268a8d3e431
                                                                                                                                                                      • Opcode Fuzzy Hash: f3ad50d8eaa46448bee7eb3053c961b58246a02de0a613f5d06c21f8af426f7e
                                                                                                                                                                      • Instruction Fuzzy Hash: 0901AF24E5B14CE9D2D837F1884FB2C66686F6A348F1644E9F1481A0E35F2C4880C93B
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 9 740410-7404c5 call 73165c call 736db0 18 7404c7 9->18 19 7404cc-7404e5 call 736830 9->19 20 740845-74084c 18->20 27 7404e7 19->27 28 7404ec-7404ff call 748ba4 19->28 22 74084e 20->22 23 74085a-740861 20->23 22->23 25 740863 23->25 26 74086f-740873 23->26 25->26 29 740875 26->29 30 74087e-740882 26->30 27->20 35 740506-740516 call 740294 28->35 36 740501 28->36 29->30 33 740884-740887 call 73684c 30->33 34 74088c-740890 30->34 33->34 38 740892-740895 call 73684c 34->38 39 74089a-74089e 34->39 48 74051d-74056e GetTempFileNameW CreateFileW 35->48 49 740518 35->49 36->20 38->39 42 7408a0-7408a3 call 73684c 39->42 43 7408a8-7408ac 39->43 42->43 46 7408b6-7408bc 43->46 47 7408ae-7408b1 call 73684c 43->47 47->46 52 740575-74058a WriteFile 48->52 53 740570 48->53 49->20 54 740591-7405aa 52->54 55 74058c 52->55 53->20 57 7405ac-7405b1 54->57 55->20 58 7405b5-7405b7 57->58 59 7405b3-7405f4 CreateProcessW 57->59 58->57 61 7405f6 59->61 62 7405fb-740618 NtQueryInformationProcess 59->62 61->20 63 74061f-74063f NtReadVirtualMemory 62->63 64 74061a 62->64 65 740646-740657 call 736db0 63->65 66 740641 63->66 64->20 69 74065e-7406d9 call 7492f4 call 749348 call 74941c NtProtectVirtualMemory 65->69 70 740659 65->70 66->20 77 7406e0-7406f3 NtWriteVirtualMemory 69->77 78 7406db 69->78 70->20 79 7406f5 77->79 80 7406fa-740756 77->80 78->20 79->20 82 74075d-74077e NtDuplicateObject 80->82 83 740758 80->83 84 740785-7407ed CreateNamedPipeW 82->84 85 740780 82->85 83->20 86 7407f1-74080a ResumeThread ConnectNamedPipe 84->86 87 7407ef 84->87 85->20 88 74080c-740817 86->88 89 74081b-740838 86->89 87->20 88->89 90 740819 88->90 92 74083c 89->92 93 74083a 89->93 90->20 92->20 93->20
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: D
                                                                                                                                                                      • API String ID: 0-2746444292
                                                                                                                                                                      • Opcode ID: 3d5aff446b30d40a503bdb3d8b896e6f240f8623a7aba417119e442d048b0ff0
                                                                                                                                                                      • Instruction ID: 5bb58197683dc6373898ff12ed5d8e54dc22a55cc2c5422b01d7da3ae47aff78
                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5aff446b30d40a503bdb3d8b896e6f240f8623a7aba417119e442d048b0ff0
                                                                                                                                                                      • Instruction Fuzzy Hash: DDE15D71940318EFEF609F90CC49BEEBB79FB08305F1080A5E609B6091E7795A94CF95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 94 739198-73946b call 731250 * 5 RegCreateKeyExW 105 739471 94->105 106 73954d-739551 94->106 107 739478-739495 RegEnumKeyW 105->107 108 739553 106->108 109 73955c-73958a RegCreateKeyExW 106->109 112 739497 107->112 113 73949c-7394c8 RegCreateKeyExW 107->113 108->109 110 7395e5-7395e9 109->110 111 73958c 109->111 117 7395f4-7395f7 110->117 118 7395eb 110->118 114 739593-7395b0 RegEnumKeyW 111->114 112->106 115 739545-739548 113->115 116 7394ca-7394ea RegSetValueExW 113->116 119 7395b2 114->119 120 7395b4-7395ca OpenEventLogW 114->120 115->107 121 739536-73953a 116->121 122 7394ec-739508 RegSetValueExW 116->122 118->117 119->110 123 7395e0-7395e3 120->123 124 7395cc-7395d7 ClearEventLogW 120->124 121->115 126 73953c 121->126 122->121 125 73950a-739520 OpenEventLogW 122->125 123->114 124->123 125->121 127 739522-73952d ClearEventLogW 125->127 126->115 127->121
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 00739463
                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 0073948A
                                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 007394C0
                                                                                                                                                                      • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 007394E2
                                                                                                                                                                      • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 00739500
                                                                                                                                                                      • OpenEventLogW.ADVAPI32(00000000,?), ref: 00739513
                                                                                                                                                                      • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00739527
                                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00739582
                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 007395A5
                                                                                                                                                                      • OpenEventLogW.ADVAPI32(00000000,?), ref: 007395BD
                                                                                                                                                                      • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 007395D1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Event$Create$ClearEnumOpenValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1260815474-0
                                                                                                                                                                      • Opcode ID: bc1385224d0337362cf8b427f43549f38f99e07af3b76259bddb641f1db4683d
                                                                                                                                                                      • Instruction ID: 2a4d1827f9c50a002172d1302174da83796931001221f7aa2d5f6cb3ede81e07
                                                                                                                                                                      • Opcode Fuzzy Hash: bc1385224d0337362cf8b427f43549f38f99e07af3b76259bddb641f1db4683d
                                                                                                                                                                      • Instruction Fuzzy Hash: A3C11BB0440304EFE755EF50E849B997F74FB22705F528898E2286F272D3B69A94CF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 128 746f90-746faf KiUserCallbackDispatcher 129 746fb5-746fbc 128->129 130 74706d-747074 128->130 131 746fe7-746fee 129->131 132 746fbe-746fe4 call 736ab0 129->132 133 747076-74708f CreateThread 130->133 134 7470a1-7470d8 CreateThread * 2 130->134 135 746ff0-746ff7 131->135 136 74702a-747031 131->136 132->131 133->134 137 747091-74709a 133->137 138 7470df-7470e6 134->138 139 7470da call 737c74 134->139 135->136 144 746ff9-747023 call 739c34 135->144 136->130 140 747033-74703a 136->140 137->134 141 747100-747107 138->141 142 7470e8-7470fd CreateThread 138->142 139->138 140->130 146 74703c-747066 call 739c34 140->146 147 747112-747139 call 73b690 call 73e144 141->147 148 747109-747110 141->148 142->141 144->136 146->130 177 74717d-747181 147->177 178 74713b-747142 147->178 148->147 152 74718a-74718e 148->152 155 7471a4-7471a8 152->155 156 747190-74719b 152->156 161 7471be-7471c5 155->161 162 7471aa-7471b5 155->162 156->155 168 7471c7-7471d2 NtTerminateThread 161->168 169 7471db-7471e2 161->169 162->161 168->169 172 7471e4-7471fd CreateThread 169->172 173 74720f-747219 169->173 172->173 174 7471ff-747208 172->174 180 7472ee-7472fc call 741890 call 741c84 call 741608 173->180 181 74721f-747226 173->181 174->173 177->152 182 747144-747158 call 73a65c call 73e214 call 740994 call 73e214 call 740b40 178->182 183 74715d-747164 178->183 220 747301-747305 180->220 186 747253-74725a 181->186 187 747228-747241 CreateThread 181->187 182->183 184 747166-74716b call 73e214 call 73fbe4 183->184 185 747170-747178 call 73e1cc call 73e214 183->185 184->185 185->177 194 747295-74729c call 73b5d0 186->194 195 74725c-747260 186->195 187->186 191 747243-74724c 187->191 191->186 213 7472a5-7472a7 call 738200 194->213 214 74729e-7472a3 call 738930 194->214 201 747276-747290 call 736ab0 call 73d95c 195->201 202 747262-74726d 195->202 201->194 202->201 221 7472ac-7472b3 213->221 214->221 225 7472b5-7472bc 221->225 226 7472c7-7472e7 call 739610 call 740410 221->226 225->226 229 7472be-7472c5 225->229 232 7472ec 226->232 229->226 229->232 232->220
                                                                                                                                                                      APIs
                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000043,00000000), ref: 00746FA7
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,00738F38,00000000,00000000,00000000), ref: 00747085
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,00737438,00000000,00000000,00000000), ref: 007470B0
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,007377FC,00000000,00000000,00000000), ref: 007470C8
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,00737E28,00000000,00000000,00000000), ref: 007470F7
                                                                                                                                                                      • NtTerminateThread.NTDLL(?,00000000), ref: 007471CC
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,007395F8,00000000,00000000,00000000), ref: 007471F3
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,0073BFC0,00000000,00000000,00000000), ref: 00747237
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$Create$CallbackDispatcherTerminateUser
                                                                                                                                                                      • String ID: vvt
                                                                                                                                                                      • API String ID: 1743520491-2167449253
                                                                                                                                                                      • Opcode ID: 449ab49f860a27bc8fe591ea3025eea730fb594b6c3e4c3d40bad9a13cfb946c
                                                                                                                                                                      • Instruction ID: 03ec161875d11349a4ab17983592531846dafe5eb7b7c33224bac63d7114efd0
                                                                                                                                                                      • Opcode Fuzzy Hash: 449ab49f860a27bc8fe591ea3025eea730fb594b6c3e4c3d40bad9a13cfb946c
                                                                                                                                                                      • Instruction Fuzzy Hash: 8E916E70948B48FAEB256BB09C6EBAD3E65AB04707F248114F251641F2DBFD1980CB29
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 235 736654-736667 236 73666a-73666f 235->236 236->236 237 736671-736685 call 73a064 236->237 240 736691-7366b3 CreateFileW 237->240 241 736687-73668b 237->241 242 7367b6-7367b8 240->242 243 7366b9-7366bb 240->243 241->240 241->242 245 7367bb-7367be 242->245 244 7366be-7366e7 NtAllocateVirtualMemory 243->244 246 7366e9-7366f4 244->246 247 7366ef 244->247 248 7367c0-7367d9 NtFreeVirtualMemory 245->248 249 7367df-7367e3 245->249 253 736707-73670a 246->253 254 7366f6-736705 246->254 251 73671f-736724 247->251 248->249 249->245 252 7367e5-7367e9 249->252 255 736727-736732 251->255 256 7367f4-73680b call 736544 DeleteFileW 252->256 257 7367eb-7367ee NtClose 252->257 259 736719-73671d 253->259 260 73670c-736714 call 736614 253->260 254->259 261 736740 255->261 262 736734-73673e 255->262 267 736814-736818 256->267 268 73680d 256->268 257->256 259->244 259->251 260->259 263 736745-73674c 261->263 262->263 266 73674f-736765 WriteFile 263->266 269 736767 266->269 270 736769-736786 SetFilePointerEx 266->270 271 736822-73682b 267->271 272 73681a-73681d call 73684c 267->272 268->267 273 736788-73678f 269->273 270->266 270->273 272->271 275 736793-7367b1 273->275 276 736791 273->276 275->255 276->242
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(007377A6,40000000,00000003,00000000,00000003,80000000,00000000,007377A6,?,?,00000000,?), ref: 007366A6
                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 007366DF
                                                                                                                                                                      • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 0073675D
                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 00736779
                                                                                                                                                                      • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 007367D9
                                                                                                                                                                      • NtClose.NTDLL(000000FF,?,00000000,?), ref: 007367EE
                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 00736803
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                                                                                                                                                      • String ID: <us
                                                                                                                                                                      • API String ID: 3569053182-1232365779
                                                                                                                                                                      • Opcode ID: 984237ce2ab9d274536f0c9dba4a15857de23a2da24fb92b8d96cc720fd17e2f
                                                                                                                                                                      • Instruction ID: 426d8b6219c647122dc16846273760ffd4d8b2e28adb7894718cd721cafa65e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 984237ce2ab9d274536f0c9dba4a15857de23a2da24fb92b8d96cc720fd17e2f
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D518E71900209FFEF11CFA0CC45BEEBBB9EB04369F208125F611B6091E7B91A95CB65
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 278 73a65c-73a6dc GetVolumeNameForVolumeMountPointW FindFirstVolumeW 282 73a6e2-73a6e8 278->282 283 73a920-73a925 278->283 284 73a8ef-73a911 282->284 285 73a6ee-73a6f5 282->285 284->282 292 73a917 284->292 285->284 286 73a6fb-73a712 GetVolumePathNamesForVolumeNameW 285->286 286->284 287 73a718-73a71c 286->287 287->284 289 73a722-73a726 287->289 289->284 291 73a72c-73a736 GetDriveTypeW 289->291 293 73a741-73a749 call 731574 291->293 294 73a738-73a73b 291->294 292->283 297 73a7c7-73a7ed call 731700 CreateFileW 293->297 298 73a74b-73a793 293->298 294->284 294->293 302 73a7f3-73a819 DeviceIoControl 297->302 303 73a8e6 297->303 306 73a7b3-73a7b7 298->306 307 73a795-73a7ae call 73a5d0 298->307 302->303 305 73a81f-73a826 302->305 303->284 308 73a828-73a834 305->308 309 73a88c-73a893 305->309 310 73a7c2 306->310 311 73a7b9 306->311 307->306 313 73a853-73a859 308->313 314 73a836-73a83d 308->314 309->303 312 73a895-73a89c 309->312 310->284 311->310 312->303 319 73a89e-73a8a5 312->319 317 73a85b-73a862 313->317 318 73a878-73a885 call 7316d0 call 73a5d0 313->318 314->313 315 73a83f-73a846 314->315 315->313 321 73a848-73a84f 315->321 317->318 323 73a864-73a86b 317->323 330 73a88a 318->330 319->303 320 73a8a7-73a8c1 call 7316d0 319->320 334 73a8c3-73a8ca 320->334 335 73a8da-73a8e1 call 73a5d0 320->335 321->313 326 73a851 321->326 323->318 327 73a86d-73a874 323->327 326->330 327->318 331 73a876 327->331 330->303 331->330 336 73a8d8 334->336 337 73a8cc-73a8d3 call 73a5d0 334->337 335->303 336->303 337->336
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 0073A6A6
                                                                                                                                                                      • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 0073A6CF
                                                                                                                                                                      • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 0073A70A
                                                                                                                                                                      • GetDriveTypeW.KERNELBASE(?), ref: 0073A72D
                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 0073A7E0
                                                                                                                                                                      • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 0073A811
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                                                                                                                                                      • String ID: '
                                                                                                                                                                      • API String ID: 754975672-1997036262
                                                                                                                                                                      • Opcode ID: 89cd9e89fd5eec5e6e16505f17d57588008efc3fbe5412e3ab9b138cbbe810fd
                                                                                                                                                                      • Instruction ID: 844070a74caabb3a2753257e39ddb8007dee37e6561d54ea83f2ba8ae6d3c8dd
                                                                                                                                                                      • Opcode Fuzzy Hash: 89cd9e89fd5eec5e6e16505f17d57588008efc3fbe5412e3ab9b138cbbe810fd
                                                                                                                                                                      • Instruction Fuzzy Hash: 3E71AD30800714FFEB329B50DC0AFDA7B79AF01316F14C1A5E185A60A2E7BC5A95DF5A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 391 73ddd4-73dde5 SetThreadPriority 392 73ddeb-73de0a 391->392 394 73de3a-73de3c 392->394 395 73de0c-73de14 392->395 396 73de42-73de47 394->396 397 73de3e-73de41 394->397 395->394 398 73de16 395->398 399 73de4d-73de7f ReadFile 396->399 400 73defc-73deff 396->400 401 73de1d-73de32 398->401 402 73def2 399->402 403 73de81-73de8c 399->403 404 73df05-73df4a call 7320bc 400->404 405 73dffd-73e000 400->405 415 73de36 401->415 416 73de34-73de38 401->416 406 73e0dc-73e0fb 402->406 403->402 407 73de8e-73de96 403->407 446 73df63-73df6b 404->446 447 73df4c-73df61 404->447 409 73e006-73e045 WriteFile 405->409 410 73e08d-73e090 405->410 425 73e0ff-73e107 406->425 426 73e0fd 406->426 411 73deb4-73dedb 407->411 412 73de98-73deb2 407->412 417 73e047-73e052 409->417 418 73e089 409->418 410->406 414 73e092-73e096 410->414 449 73deee 411->449 450 73dedd-73dee8 411->450 412->402 421 73e098-73e09e 414->421 422 73e0ac-73e0ca NtClose call 731094 call 73684c 414->422 415->401 416->392 417->418 424 73e054-73e072 417->424 418->406 429 73e0a2-73e0aa 421->429 430 73e0a0 421->430 445 73e0cf-73e0da 422->445 455 73e085 424->455 456 73e074-73e07f 424->456 435 73e109 425->435 436 73e12d 425->436 434 73e12f-73e131 426->434 429->421 430->422 439 73e133-73e136 434->439 440 73e137 434->440 441 73e110-73e125 435->441 436->406 436->434 440->396 462 73e127-73e12b 441->462 463 73e129 441->463 445->406 468 73e13c 445->468 453 73df7a-73df86 446->453 454 73df6d-73df6f 446->454 452 73df8d-73dfa9 WriteFile 447->452 449->402 457 73deea 450->457 458 73deec 450->458 459 73dff3 452->459 460 73dfab-73dfb6 452->460 453->452 454->453 464 73df71-73df78 454->464 455->418 465 73e083 456->465 466 73e081 456->466 457->402 458->411 459->406 460->459 467 73dfb8-73dfdc 460->467 462->406 463->441 464->452 465->424 466->418 472 73dfef 467->472 473 73dfde-73dfe9 467->473 468->392 472->459 474 73dfeb 473->474 475 73dfed 473->475 474->459 475->467
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 0073DDE5
                                                                                                                                                                      • ReadFile.KERNELBASE(?,?,?,?,?), ref: 0073DE77
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FilePriorityReadThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3643687941-0
                                                                                                                                                                      • Opcode ID: 9f4b552b7fe5921ad1827bd58a9bd8c1beba34a1a7c3d9b485141988ff248be8
                                                                                                                                                                      • Instruction ID: 28bb5b7bcd8b47464e399ae7202c0fbfb0bc954208fc71f55017944a545a298c
                                                                                                                                                                      • Opcode Fuzzy Hash: 9f4b552b7fe5921ad1827bd58a9bd8c1beba34a1a7c3d9b485141988ff248be8
                                                                                                                                                                      • Instruction Fuzzy Hash: 70A16B71500609EFEF218F50DCC8BEA7BBDFB18705F208262E916C9096E7B8DA54DB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 476 73f264-73f27b GetFileAttributesW 477 73f2db-73f2ed SetThreadPriority call 731574 476->477 478 73f27d-73f289 call 73bb50 476->478 485 73f2f8 477->485 486 73f2ef-73f2f6 477->486 483 73f28b-73f299 call 73a064 478->483 484 73f2cd-73f2d8 call 73684c 478->484 483->484 493 73f29b-73f29f 483->493 489 73f2ff-73f312 call 736830 485->489 486->489 497 73f319-73f359 call 73c0f8 call 73f0c0 call 73684c FindFirstFileExW 489->497 495 73f2a1-73f2a5 493->495 496 73f2a7-73f2ca call 73c0f8 call 737260 call 73eec8 493->496 495->484 495->496 510 73f491-73f4a6 call 73684c 497->510 511 73f35f-73f36d 497->511 515 73f4aa-73f4be 510->515 516 73f4a8-73f4c6 call 73684c 510->516 517 73f372-73f37b 511->517 515->497 525 73f4cb-73f4ce 516->525 519 73f385 517->519 520 73f37d-73f383 517->520 523 73f470-73f482 FindNextFileW 519->523 520->519 522 73f38a-73f394 520->522 526 73f396 522->526 527 73f39b-73f3a2 522->527 523->517 524 73f488-73f48b FindClose 523->524 524->510 526->523 528 73f3a4-73f3a8 527->528 529 73f3af-73f3b3 527->529 528->529 530 73f3aa 528->530 531 73f3b5-73f3bd call 73f210 529->531 532 73f3dd-73f3e5 call 73f178 529->532 530->523 537 73f3d8 531->537 538 73f3bf-73f3d6 call 73f124 531->538 539 73f3e7 532->539 540 73f3ec-73f3f3 532->540 537->523 538->537 539->523 542 73f400-73f40a call 73bb50 540->542 543 73f3f5-73f3fc 540->543 548 73f40e-73f42c call 73f124 call 737260 call 73eec8 542->548 549 73f40c 542->549 543->542 546 73f3fe 543->546 546->523 555 73f431-73f438 548->555 549->523 555->523 556 73f43a-73f43c 555->556 557 73f465 556->557 558 73f43e-73f463 556->558 557->523 558->523
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 0073F270
                                                                                                                                                                      • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 0073F2DF
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,00755180,003D0900), ref: 0073F34C
                                                                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?), ref: 0073F47A
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF), ref: 0073F48B
                                                                                                                                                                        • Part of subcall function 0073A064: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0073A086
                                                                                                                                                                        • Part of subcall function 0073A064: FindClose.KERNELBASE(000000FF), ref: 0073A0AC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3755735135-0
                                                                                                                                                                      • Opcode ID: 63d612d418e6407c1db8020e833745373d6080c23d645b4e611fb3a231a188db
                                                                                                                                                                      • Instruction ID: c690aa04b48f27de92699b7b71eee45fd9184efdd18e1e92a8fd18d84dea3535
                                                                                                                                                                      • Opcode Fuzzy Hash: 63d612d418e6407c1db8020e833745373d6080c23d645b4e611fb3a231a188db
                                                                                                                                                                      • Instruction Fuzzy Hash: 54617830C00609EEFF21AF64CC49BEEBB75BF05385F108162F810661A2DBBD9A95DB45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 580 73763c-737663 582 7377f2-7377f7 580->582 583 737669-73767d call 736830 580->583 586 737683-7376d0 call 7316d0 FindFirstFileExW 583->586 587 7377d6-7377da 583->587 586->587 597 7376d6-7376df 586->597 588 7377e4-7377e8 587->588 589 7377dc-7377df call 73684c 587->589 588->582 591 7377ea-7377ed call 73684c 588->591 589->588 591->582 598 7377b5-7377c7 FindNextFileW 597->598 599 7376e5-7376eb 597->599 598->597 601 7377cd 598->601 599->598 600 7376f1-73771f call 736830 599->600 600->598 606 737725-737761 GetFileAttributesW 600->606 601->587 610 737763-73776e 606->610 611 73779e-7377a1 call 736654 606->611 616 737772-73777d 610->616 617 737770 610->617 613 7377a6-7377ae call 73684c 611->613 613->598 620 737789 616->620 621 73777f-73778b call 73763c 616->621 619 73778d-73779c call 73684c 617->619 619->598 620->619 621->610
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00736830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,007476B5,?,00000000,00000000), ref: 00736841
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 007376C3
                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00000000), ref: 00737756
                                                                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?), ref: 007377BF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Find$AllocateAttributesFirstHeapNext
                                                                                                                                                                      • String ID: <us
                                                                                                                                                                      • API String ID: 2400493143-1232365779
                                                                                                                                                                      • Opcode ID: 96444867803d6adbd67d3d7dc176f21b9cf1b8f65d7568c22876b0929c84e434
                                                                                                                                                                      • Instruction ID: 50cb3e622765d822aee189e3ff1ea29dd0f3d09d4001e033d3d2a456b933d179
                                                                                                                                                                      • Opcode Fuzzy Hash: 96444867803d6adbd67d3d7dc176f21b9cf1b8f65d7568c22876b0929c84e434
                                                                                                                                                                      • Instruction Fuzzy Hash: 94415CB0C04218EBEF256FA0DC4DBEEBB79BF04346F108560E411A50B2E7BA5A64DF55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 627 735c34-735c45 628 735c47-735c61 call 735afc 627->628 629 735c66-735c6d 627->629 628->629 631 735c6f-735c89 call 735afc 629->631 632 735c8e-735c95 629->632 631->632 633 735c97-735cb1 call 735afc 632->633 634 735cb6-735cbd call 731668 632->634 633->634 641 735cc2-735cc6 634->641 642 735cc8-735cf2 call 731250 641->642 643 735ced-735cf0 641->643 647 735cf9-735d14 FindFirstFileW 642->647 643->641 648 735d16-735d27 call 7311d4 647->648 649 735d64-735d68 647->649 659 735d47-735d59 FindNextFileW 648->659 660 735d29-735d3b FindClose call 735a30 648->660 650 735d6a-735dac 649->650 651 735d6c-735d76 649->651 654 735d9b-735d9e 651->654 655 735d78-735d7d 651->655 654->647 657 735d96-735d99 655->657 658 735d7f-735d94 call 731250 655->658 657->655 658->654 659->648 662 735d5b-735d5e FindClose 659->662 664 735d40-735d44 660->664 662->649
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00735D07
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00735D2C
                                                                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00735D51
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF), ref: 00735D5E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1164774033-0
                                                                                                                                                                      • Opcode ID: 7d3222646042240e88ef4c0cfc772ff651a7a7fc24d4a2c2f56908737835f6b2
                                                                                                                                                                      • Instruction ID: 0c1913968acc70f1a449bba838cb29d04ca799914e669e3b635680063c8b8ac4
                                                                                                                                                                      • Opcode Fuzzy Hash: 7d3222646042240e88ef4c0cfc772ff651a7a7fc24d4a2c2f56908737835f6b2
                                                                                                                                                                      • Instruction Fuzzy Hash: 10417E70900B48EFEB209F60DC99BA97B78FB10306F60D596E4049E172E7BC49C5DB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,0074712D), ref: 0073B6AD
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 0073B6BF
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 0073B6D4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1801817001-0
                                                                                                                                                                      • Opcode ID: c41716a4af5e79f388c4b5a18c01019300bdae3b8c1f8c02a416841f85cb8490
                                                                                                                                                                      • Instruction ID: 278d9bb05e6ce96e7fa9b5ee89e37de48da5c8950f2baeaf0be02e4a46f4d010
                                                                                                                                                                      • Opcode Fuzzy Hash: c41716a4af5e79f388c4b5a18c01019300bdae3b8c1f8c02a416841f85cb8490
                                                                                                                                                                      • Instruction Fuzzy Hash: B9F0F8B1240754AFFB21AB948C8AF95379C9B0A722F104360B7319E1D6D7B884448766
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00736830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,007476B5,?,00000000,00000000), ref: 00736841
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00737E4E
                                                                                                                                                                      • Sleep.KERNELBASE(000007D0,?), ref: 00737F15
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeapInformationQuerySleepSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3184523392-0
                                                                                                                                                                      • Opcode ID: 18785f1faeae1c1fe935885a4b231ee13cb03af1de731ab993f3b0a0e27d88bb
                                                                                                                                                                      • Instruction ID: 70d7ee472a4f44b0e2286372be8d061923d9b8af12c89cf56d1e8e14331c3600
                                                                                                                                                                      • Opcode Fuzzy Hash: 18785f1faeae1c1fe935885a4b231ee13cb03af1de731ab993f3b0a0e27d88bb
                                                                                                                                                                      • Instruction Fuzzy Hash: DF2160B1804208FFEF159F90DC48BDEBBB9FF04305F608095E914AA152D77A9A45DF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00738F5A
                                                                                                                                                                        • Part of subcall function 007397A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                        • Part of subcall function 00739850: NtClose.NTDLL(00000000), ref: 00739941
                                                                                                                                                                      • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00738F91
                                                                                                                                                                        • Part of subcall function 00738D78: OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00738DB6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1903255304-0
                                                                                                                                                                      • Opcode ID: a63b3621d89c6d1f59a6bcb077ceebc02eb8378c1bfc3e7326312f0c734b6164
                                                                                                                                                                      • Instruction ID: 768fe4a03b10bca50a1de0d98414edff5d7ae01e0ff197ff91d3689b60d18438
                                                                                                                                                                      • Opcode Fuzzy Hash: a63b3621d89c6d1f59a6bcb077ceebc02eb8378c1bfc3e7326312f0c734b6164
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A218470A01309FBFB50ABA0CC4EFDE7AB99F00706F504155B614B61D2EBB89A84C756
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00738F5A
                                                                                                                                                                        • Part of subcall function 007397A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                        • Part of subcall function 00739850: NtClose.NTDLL(00000000), ref: 00739941
                                                                                                                                                                      • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00738F91
                                                                                                                                                                        • Part of subcall function 00738D78: OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00738DB6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1903255304-0
                                                                                                                                                                      • Opcode ID: e41f31ce6dbcc4fbe7dc515044571c4f22cab79beca95686c5e4ddd3d8c531b6
                                                                                                                                                                      • Instruction ID: dc02ffb7682fcb101228410ca87c6820015b429bc46dede1df1df120a179ec29
                                                                                                                                                                      • Opcode Fuzzy Hash: e41f31ce6dbcc4fbe7dc515044571c4f22cab79beca95686c5e4ddd3d8c531b6
                                                                                                                                                                      • Instruction Fuzzy Hash: 77218470A01309FBFB50ABA0CC4EFDE7AB99F00706F504155B614B61D2EBB89A84C756
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00737560: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 007375CF
                                                                                                                                                                        • Part of subcall function 00737560: FindClose.KERNELBASE(000000FF), ref: 0073762C
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 007374EF
                                                                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?), ref: 00737546
                                                                                                                                                                        • Part of subcall function 0073763C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 007376C3
                                                                                                                                                                        • Part of subcall function 0073763C: GetFileAttributesW.KERNELBASE(00000000), ref: 00737756
                                                                                                                                                                        • Part of subcall function 0073763C: FindNextFileW.KERNELBASE(000000FF,?), ref: 007377BF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileFind$First$Next$AttributesClose
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 95010735-0
                                                                                                                                                                      • Opcode ID: 5e539c806909b8b0bdb743ca67e152082cc24b791d15b4f10094fd1f946a0aa1
                                                                                                                                                                      • Instruction ID: 0ae88cbc97c36e621a05c706632632e4535f617d08976f9e00b162edd150ac76
                                                                                                                                                                      • Opcode Fuzzy Hash: 5e539c806909b8b0bdb743ca67e152082cc24b791d15b4f10094fd1f946a0aa1
                                                                                                                                                                      • Instruction Fuzzy Hash: F82121B194020DEBDB24EB90DD4DFD9777CAB14302F4040A1B909D61A1F7799B64CF65
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 007375CF
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF), ref: 0073762C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                      • Opcode ID: 0fac50281dc261d2bed0d2bec1b19a700c7d743f04710391568cc06f7b17a26d
                                                                                                                                                                      • Instruction ID: e6a1c1e84428ba6d5ad2a0ac4263a3118148a7d62e139a70fb7aaf9f4bb6917b
                                                                                                                                                                      • Opcode Fuzzy Hash: 0fac50281dc261d2bed0d2bec1b19a700c7d743f04710391568cc06f7b17a26d
                                                                                                                                                                      • Instruction Fuzzy Hash: FD210EB0800608EFDB109F94DD5DBDDBBB9FB04306F1081A1E908AA161E7799AA9CF55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00737E4E
                                                                                                                                                                      • Sleep.KERNELBASE(000007D0,?), ref: 00737F15
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationQuerySleepSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3518162127-0
                                                                                                                                                                      • Opcode ID: ddeb84f47d0b6bd912d712811d37a932b41b1595e614bd34963a347c95f009c2
                                                                                                                                                                      • Instruction ID: c024024f1fc09ed9643f2505d6b732dc7e093467230917359b30e7746a3a298f
                                                                                                                                                                      • Opcode Fuzzy Hash: ddeb84f47d0b6bd912d712811d37a932b41b1595e614bd34963a347c95f009c2
                                                                                                                                                                      • Instruction Fuzzy Hash: B02160B1804209EFEF15DF90CC48BDDBBB9FF04305F208095E900AA152D7BA9A45DF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00737E4E
                                                                                                                                                                      • Sleep.KERNELBASE(000007D0,?), ref: 00737F15
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationQuerySleepSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3518162127-0
                                                                                                                                                                      • Opcode ID: 0811bd0b9f98c5075209fa064e38ac4f0a670c41ccde83e8b55eaf99e88485b8
                                                                                                                                                                      • Instruction ID: c024024f1fc09ed9643f2505d6b732dc7e093467230917359b30e7746a3a298f
                                                                                                                                                                      • Opcode Fuzzy Hash: 0811bd0b9f98c5075209fa064e38ac4f0a670c41ccde83e8b55eaf99e88485b8
                                                                                                                                                                      • Instruction Fuzzy Hash: B02160B1804209EFEF15DF90CC48BDDBBB9FF04305F208095E900AA152D7BA9A45DF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,0073DDD4,00000000,00000000,00000000,?,00000000), ref: 0073E195
                                                                                                                                                                      • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 0073E1A8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseCreateThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 562768112-0
                                                                                                                                                                      • Opcode ID: 336e24741750a0966e1a2c2b654a688f5af11f802c38b62f2a079642e488259b
                                                                                                                                                                      • Instruction ID: 84a1097b56dc918ce4a373d9ab959db1ba494587bcf5cbff91e5ee7138d26c19
                                                                                                                                                                      • Opcode Fuzzy Hash: 336e24741750a0966e1a2c2b654a688f5af11f802c38b62f2a079642e488259b
                                                                                                                                                                      • Instruction Fuzzy Hash: CC01D630740B19EBF720AB54AC99BCD7364EB04B16F604210FA01A22E2EBF86D048699
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 0073B3F4
                                                                                                                                                                      • NtClose.NTDLL(00000008), ref: 0073B402
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseInformationThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3167811113-0
                                                                                                                                                                      • Opcode ID: c312fa7ba94fa214c0dd12701e66abdf9d70315fc07b92a95e8f2f244930fe2c
                                                                                                                                                                      • Instruction ID: 468cce17d33736904ef98cbf74b77e61b8258383248389fa7000f3192babdd43
                                                                                                                                                                      • Opcode Fuzzy Hash: c312fa7ba94fa214c0dd12701e66abdf9d70315fc07b92a95e8f2f244930fe2c
                                                                                                                                                                      • Instruction Fuzzy Hash: 02014470500208EFFB10CF50DC99FAABBB8FB00305F50C165EA149B1A1D7B99A55DB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0073A086
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF), ref: 0073A0AC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                      • Opcode ID: 1dbee43f9dd6673f38c87c13108991d164ca39918a369f72d29889788a481fd4
                                                                                                                                                                      • Instruction ID: 17e11d7d78f586f5fa38bdfdfa5fadf40feda14145c1ed81f4a72ec0fc26ea80
                                                                                                                                                                      • Opcode Fuzzy Hash: 1dbee43f9dd6673f38c87c13108991d164ca39918a369f72d29889788a481fd4
                                                                                                                                                                      • Instruction Fuzzy Hash: 27F01774901308EFDB20DF94CC49B9CBBB5EB44311F208295A818AB2A0E7756A91CF84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                                      • Opcode ID: 17a14b6dc228718490169eb974ea71c21cbe30e09dcc35ed04d72bb2f881f3c2
                                                                                                                                                                      • Instruction ID: aa7f1337b144e7eb3a788508ad799b372a65713b57dbd1d07bba7d4349884256
                                                                                                                                                                      • Opcode Fuzzy Hash: 17a14b6dc228718490169eb974ea71c21cbe30e09dcc35ed04d72bb2f881f3c2
                                                                                                                                                                      • Instruction Fuzzy Hash: AF31BA7080020CEFEB01CF94D858BDEBBB8FB04319F608159E514BA291D7BA9A49DF95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00736830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,007476B5,?,00000000,00000000), ref: 00736841
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3114120137-0
                                                                                                                                                                      • Opcode ID: c9957bc5a4890472db30484e5a211300590210d2ce224db09fc00c567351e4fd
                                                                                                                                                                      • Instruction ID: 4162a5c01ade41f95fd84391aac50bb4924205659f2aff34d5caf5eaf6a6a139
                                                                                                                                                                      • Opcode Fuzzy Hash: c9957bc5a4890472db30484e5a211300590210d2ce224db09fc00c567351e4fd
                                                                                                                                                                      • Instruction Fuzzy Hash: F2114876D00108FFEF11DF94D884ADDBB78EF09310F6081A2EA10A7152D7BA5A50EF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 00735A81
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Load
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                                      • Opcode ID: b23462bfff5348a7eeede6d4b864c78e4f060d57bc68ae5349a842d75332c6f6
                                                                                                                                                                      • Instruction ID: 049a8b986085e7908fe00ade200354000585b825979fb9834c6c754b23217628
                                                                                                                                                                      • Opcode Fuzzy Hash: b23462bfff5348a7eeede6d4b864c78e4f060d57bc68ae5349a842d75332c6f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 35F03C7690020DFADF10EAA4D848FDEB7BCEB04315F5081A2E908E3041D638AB489BA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 0073B5FA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationQueryToken
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4239771691-0
                                                                                                                                                                      • Opcode ID: f0bd5d8d8284a237dab95c41fdc82cf6bdcc7bd75b5266be0297370f499aded1
                                                                                                                                                                      • Instruction ID: 4ef50b37c5c9bd39536e1573e8d80087cb3b497dd97827e98809a62ae326548b
                                                                                                                                                                      • Opcode Fuzzy Hash: f0bd5d8d8284a237dab95c41fdc82cf6bdcc7bd75b5266be0297370f499aded1
                                                                                                                                                                      • Instruction Fuzzy Hash: D5F05431600208EFEB50CF94DC86EE9B77DFB04716F904165FA14D31A2E7A5AE44CB10
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtTerminateProcess.NTDLL(00737D88,00000000), ref: 0073DC1F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 560597551-0
                                                                                                                                                                      • Opcode ID: 1c6dc6bcd98294dac3af9a8aed191b008e9e04cb6e596db2da9bbdd8d71531ba
                                                                                                                                                                      • Instruction ID: a41a028df08cfdd2c5998a4b61180316370cbeb564ee65f4311e81f67c08dce2
                                                                                                                                                                      • Opcode Fuzzy Hash: 1c6dc6bcd98294dac3af9a8aed191b008e9e04cb6e596db2da9bbdd8d71531ba
                                                                                                                                                                      • Instruction Fuzzy Hash: 6701EC70900308EFDB00CF90D858BDEBBB8FB04319F508198E504AB291D7BB9646CF95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationQuerySystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3562636166-0
                                                                                                                                                                      • Opcode ID: 5e9785a3f49ea81ed6c39688363848a4c3528b729b70f4cf1b62fcc48ad826c8
                                                                                                                                                                      • Instruction ID: 090328959cf225e01271549dd0590c87a7086ac04e438836c9f5daac9e6cd271
                                                                                                                                                                      • Opcode Fuzzy Hash: 5e9785a3f49ea81ed6c39688363848a4c3528b729b70f4cf1b62fcc48ad826c8
                                                                                                                                                                      • Instruction Fuzzy Hash: CDF0DA39904108FBEF519F84D884BECBB74EF55311F648092EB01A7156D3BA9A50EB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationQuerySystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3562636166-0
                                                                                                                                                                      • Opcode ID: 97d2bff584777b1239d2814068d560df6e738936f2257a78de2a40311502159b
                                                                                                                                                                      • Instruction ID: 090328959cf225e01271549dd0590c87a7086ac04e438836c9f5daac9e6cd271
                                                                                                                                                                      • Opcode Fuzzy Hash: 97d2bff584777b1239d2814068d560df6e738936f2257a78de2a40311502159b
                                                                                                                                                                      • Instruction Fuzzy Hash: CDF0DA39904108FBEF519F84D884BECBB74EF55311F648092EB01A7156D3BA9A50EB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 0073A44B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DriveLogicalStrings
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2022863570-0
                                                                                                                                                                      • Opcode ID: 2328129197aeaa76e74cf6e9c5b35fe5c0b36d70b010c5054957ce5950f1d3f3
                                                                                                                                                                      • Instruction ID: 675021479d586000c8db80b0c98624459d6b8fb6d317ceec657b5c82494f2ffc
                                                                                                                                                                      • Opcode Fuzzy Hash: 2328129197aeaa76e74cf6e9c5b35fe5c0b36d70b010c5054957ce5950f1d3f3
                                                                                                                                                                      • Instruction Fuzzy Hash: 59C09236000348EF8B029F88ED48C85BFEAEB18701704C061F6094B131DB72E830EB99
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 340 73bb94-73bbbe 342 73bbc0 340->342 343 73bbc5-73bbdc 340->343 344 73bde8-73bdec 342->344 348 73bbe3-73bbf0 call 736830 343->348 349 73bbde 343->349 346 73bdf7-73bdfb 344->346 347 73bdee 344->347 350 73be06-73be0a 346->350 351 73bdfd-73be00 DeleteDC 346->351 347->346 359 73bbf2 348->359 360 73bbf7-73bc52 call 731250 CreateDCW 348->360 349->344 353 73be14-73be18 350->353 354 73be0c-73be0f call 73684c 350->354 351->350 357 73be23-73be28 353->357 358 73be1a 353->358 354->353 358->357 359->344 364 73bc54 360->364 365 73bc59-73bd23 call 731250 StartDocW 360->365 364->344 376 73bd25 365->376 377 73bd2a-73bd35 call 731730 365->377 376->344 380 73bd3a-73bd46 377->380 382 73bd4a-73bdc2 DrawTextA EndPage 380->382 383 73bd48 380->383 382->380 384 73bdc8-73bdd7 EndDoc call 731730 382->384 383->384 387 73bddc-73bddf 384->387 387->344
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Delete
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1035893169-0
                                                                                                                                                                      • Opcode ID: adfcfd92a4e677de9698e7bb0cf73af537b60bec9c9c4563b4d6f23764bbea37
                                                                                                                                                                      • Instruction ID: bab3be8ba94fc0e9cc81f87f9453e8d72a53172f2b29be1148eb1b9c2bd1887a
                                                                                                                                                                      • Opcode Fuzzy Hash: adfcfd92a4e677de9698e7bb0cf73af537b60bec9c9c4563b4d6f23764bbea37
                                                                                                                                                                      • Instruction Fuzzy Hash: E1811170940208FFEF119FA0DC49BEDBB75FB18302F608499F605AA1A1D7BA5A50EF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 560 73c1e8-73c213 CreateFileW 561 73c349-73c34f 560->561 562 73c219-73c232 560->562 563 73c238-73c24a call 7317bc 562->563 566 73c251-73c274 WriteFile 563->566 567 73c276-73c285 566->567 568 73c288-73c2ad WriteFile 566->568 569 73c2c1-73c2e4 WriteFile 568->569 570 73c2af-73c2be 568->570 572 73c2e6-73c2f5 569->572 573 73c2f8-73c31d WriteFile 569->573 574 73c331-73c33e 573->574 575 73c31f-73c32e 573->575 574->566 578 73c344 574->578 578->563
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 0073C206
                                                                                                                                                                      • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00756000,?,?,?,00000000), ref: 0073C267
                                                                                                                                                                      • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 0073C2A0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Write$Create
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1602526932-0
                                                                                                                                                                      • Opcode ID: d80efcbf182989a888222b42e1a2d628b8b971e002b7bf714928317f7395b044
                                                                                                                                                                      • Instruction ID: 099fa7fc663e60e327b82de490f347232fd6dd0a096cb831f8037db1e5a89f2c
                                                                                                                                                                      • Opcode Fuzzy Hash: d80efcbf182989a888222b42e1a2d628b8b971e002b7bf714928317f7395b044
                                                                                                                                                                      • Instruction Fuzzy Hash: 5F413D31A0020CEFDB01DBD4EC45BEEFB7AEB54312F5081A6E604F2191E7B64A64DB95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 666 73e3b8-73e3f6 SetFileAttributesW CreateFileW 667 73e3f8-73e415 SetFilePointerEx 666->667 668 73e46d-73e474 666->668 669 73e417-73e434 ReadFile 667->669 670 73e464 667->670 669->670 671 73e436-73e44b call 73e2ac 669->671 670->668 671->670 674 73e44d-73e455 671->674 675 73e457 674->675 676 73e45e-73e45f call 73684c 674->676 675->676 676->670
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0073E3D1
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0073E3E9
                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 0073E40D
                                                                                                                                                                      • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 0073E42C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$AttributesCreatePointerRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4170910816-0
                                                                                                                                                                      • Opcode ID: ab46793db3fdaff267adcbc5987444761b55603a3d68a6337ecc7a0536366bb4
                                                                                                                                                                      • Instruction ID: 5d48ac975fa0e8107634ace66d3ea8f8084b65d86f9dcf2419fb6b9c80ede1ff
                                                                                                                                                                      • Opcode Fuzzy Hash: ab46793db3fdaff267adcbc5987444761b55603a3d68a6337ecc7a0536366bb4
                                                                                                                                                                      • Instruction Fuzzy Hash: AA111270640309FBFF219FA4DC49F997B7ABB04701F50C164B604E60D2EBB59A548B14
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 678 73eec8-73eee3 679 73f0b1-73f0ba 678->679 680 73eee9-73eef3 call 73e308 678->680 683 73f0a9-73f0ac call 73684c 680->683 684 73eef9-73ef03 call 73e3b8 680->684 683->679 684->683 688 73ef09-73ef13 call 73eb34 684->688 691 73ef15-73ef26 call 73eb5c 688->691 692 73ef28-73ef36 call 73ec40 688->692 697 73ef39-73ef3d 691->697 692->697 697->683 698 73ef43-73ef53 MoveFileExW 697->698 699 73ef57-73ef62 698->699 700 73ef55 698->700 701 73ef90-73ef9f call 73684c 699->701 702 73ef64-73ef88 call 73684c call 73ec40 699->702 703 73efa3-73efa7 700->703 701->703 718 73ef8a 702->718 719 73ef8c 702->719 706 73f09b-73f09f 703->706 707 73efad-73efcf CreateFileW 703->707 706->683 712 73f0a1-73f0a4 call 73684c 706->712 710 73efd1 707->710 711 73efd6-73efef call 73ec8c 707->711 710->706 721 73eff1-73effa 711->721 722 73efff-73f014 CreateIoCompletionPort 711->722 712->683 718->703 719->698 721->706 723 73f016-73f036 call 73684c 722->723 724 73f038-73f05a 722->724 723->706 728 73f07e-73f094 724->728 729 73f05c-73f07c call 73684c 724->729 728->706 729->706
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0073E308: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0073E329
                                                                                                                                                                        • Part of subcall function 0073E308: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0073E341
                                                                                                                                                                        • Part of subcall function 0073E3B8: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0073E3D1
                                                                                                                                                                        • Part of subcall function 0073E3B8: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0073E3E9
                                                                                                                                                                        • Part of subcall function 0073E3B8: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 0073E40D
                                                                                                                                                                        • Part of subcall function 0073E3B8: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 0073E42C
                                                                                                                                                                      • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0073EF4B
                                                                                                                                                                      • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0073F00C
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 0073EFC2
                                                                                                                                                                        • Part of subcall function 0073684C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00747745,00000000), ref: 0073685D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 97630321-0
                                                                                                                                                                      • Opcode ID: efc26a2b9853d4bb184c8eac81f8bdc3cad15c1e0df0e749ed415dd8f1de5324
                                                                                                                                                                      • Instruction ID: 79e1012b23f0bce86e1a2b2ead5f25f9ac00e3b18c6c5ebe0ef71658ef01dd70
                                                                                                                                                                      • Opcode Fuzzy Hash: efc26a2b9853d4bb184c8eac81f8bdc3cad15c1e0df0e749ed415dd8f1de5324
                                                                                                                                                                      • Instruction Fuzzy Hash: 9B512370900708FBFF226FA4DC09BDE7F75AB04346F108064F915A51A2D7BE9A909F44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 739 73c0f8-73c10d 740 73c114-73c125 call 7368fc 739->740 741 73c10f 739->741 745 73c127 740->745 746 73c12c-73c13a GetFileAttributesW 740->746 742 73c1df-73c1e3 741->742 745->742 747 73c158-73c178 call 7316d0 746->747 748 73c13c-73c156 call 7316d0 746->748 755 73c17b-73c17f 747->755 748->755 757 73c181-73c198 call 73c1e8 call 73684c 755->757 758 73c19a-73c1a0 755->758 757->742 759 73c1a2-73c1a5 call 73c1e8 758->759 760 73c1b1-73c1bc GetFileAttributesW 758->760 766 73c1aa-73c1af 759->766 763 73c1ca-73c1da CopyFileW call 73684c 760->763 764 73c1be-73c1c8 call 73684c 760->764 763->742 764->759 766->742
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a21c38deefbc68be5c372e516438066037ba960813a45ba42fa427b56cf239cf
                                                                                                                                                                      • Instruction ID: 31f8df306d0fc708db60340aeb0319336b6d24b69e1e566dc11df126805015be
                                                                                                                                                                      • Opcode Fuzzy Hash: a21c38deefbc68be5c372e516438066037ba960813a45ba42fa427b56cf239cf
                                                                                                                                                                      • Instruction Fuzzy Hash: 7B21D4B184060CFFEF12ABA4DD5AB9C7B72AB15316F6081A0E40579173C7BA0F60BB05
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,0073A440,?,00000004,00000000), ref: 0073A489
                                                                                                                                                                      • ResumeThread.KERNELBASE(00000000), ref: 0073A4CD
                                                                                                                                                                      • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0073A4E5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4070214711-0
                                                                                                                                                                      • Opcode ID: 1a6edd6c7e5e699dae9ebc951198cf9ad57dbd4be03ee1267969225baf1cabae
                                                                                                                                                                      • Instruction ID: 27554df5545679161179433a47fc266b690c6edc5cbeaf2b3118e225c23985c4
                                                                                                                                                                      • Opcode Fuzzy Hash: 1a6edd6c7e5e699dae9ebc951198cf9ad57dbd4be03ee1267969225baf1cabae
                                                                                                                                                                      • Instruction Fuzzy Hash: F611E670900248FFEB11DF94DD0ABDDBBB5FB04312F2081A5F914A62A0E7B95A60EB45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,0073A180,?,00000004,00000000), ref: 0073A1B4
                                                                                                                                                                      • ResumeThread.KERNELBASE(00000000), ref: 0073A1F8
                                                                                                                                                                      • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0073A210
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4070214711-0
                                                                                                                                                                      • Opcode ID: 5ac740c0dc14672b4cc054614271c950a4710d20bb58a30add6e46078eb3a2c5
                                                                                                                                                                      • Instruction ID: 0d16a2a594c7b1931c1204b5e64fa9ea0b46d3c03e3ff1525afaa4c5ec15c383
                                                                                                                                                                      • Opcode Fuzzy Hash: 5ac740c0dc14672b4cc054614271c950a4710d20bb58a30add6e46078eb3a2c5
                                                                                                                                                                      • Instruction Fuzzy Hash: 8A11E53194020CFFDB119F90DD0AB9CBB76BB04312F208290FA54A61A0E7B65A60EB45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                      • String ID: ]qt
                                                                                                                                                                      • API String ID: 2422867632-4201224547
                                                                                                                                                                      • Opcode ID: 0a04c7b0a8c09c6f891c645144a2222e23c10eee18f490a98a49b0b810b14446
                                                                                                                                                                      • Instruction ID: caab13f00b8e1b10d0faa4a7d4ce2ecb420dd8fd17c2e39eb34f8821529d533b
                                                                                                                                                                      • Opcode Fuzzy Hash: 0a04c7b0a8c09c6f891c645144a2222e23c10eee18f490a98a49b0b810b14446
                                                                                                                                                                      • Instruction Fuzzy Hash: 98615B70D00609EFEF119FA0DC99BEEBB75EB04306F208125EA01761A1D7BD6A54DF94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00737823
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                      • String ID: @
                                                                                                                                                                      • API String ID: 2538663250-2766056989
                                                                                                                                                                      • Opcode ID: b0d11b431be8f63eaf4a611c022040db92104477076d9f30365fe6982008b7fc
                                                                                                                                                                      • Instruction ID: 627c9fd1037a081563d62ec0d865e856474a8e8361a2544d058daeae5d43dbf4
                                                                                                                                                                      • Opcode Fuzzy Hash: b0d11b431be8f63eaf4a611c022040db92104477076d9f30365fe6982008b7fc
                                                                                                                                                                      • Instruction Fuzzy Hash: 2CD138B0940209EFEB14EF90D889F9ABB78FF15300F118994E519AF2A2D775DA44CF64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0073E329
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0073E341
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                      • Opcode ID: 3a689099b6644adc6e43c4ca93af02f63350e4c5bee7dd47c4c7c84e2c5f0055
                                                                                                                                                                      • Instruction ID: 5be2b100b5ba8b78279dfbc2b695c27d7ca5fae91327b1ddf7f4672771108ee9
                                                                                                                                                                      • Opcode Fuzzy Hash: 3a689099b6644adc6e43c4ca93af02f63350e4c5bee7dd47c4c7c84e2c5f0055
                                                                                                                                                                      • Instruction Fuzzy Hash: 69118670904308FEFB305F91DC49BAD7B74EB00721F308226F511A61E2D7BD5A94DA45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0073EF4B
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 0073EFC2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CreateMove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3198096935-0
                                                                                                                                                                      • Opcode ID: f53a331b03afb8493c55ed9234b27a19a166b317cf8adcfd89d0a8aeef45b18e
                                                                                                                                                                      • Instruction ID: 4d54490a6fd564e6e18f418dd1eae1729a8a2ad3abcf780d1e345f153fb8478c
                                                                                                                                                                      • Opcode Fuzzy Hash: f53a331b03afb8493c55ed9234b27a19a166b317cf8adcfd89d0a8aeef45b18e
                                                                                                                                                                      • Instruction Fuzzy Hash: 07F0F931E40209FAFF215BA4EC09BDDBB71AB04361F208166F511A40E2D7B95A50EF45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 0073744F
                                                                                                                                                                      • GetDriveTypeW.KERNELBASE(?), ref: 00737465
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Drive$LogicalStringsType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1630765265-0
                                                                                                                                                                      • Opcode ID: 19375a4f11657d5db399d3d6491e36f46d3a44e9367e95c4d1bb3a90885dc20b
                                                                                                                                                                      • Instruction ID: f7ea5d559185b9554f58210c4a159c48c4ae82921fd5ee5ad607f56b04dc23c8
                                                                                                                                                                      • Opcode Fuzzy Hash: 19375a4f11657d5db399d3d6491e36f46d3a44e9367e95c4d1bb3a90885dc20b
                                                                                                                                                                      • Instruction Fuzzy Hash: 05E02BB25047DD67EB30A6D46CC99EB779DCB05301F004290EE54D2002DB98BD86C6D1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0073E329
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0073E341
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                      • Opcode ID: a812a9fba1c121f362183962073ee50faaa560ac2429bb6f8e97f9392c449e5c
                                                                                                                                                                      • Instruction ID: 73520d4a9037c1c54102c623c360357384c01041432817daf07ec58e3ad1067d
                                                                                                                                                                      • Opcode Fuzzy Hash: a812a9fba1c121f362183962073ee50faaa560ac2429bb6f8e97f9392c449e5c
                                                                                                                                                                      • Instruction Fuzzy Hash: 52E04F30640704FAFB311B71DD45B583A21AB04B61F608121F651EA0F2D7BCE950DA0A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,B00CA72F,?,?,0074948F), ref: 007363C5
                                                                                                                                                                        • Part of subcall function 00735DB0: RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,007363FC,0075540C,00735EE8,00000000,00000000,2663F81C), ref: 00735DF4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$AllocateCreate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2875408731-0
                                                                                                                                                                      • Opcode ID: 1f09b642256b78bc3123d88faadba0763ca845f17938f6d0475f6c5d22c07b75
                                                                                                                                                                      • Instruction ID: 926872ccf3c95a624bfdf6e234a69f54be371e647ed068c48fa56e0037753841
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f09b642256b78bc3123d88faadba0763ca845f17938f6d0475f6c5d22c07b75
                                                                                                                                                                      • Instruction Fuzzy Hash: EA3165F17DAFA1B4703032672CAFEDF0C6ECDD6F62F91851478886508789DC640484B9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00737C8F
                                                                                                                                                                        • Part of subcall function 00736830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,007476B5,?,00000000,00000000), ref: 00736841
                                                                                                                                                                        • Part of subcall function 0073DBBC: NtTerminateProcess.NTDLL(00737D88,00000000), ref: 0073DC1F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeapManagerOpenProcessTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3645570960-0
                                                                                                                                                                      • Opcode ID: 654b0a558a8c57cc29035215c1ab9dd865bcca9db26f283c25b34074000bd14a
                                                                                                                                                                      • Instruction ID: e840e85b312d36a052944e2d45b9a3b98d1f808809465381365fb53385adda4d
                                                                                                                                                                      • Opcode Fuzzy Hash: 654b0a558a8c57cc29035215c1ab9dd865bcca9db26f283c25b34074000bd14a
                                                                                                                                                                      • Instruction Fuzzy Hash: 15410671A50209FBEF219B90DC4ABEDBB79FF08B02F508065F600B60E1D7B95A54DB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00735C34: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00735D07
                                                                                                                                                                        • Part of subcall function 00735C34: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00735D2C
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,007363FC,0075540C,00735EE8,00000000,00000000,2663F81C), ref: 00735DF4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1673784098-0
                                                                                                                                                                      • Opcode ID: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                                                                                                                                                                      • Instruction ID: 0246c50b257a330e27a7c543a183997d4d48b472e992b89c3ff39a48a4db639b
                                                                                                                                                                      • Opcode Fuzzy Hash: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                                                                                                                                                                      • Instruction Fuzzy Hash: 8731A33165474A9EEB20CF288881796FAD5BF11310F58D7A9E108CF293E6B9C4C0DB96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0073900C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0073902E
                                                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 0073917F
                                                                                                                                                                        • Part of subcall function 0073DBBC: NtTerminateProcess.NTDLL(00737D88,00000000), ref: 0073DC1F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3176663195-0
                                                                                                                                                                      • Opcode ID: 156e7a4c11a5bd19ca256e612ec25154f09f4d21ae94964567c9ef7ff78b7136
                                                                                                                                                                      • Instruction ID: 2b9db7aea82d98b5b3b28667863142966be43669a8ae3a62c4a541df2d9f8a2b
                                                                                                                                                                      • Opcode Fuzzy Hash: 156e7a4c11a5bd19ca256e612ec25154f09f4d21ae94964567c9ef7ff78b7136
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D31F670940309FFEB11AFA0DC4DBDDBBB9EF04706F4480A4E604BA1A1D7B98A84DB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 007397A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                      • OpenSCManagerW.SECHOST(00000000,00000000,00000001,25DD2DA4), ref: 00738DB6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationManagerOpenQuerySystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1910025873-0
                                                                                                                                                                      • Opcode ID: d48c2b55a8aeab6a2fb719edacbfe4b5af938e1422e28b876e316b84535a1569
                                                                                                                                                                      • Instruction ID: f785bd7ac3ba553365fa663e2e6643b2e7cf22b6ec300c94d8597517a0d30fd2
                                                                                                                                                                      • Opcode Fuzzy Hash: d48c2b55a8aeab6a2fb719edacbfe4b5af938e1422e28b876e316b84535a1569
                                                                                                                                                                      • Instruction Fuzzy Hash: 67314CB0850308EFEB50CF94C958B9DBBB4EB04705F618194F141AB2A1D7B98B54CF52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 64318d134e6a40827773e88ee30e274324a2d8503d214f9713d7912a14ac0d4d
                                                                                                                                                                      • Instruction ID: d5dc917a5c32ae712dc96ce9421a22f015ce6022aef5b199961d478621782279
                                                                                                                                                                      • Opcode Fuzzy Hash: 64318d134e6a40827773e88ee30e274324a2d8503d214f9713d7912a14ac0d4d
                                                                                                                                                                      • Instruction Fuzzy Hash: 83211A71D41208FFEB21AF94DD45BAEBBB0FF15305F1080B5E9046A1A2E7794AA0DB45
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 0073F7B7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                      • Opcode ID: 6e7c087e6759a1cd4f3e0dddc02094e9cbc96288420058f24cd7ce8e5995c1af
                                                                                                                                                                      • Instruction ID: 5b1bf387cfe526fe3ecbcfb554b8caba82792bdb6dd859161d7084ccb25ed007
                                                                                                                                                                      • Opcode Fuzzy Hash: 6e7c087e6759a1cd4f3e0dddc02094e9cbc96288420058f24cd7ce8e5995c1af
                                                                                                                                                                      • Instruction Fuzzy Hash: CEC16BB0900209EFEB10DFA0EC48F9ABBB8FF15345F1088A5E519AB162D779DA44CF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 00739C1B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateMutex
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1964310414-0
                                                                                                                                                                      • Opcode ID: 6a18fb5f144d7dbcb9116d3d07fca99681e6b8368ccc6f38dfa98d8e50cbd282
                                                                                                                                                                      • Instruction ID: 1f1dbddcc74288402156114bc9e6a91ea2648e83c0cb1e3cbca495afecc3fbfb
                                                                                                                                                                      • Opcode Fuzzy Hash: 6a18fb5f144d7dbcb9116d3d07fca99681e6b8368ccc6f38dfa98d8e50cbd282
                                                                                                                                                                      • Instruction Fuzzy Hash: 5C117070804B08EFFB119BA0EC1ABE87BB5AB08302F108151F6419A1E1E7FD1650DB58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0073902E
                                                                                                                                                                        • Part of subcall function 007397A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 007397D5
                                                                                                                                                                        • Part of subcall function 00739850: NtClose.NTDLL(00000000), ref: 00739941
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 327775174-0
                                                                                                                                                                      • Opcode ID: e19a683f4dc398aec1af97f7afa50c6435c00af5f59ef09cd0dec62a0c1f63d0
                                                                                                                                                                      • Instruction ID: 2716301424bff06f36960f99316f6ea85a9cc2b2ffdf106c07fc20ee1c8d75d0
                                                                                                                                                                      • Opcode Fuzzy Hash: e19a683f4dc398aec1af97f7afa50c6435c00af5f59ef09cd0dec62a0c1f63d0
                                                                                                                                                                      • Instruction Fuzzy Hash: 16016770A40309BFFF209FA4CC4DBDDBBB89B00715F508194B615A61D1E7F98A84C751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 0073B683
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustPrivilege
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3260937286-0
                                                                                                                                                                      • Opcode ID: a1ddfcee29d4e9648540aa8c4fbcff42a274530334f5653306291725b35e81a2
                                                                                                                                                                      • Instruction ID: cd7373f5179663e1eafdde89fdb455e25a8d3113955c33f08c0ec47045b1b4f5
                                                                                                                                                                      • Opcode Fuzzy Hash: a1ddfcee29d4e9648540aa8c4fbcff42a274530334f5653306291725b35e81a2
                                                                                                                                                                      • Instruction Fuzzy Hash: 16D02B31204209E7FA2006546C43BF2339CC340312F000316AF03D60C3EB5A594041D9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,007397F5,?,00000400), ref: 0073687C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: fdd3856a70a955811b63554ac5339b419949d8583154cbd8171d72b1491cefd7
                                                                                                                                                                      • Instruction ID: 85ef902ae0a816265f5c2bfaadfe62e4d3b6e4f4b9ff7e99bd02c39021b87219
                                                                                                                                                                      • Opcode Fuzzy Hash: fdd3856a70a955811b63554ac5339b419949d8583154cbd8171d72b1491cefd7
                                                                                                                                                                      • Instruction Fuzzy Hash: 20C08C36080608FFCB406FD4DC09EC97B2CBB28302F40C000B7084A022CA7AE4A4DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,00000000,?,00747745,00000000), ref: 0073685D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                      • Opcode ID: 26080a75d4d8270e0c4f58e32d7964c46f13a40f8ee42b74a770577105f7df64
                                                                                                                                                                      • Instruction ID: 1d55fa13700db6807c3e7132ad4d7e0167bec526a84b9e37e1d023c8165b8cc4
                                                                                                                                                                      • Opcode Fuzzy Hash: 26080a75d4d8270e0c4f58e32d7964c46f13a40f8ee42b74a770577105f7df64
                                                                                                                                                                      • Instruction Fuzzy Hash: 0EC09B76540748EFD7046FD4DC09FD5775CAB58701F814011B7094B162C67AF490D7AC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,007476B5,?,00000000,00000000), ref: 00736841
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 9077e53ce66a3ff6ab0e8b2fed21c422f8ba8a9a613c230570b110c79f42ee35
                                                                                                                                                                      • Instruction ID: 41bd0fd57bb0a83e2e026adfc7a71ec495f73f41a8e199c603c50f3b282135fd
                                                                                                                                                                      • Opcode Fuzzy Hash: 9077e53ce66a3ff6ab0e8b2fed21c422f8ba8a9a613c230570b110c79f42ee35
                                                                                                                                                                      • Instruction Fuzzy Hash: D4C04C76590648EBD6446B949809EC5775CAB64712F418011B7044B162CA79E49197E8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDriveTypeW.KERNELBASE(?), ref: 0073A186
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: DriveType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 338552980-0
                                                                                                                                                                      • Opcode ID: 3c9fb356a788a25902409398b927f46d7e30bd4d50f731dd18f4a7c58845428c
                                                                                                                                                                      • Instruction ID: 57a3438aae8ab3ac654a9edcb7afa4220c872297943c388f5bd9194b74e837e4
                                                                                                                                                                      • Opcode Fuzzy Hash: 3c9fb356a788a25902409398b927f46d7e30bd4d50f731dd18f4a7c58845428c
                                                                                                                                                                      • Instruction Fuzzy Hash: 8DB0123100024CA786005B41EC048C57F5ED7102627008021F5040002097725471D598
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00737823
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                      • Opcode ID: 1e7d267b225c7cbeea1b5ddd02ae4066e3fda96fb5eca85fec7c6b264a6c7887
                                                                                                                                                                      • Instruction ID: 1040d1b285feeb25d59745c8fa0bf11827c0c36097a3c8e6009b5ff9184f21ea
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e7d267b225c7cbeea1b5ddd02ae4066e3fda96fb5eca85fec7c6b264a6c7887
                                                                                                                                                                      • Instruction Fuzzy Hash: 488104B0540304EFE750EF50E989A5ABB78FB66314F56C998D0186F262C37AC944CF64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 74af3dc3155291dac2a9e592b531a26b1dea89b351ef2478d3377b7fb4f970ff
                                                                                                                                                                      • Instruction ID: 81ff9d096cb55f76d1fd4a399e3413401011ee763e5ec98c4872d06817dfd9c6
                                                                                                                                                                      • Opcode Fuzzy Hash: 74af3dc3155291dac2a9e592b531a26b1dea89b351ef2478d3377b7fb4f970ff
                                                                                                                                                                      • Instruction Fuzzy Hash: 8AE1207AA61D428BE728CF18E8D0635B3A2FB99701F1AC538C61587B55C73CB961CA84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                      • Instruction ID: 73d536e1b6ec6594d65516fe86cd85a0b072dbac89541fc161b7aa33d09d6acf
                                                                                                                                                                      • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                      • Instruction Fuzzy Hash: 4FD1E7719083818FD790CF29C58065AF7E1FFD8348F149A1EE9D9D3212E774EA998B42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5aac2abf34f4e18f84981cc6d258ff9a1415de7b139e98ebdf234496b9587fe7
                                                                                                                                                                      • Instruction ID: 983b057d5de679cd3fa2fb537074dbd827e6027e3130b9767c828776be5428b8
                                                                                                                                                                      • Opcode Fuzzy Hash: 5aac2abf34f4e18f84981cc6d258ff9a1415de7b139e98ebdf234496b9587fe7
                                                                                                                                                                      • Instruction Fuzzy Hash: D7D1337AE2154A8BDB14CF58ECD1B7AB372FB98301F09C538CB0197756C638AA12DB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 7b798d7830ff9af2f9bd948575028a5af39353a8205ef50d4fbf252016798211
                                                                                                                                                                      • Instruction ID: 9ff07745c3f027138bb8f627e2bf2c7f0ad4860ec3898e98c84ca43c60102a99
                                                                                                                                                                      • Opcode Fuzzy Hash: 7b798d7830ff9af2f9bd948575028a5af39353a8205ef50d4fbf252016798211
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C310216B8A70E47FFF5E05486816F7A214A3107A0EED052FF88A432874C7C2E879663
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: d541798c596d6007e6e321cef8321fbe890fca77b6d18d47445c180e46b5a38c
                                                                                                                                                                      • Instruction ID: 44c9a7c461d0511f7ddb7a8a2605117b10446a8691397177138ff95d47c16a61
                                                                                                                                                                      • Opcode Fuzzy Hash: d541798c596d6007e6e321cef8321fbe890fca77b6d18d47445c180e46b5a38c
                                                                                                                                                                      • Instruction Fuzzy Hash: 6B315A76A21E069BD328CF19D884925F7A1FF9D301B15CA28CA5983B52C338F951CB84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000000.00000002.1876303925.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                      • Associated: 00000000.00000002.1876281490.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876333113.000000000074A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876353254.000000000074B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876374219.0000000000754000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876396922.0000000000756000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      • Associated: 00000000.00000002.1876417682.0000000000757000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_0_2_730000_98ST13Qdiy.jbxd
                                                                                                                                                                      Yara matches
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                      • Instruction ID: a0ae6423cf53d86fa82b8033daea8a209b36c4a473f02d72a3ee9d0eb7558e52
                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                      • Instruction Fuzzy Hash: FFE04FBB70D3025FF928951174533A78387C780675E25849EF506DF1C4EF1BE8A52046
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:32.4%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                      Total number of Nodes:160
                                                                                                                                                                      Total number of Limit Nodes:1
                                                                                                                                                                      execution_graph 890 403983 893 40389c 890->893 902 402a78 893->902 897 403903 932 4022dc 897->932 938 4028ba 902->938 904 402a9e 904->897 907 4026c0 904->907 905 402af0 CreateMutexW 905->904 952 4024f8 907->952 909 402729 909->897 913 402f18 909->913 910 4026e7 CreateFileW 910->909 911 40270b ReadFile 910->911 911->909 914 402f2e 913->914 914->914 956 40227c FindFirstFileExW 914->956 915 402f67 CreateFileW 917 402f57 915->917 920 402faf 915->920 916 402faa 919 4030c5 NtFreeVirtualMemory 916->919 921 4030ed 916->921 917->915 917->916 918 402fb4 NtAllocateVirtualMemory 918->920 927 402fe8 918->927 919->916 920->918 920->927 922 4030f3 NtClose 921->922 923 4030ff 921->923 922->923 958 402e10 923->958 925 40311f 925->897 926 40304b WriteFile 926->927 928 403068 SetFilePointerEx 926->928 927->916 927->926 929 403095 SetFilePointerEx 927->929 928->926 928->927 929->927 933 402303 932->933 934 402335 GetShortPathNameW 933->934 935 402330 27 API calls 933->935 934->935 936 40235e 934->936 936->935 937 40246d ShellExecuteW 936->937 937->935 939 4028dd 938->939 942 402760 CreateFileW 939->942 943 4027da 942->943 944 402797 942->944 945 402802 943->945 946 4027f6 NtClose 943->946 944->943 950 4020bc 944->950 945->904 945->905 946->945 947 4027b7 947->943 948 4027c0 ReadFile 947->948 948->943 951 4020c8 RtlAllocateHeap 950->951 951->947 953 402512 952->953 955 402760 4 API calls 953->955 954 402522 954->909 954->910 955->954 957 4022af 956->957 957->917 960 402e2e 958->960 959 402e37 DeleteFileW 959->925 960->959 960->960 961 402e7c MoveFileExW 960->961 961->959 961->960 962 403956 963 403963 962->963 964 403976 962->964 971 4019d4 963->971 1009 4016b4 971->1009 974 4016b4 9 API calls 975 4019f4 974->975 976 4016b4 9 API calls 975->976 977 401a05 976->977 978 4016b4 9 API calls 977->978 979 401a16 978->979 980 4016b4 9 API calls 979->980 981 401a27 980->981 982 4016b4 9 API calls 981->982 983 401a38 982->983 984 401b70 RtlCreateHeap 983->984 985 401ba6 RtlCreateHeap 984->985 995 401ba1 984->995 986 401bcb 985->986 985->995 986->995 1057 401a40 986->1057 988 401c03 989 401a40 RtlAllocateHeap 988->989 988->995 990 401c59 989->990 991 401a40 RtlAllocateHeap 990->991 990->995 992 401caf 991->992 993 401a40 RtlAllocateHeap 992->993 992->995 994 401d05 993->994 994->995 996 401a40 RtlAllocateHeap 994->996 1001 402812 995->1001 1005 402836 995->1005 997 401d55 996->997 997->995 1062 401d94 997->1062 998 401d7a 1065 401dc2 998->1065 1002 402836 1001->1002 1003 402850 RtlAdjustPrivilege 1002->1003 1004 40284e 1002->1004 1003->1002 1003->1004 1004->964 1006 402849 1005->1006 1007 402850 RtlAdjustPrivilege 1006->1007 1008 40284e 1006->1008 1007->1006 1007->1008 1008->964 1010 40176f 1009->1010 1011 4016cf 1009->1011 1010->974 1012 4016f5 NtAllocateVirtualMemory 1011->1012 1035 401000 1011->1035 1012->1010 1014 40172f NtAllocateVirtualMemory 1012->1014 1014->1010 1016 401752 1014->1016 1020 40152c 1016->1020 1018 40175f 1018->1010 1019 401000 3 API calls 1018->1019 1019->1018 1021 401540 1020->1021 1022 401558 1020->1022 1023 401000 3 API calls 1021->1023 1024 401000 3 API calls 1022->1024 1025 40157e 1022->1025 1023->1022 1024->1025 1026 401000 3 API calls 1025->1026 1029 4015a4 1025->1029 1026->1029 1027 4015ed FindFirstFileExW 1027->1029 1028 40166c 1028->1018 1029->1027 1029->1028 1030 401649 FindNextFileW 1029->1030 1031 40162a FindClose 1029->1031 1030->1029 1033 40165d FindClose 1030->1033 1043 401474 1031->1043 1033->1029 1034 401641 1034->1018 1036 401012 1035->1036 1037 40102a 1035->1037 1038 401000 3 API calls 1036->1038 1039 401000 3 API calls 1037->1039 1040 401050 1037->1040 1038->1037 1039->1040 1041 4010fb 1040->1041 1046 401394 1040->1046 1041->1012 1044 40148a 1043->1044 1045 4014b8 LdrLoadDll 1044->1045 1045->1034 1047 4013ee 1046->1047 1048 4013be 1046->1048 1047->1041 1048->1047 1049 401474 LdrLoadDll 1048->1049 1050 4013d2 1049->1050 1050->1047 1050->1050 1052 4014d8 1050->1052 1053 4014ee 1052->1053 1054 40150f LdrGetProcedureAddress 1052->1054 1056 4014fa LdrGetProcedureAddress 1053->1056 1055 401521 1054->1055 1055->1047 1056->1055 1058 401a5d RtlAllocateHeap 1057->1058 1059 401a79 1058->1059 1060 401a85 1058->1060 1059->988 1060->1058 1061 401b5b 1060->1061 1061->988 1063 401da8 NtSetInformationThread 1062->1063 1063->998 1066 401de9 1065->1066 1067 401e12 1066->1067 1068 401df2 NtProtectVirtualMemory 1066->1068 1067->995 1068->1067 1083 402126 1084 402141 1083->1084 1085 4020bc RtlAllocateHeap 1084->1085 1086 402158 1084->1086 1085->1086 1069 4019b7 1070 4019e0 1069->1070 1071 4016b4 9 API calls 1069->1071 1072 4016b4 9 API calls 1070->1072 1071->1070 1073 4019f4 1072->1073 1074 4016b4 9 API calls 1073->1074 1075 401a05 1074->1075 1076 4016b4 9 API calls 1075->1076 1077 401a16 1076->1077 1078 4016b4 9 API calls 1077->1078 1079 401a27 1078->1079 1080 4016b4 9 API calls 1079->1080 1081 401a38 1080->1081 1082 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                                                                                                                                                      Callgraph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      • Opacity -> Relevance
                                                                                                                                                                      • Disassembly available
                                                                                                                                                                      callgraph 0 Function_004026C0 38 Function_004024F8 0->38 1 Function_00401A40 39 Function_00401E78 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00402B44 5 Function_00403144 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 83 Function_004020BC 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 27 Function_004032E8 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->1 33->2 55 Function_00401D94 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 38->22 62 Function_00401E28 39->62 40 Function_00403478 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 49 Function_00402104 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->0 60->18 60->37 60->58 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69 Function_0040362E 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->39 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3548022523-0
                                                                                                                                                                      • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                      • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                                                                                                                                                      • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                      • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 9 402f8e-402f96 7->9 10 402faf-402fb1 7->10 8->7 11 4030bb-4030bd 8->11 12 402f98-402fa6 9->12 13 402faa 9->13 14 402fb4-402fe0 NtAllocateVirtualMemory 10->14 15 4030c0-4030c3 11->15 12->13 27 402fa8 12->27 13->11 16 402fe2-402fed 14->16 17 402fe8 14->17 18 4030c5-4030e4 NtFreeVirtualMemory 15->18 19 4030e7-4030eb 15->19 28 403000-403003 16->28 29 402fef-402ffe 16->29 22 40301b-403020 17->22 18->19 19->15 23 4030ed-4030f1 19->23 26 403023-40302e 22->26 24 4030f3-4030fc NtClose 23->24 25 4030ff-40311d call 402e10 DeleteFileW 23->25 24->25 36 403126-40312a 25->36 37 40311f 25->37 30 403030-40303a 26->30 31 40303c 26->31 27->7 32 403015-403019 28->32 33 403005-403010 28->33 29->32 35 403041-403048 30->35 31->35 32->14 32->22 33->32 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->11 45->26
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                                                                                                                                                      • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                                                                                                                                                      • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                                                                                                                                                      • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 590822095-0
                                                                                                                                                                      • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                      • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                                                                                                                                                      • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                      • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                                                                                                                                                      • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                                                                                                                                                      • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                                                                                                                                                      • FindClose.KERNEL32(000000FF), ref: 00401660
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                      • String ID: C:\Windows\System32\*.dll
                                                                                                                                                                      • API String ID: 1164774033-1305136377
                                                                                                                                                                      • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                      • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                                                                                                                                                      • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                      • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 82 402760-402795 CreateFileW 83 4027f0-4027f4 82->83 84 402797-4027a9 82->84 85 402802-40280b 83->85 86 4027f6-4027ff NtClose 83->86 84->83 88 4027ab-4027be call 4020bc 84->88 86->85 88->83 90 4027c0-4027d8 ReadFile 88->90 91 4027e4-4027ea 90->91 92 4027da-4027e2 90->92 91->83 92->83
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                                                                                                                                                      • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                                                                                                                                                      • NtClose.NTDLL(000000FF), ref: 004027FF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CloseCreateRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1419693385-0
                                                                                                                                                                      • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                      • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                                                                                                                                                      • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                      • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 94 40286c-4028b9 NtSetInformationProcess * 3
                                                                                                                                                                      APIs
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                                                                                                                                                      • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1801817001-0
                                                                                                                                                                      • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                      • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                                                                                                                                                      • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                      • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 95 401dc2-401df0 97 401e21-401e27 95->97 98 401df2-401e10 NtProtectVirtualMemory 95->98 98->97 99 401e12-401e1f 98->99 99->97
                                                                                                                                                                      APIs
                                                                                                                                                                      • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MemoryProtectVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2706961497-3916222277
                                                                                                                                                                      • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                      • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                                                                                                                                                      • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                      • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 180 4016b4-4016c9 181 401859-401862 180->181 182 4016cf-4016d6 180->182 183 4016f5-401729 NtAllocateVirtualMemory 182->183 184 4016d8-4016f0 call 401000 182->184 183->181 186 40172f-40174c NtAllocateVirtualMemory 183->186 184->183 186->181 188 401752-40175a call 40152c 186->188 190 40175f-401761 188->190 190->181 191 401767-40176d 190->191 192 401774-401781 call 401000 191->192 193 40176f 191->193 196 401851-401854 192->196 197 401787-401798 call 401e78 192->197 193->181 196->191 200 4017c9-4017cc 197->200 201 40179a-4017c4 call 401e78 197->201 203 4017fa-4017fd 200->203 204 4017ce-4017f8 call 401e78 200->204 201->196 205 401815-401818 203->205 206 4017ff-401813 203->206 204->196 210 401830-401833 205->210 211 40181a-40182e 205->211 206->196 210->196 212 401835-40184b 210->212 211->196 212->196
                                                                                                                                                                      APIs
                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                                      • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                      • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                      • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 288 40227c-4022ad FindFirstFileExW 289 4022d2-4022d8 288->289 290 4022af-4022cf 288->290 290->289
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                      • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                      • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                                                                                                                                                      • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                      • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InformationThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4046476035-0
                                                                                                                                                                      • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                      • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                      • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 100 401b70-401b9f RtlCreateHeap 101 401ba1 100->101 102 401ba6-401bc4 RtlCreateHeap 100->102 103 401d8a-401d90 101->103 104 401bc6 102->104 105 401bcb-401be7 102->105 104->103 107 401be9 105->107 108 401bee-401c05 call 401a40 105->108 107->103 111 401c07 108->111 112 401c0c-401c3d 108->112 111->103 115 401c44-401c5b call 401a40 112->115 116 401c3f 112->116 119 401c62-401c93 115->119 120 401c5d 115->120 116->103 123 401c95 119->123 124 401c9a-401cb1 call 401a40 119->124 120->103 123->103 127 401cb3 124->127 128 401cb8-401ce9 124->128 127->103 131 401cf0-401d07 call 401a40 128->131 132 401ceb 128->132 135 401d09 131->135 136 401d0b-401d3c 131->136 132->103 135->103 139 401d40-401d57 call 401a40 136->139 140 401d3e 136->140 143 401d59 139->143 144 401d5b-401d80 call 401d94 call 401dc2 139->144 140->103 143->103 147 401d83 144->147 147->103
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                                                                                                                                                      • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                      • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                      • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                                                                                                                                                      • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                      • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 150 4022dc-40232e 154 402330 150->154 155 402335-402347 GetShortPathNameW 150->155 156 402483-402487 154->156 157 402349-402359 155->157 158 40235e-402380 155->158 159 402495-402499 156->159 160 402489-40248f 156->160 157->156 168 402382 158->168 169 402387-402425 158->169 163 4024a7-4024ab 159->163 164 40249b-4024a1 159->164 160->159 165 4024b9-4024bf 163->165 166 4024ad-4024b3 163->166 164->163 166->165 168->156 175 402427 169->175 176 402429-402481 ShellExecuteW 169->176 175->156 176->156
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: NamePathShort
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1295925010-0
                                                                                                                                                                      • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                      • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                                                                                                                                                      • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                      • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 213 4026c0-4026e5 call 4024f8 215 402730-402734 213->215 216 4026e7-402709 CreateFileW 213->216 218 402742-402746 215->218 219 402736-40273c 215->219 216->215 217 40270b-402727 ReadFile 216->217 217->215 220 402729 217->220 221 402754-40275a 218->221 222 402748-40274e 218->222 219->218 220->215 222->221
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                                                                                                                                                      • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$CreateRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3388366904-0
                                                                                                                                                                      • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                      • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                                                                                                                                                      • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                      • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 224 401a40-401a5a 225 401a5d-401a77 RtlAllocateHeap 224->225 226 401a85-401a94 call 401e78 225->226 227 401a79-401a82 225->227 230 401ac5-401ac8 226->230 231 401a96-401ac0 call 401e78 226->231 233 401af6-401af9 230->233 234 401aca-401af4 call 401e78 230->234 239 401b4d-401b55 231->239 237 401b11-401b14 233->237 238 401afb-401b0f 233->238 234->239 241 401b16-401b2a 237->241 242 401b2c-401b2f 237->242 238->239 239->225 243 401b5b-401b6b 239->243 241->239 242->239 244 401b31-401b47 242->244 244->239
                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                      • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                                                                                                                                                      • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                      • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 245 402e10-402e35 247 402e37 245->247 248 402e39-402e4e 245->248 249 402eab-402eb7 247->249 253 402e50 248->253 254 402e52-402e57 248->254 250 402ec5-402eca 249->250 251 402eb9-402ebf 249->251 251->250 253->249 255 402e5c-402e6d 254->255 257 402e70-402e7a 255->257 257->257 258 402e7c-402e8f MoveFileExW 257->258 259 402e91 258->259 260 402e93-402ea9 258->260 259->249 260->249 260->255
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                      • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                      • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 262 402a78-402a9c call 4028ba 264 402aa3-402ac2 262->264 265 402a9e 262->265 270 402ac4-402ad3 264->270 271 402ad5-402ae0 264->271 266 402b28-402b2c 265->266 267 402b3a-402b40 266->267 268 402b2e-402b34 266->268 268->267 270->266 274 402ae2-402ae8 271->274 275 402aea 271->275 276 402af0-402b1f CreateMutexW 274->276 275->276 276->266 277 402b21 276->277 277->266
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                      • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                                                                                                                                                      • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                      • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 279 401474-401488 280 40148a-40148d 279->280 281 4014ac-4014b3 call 4013f8 279->281 282 401493-401498 280->282 285 4014b8-4014d2 LdrLoadDll 281->285 282->282 284 40149a-4014aa call 4013f8 282->284 284->285
                                                                                                                                                                      APIs
                                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Load
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                                      • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                      • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                                                                                                                                                      • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                      • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustPrivilege
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3260937286-0
                                                                                                                                                                      • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                      • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                                                                                                                                                      • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                      • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.1882856585.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.1882837852.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882910769.0000000000404000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882959009.0000000000405000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      • Associated: 00000005.00000002.1882984307.0000000000406000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_5_2_400000_ECC3.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                      • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                                                                                                                                                      • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                      • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%